[ubuntu/noble-security] systemd 255.4-1ubuntu8.14 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Mon Mar 23 20:02:48 UTC 2026 

systemd (255.4-1ubuntu8.14) noble-security; urgency=medium

  * SECURITY UPDATE: Local unprivileged user can trigger an assert in systemd
    - d/p/CVE-2026-29111-1.patch: path-util: add flavour of path_startswith() that leaves
      a leading slash in place
    - d/p/CVE-2026-29111-2.patch: path-util: invert PATH_STARTSWITH_ACCEPT_DOT_DOT flag
    - d/p/CVE-2026-29111-3.patch: core/cgroup: avoid one unnecessary strjoina()
    - d/p/CVE-2026-29111-4.patch: core: validate input cgroup path more prudently
  * SECURITY UPDATE: Local root execution via malicious hardware devices
    - d/p/udev-check-for-invalid-chars-in-various-fields-received-f.patch
    - d/p/udev-fix-review-mixup.patch
    - No CVE number

systemd (255.4-1ubuntu8.12) noble; urgency=medium

  * basic: validate timezones in get_timezones() (LP: #2125405)
  * ukify: fix insertion of padding in merged sections (LP: #2132666)
  * core: downgrade a log message from warning to debug (LP: #2130554)
  * test: skip testcase_multipath_basic_failover.
    This test has been failing on Ubuntu infrastructure for a long time.
    Leaving this alone at the moment allows other failures to potentially go
    unnoticed, because the migration reference baseline has been reset to
    fail. Skip the test to try and reset the baseline to pass.
  * d/gbp.conf: stop using wrap_cl.py

systemd (255.4-1ubuntu8.11) noble; urgency=medium

  [ Nick Rosbrook ]
  * initramfs-tools: copy hwdb.bin to initramfs (LP: #2112237)
  * d/t/tests-in-lxd: drop patching workaround (LP: #2115263)
    - d/t/control: add Depends: dnsmasq-base
      (Revealed by test progressing past previous failure)
  * initramfs-tools: filter out zdev rules in the initramfs hook (LP: #2044104)
    Backport the logic from plucky onward, but adjust the version string for
    noble.
  * test: fall back to SYSLOG_IDENTIFIER= matching in TEST-75-RESOLVED
    Partially backport the test fix from 49a954b08654dd06bab71224a2398a65c2555549,
    only targeting TEST-75-RESOLVED.

  [ Matthew Ruffell ]
  * pcrlock: handle measurement logs where hash algs in header.
    Fix pcrlock log to function correctly reading the TPM eventlog on hyper-v VMs
    (LP: #2115391)

  [ Chengen Du ]
  * network/dhcp6: consider the DHCPv6 protocol as finished when conflict addresses exist
    (LP: #2115418)

  [ Mario Limonciello ]
  * Drop support for using actual brightness (LP: #2110585)

systemd (255.4-1ubuntu8.10) noble; urgency=medium

  * Fix regression in networkctl caused by previous upload:
    A regression was introduced due to an incorrect manager reference being passed to
    manager_get_route_table_to_string() within route_append_json(), resulting in an
    error when executing the `networkctl --json=pretty` command.
    > networkctl --json=pretty
    Failed to get description: Message recipient disconnected from message bus without replying

systemd (255.4-1ubuntu8.9) noble; urgency=medium

  * Preserve IPv6 configurations when `KeepConfiguration=dhcp-on-stop` is set
    (LP: #2098183)
    - d/p/lp2098183/0001-network-use-json_variant_append_arrayb.patch
    - d/p/lp2098183/0002-json-add-new-dispatch-flag-JSON_ALLOW_EXTENSIONS.patch
    - d/p/lp2098183/0003-json-add-macro-for-automatically-defining-a-dispatch.patch
    - d/p/lp2098183/0004-json-introduce-json_dispatch_byte_array_iovec-and-js.patch
    - d/p/lp2098183/0005-json-introduce-json_dispatch_int8-and-json_dispatch_.patch
    - d/p/lp2098183/0006-json-extend-JsonDispatch-flags-with-nullable-and-ref.patch
    - d/p/lp2098183/0007-json-util-generalize-json_dispatch_ifindex.patch
    - d/p/lp2098183/0008-daemon-util-expose-notify_push_fd.patch
    - d/p/lp2098183/0009-network-json-add-missing-entries-for-route-propertie.patch
    - d/p/lp2098183/0010-network-introduce-network_config_source_from_string.patch
    - d/p/lp2098183/0011-network-expose-log_route_debug-and-log_address_debug.patch
    - d/p/lp2098183/0012-network-introduce-manager_serialize-deserialize.patch
    - d/p/lp2098183/0013-network-keep-all-dynamically-acquired-configurations.patch

Date: 2026-03-16 13:43:17.110223+00:00
Changed-By: Nick Rosbrook <nick.rosbrook at canonical.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/systemd/255.4-1ubuntu8.14
-------------- next part --------------
Sorry, changesfile not available.

More information about the noble-changes mailing list