Security Team Weekly Summary: August 10, 2017
Canonical
on 10 August 2017
The Security Team weekly reports are intended to be very short summaries of the Security Team’s weekly activities.
If you would like to reach the Security Team, you can find us at the #ubuntu-hardened channel on FreeNode. Alternatively, you can mail the Ubuntu Hardened mailing list at: ubuntu-hardened@lists.ubuntu.com
During the last week, the Ubuntu Security team:
- Triaged 242 public security vulnerability reports, retaining the 57 that applied to Ubuntu.
- Published 13 Ubuntu Security Notices which fixed 29 security issues (CVEs) across 15 supported packages.
Ubuntu Security Notices
Bug Triage
Mainline Inclusion Requests
-
http-parser underway (LP: #1638957)
-
MIR backlog: https://bugs.launchpad.net/~ubuntu-security/+assignedbugs?field.searchtext=%5BMIR%5D
Updates to Community Supported Packages
-
James Lu (tacocat) provided debdiffs for xenial-zesty for gnome-exe-thumbnailer (LP: #651610)
-
Simon Quigley (tsimonq2) provided debdiffs for trusty-xenial for lxterminal (LP: #1690416)
-
Simon Quigley (tsimonq2) provided debdiffs for trusty-zesty for pcmanfm (LP: #1708542)
-
Otto Kekäläinen (otto) provided debdiffs for trusty for mariadb-5.5 (LP: #1705944)
-
Otto Kekäläinen (otto) provided debdiffs for xenial for mariadb-10.0 (LP: #1698689)
-
Otto Kekäläinen (otto) provided debdiffs for zesty for mariadb-10.1 (LP: #1698689)
-
Roger Light (ral) provided debdiffs for trusty-zesty for mosquitto (LP: #1700490)
Development
-
Updated seccomp patches submitted to LKML [PATCH v5 1/6] seccomp: Sysctl to display available actions
-
snapd policy updates interfaces/many, cmd/snap-confine: miscellaneous policy updates (#3634)
-
AppArmor updates for perl 5.26 transition in 17.10 (2.11.0-2ubuntu11, 2.11.0-2ubuntu12)
- review broadcom-asic-control interface for snapd PR
-
find reproducer for AppArmor capability logging issues and file LP: #1707743
- coordinate with Desktop team wrt snaps on 17.10 desktop
- continue wayland interface investigation, coordinate with Desktop team
- several reviews of ‘Using udev tagging for snap interfaces’ PR
- review kvm interface for snapd PR
- triage snapd-interface bugs
- several reviews of spi interface for snapd PR
-
be responsive to Debian AppArmor team with their request to make AppArmor on by default in Debian Buster
- review of avahi interface for snap reimplementation PR
What the Security Team is Reading This Week
-
Abusing Certificate Transparency Logs by Hanno Boeck
Weekly Meeting
More Info
Ubuntu cloud
Ubuntu offers all the training, software infrastructure, tools, services and support you need for your public and private clouds.
Newsletter signup
Related posts
MongoDB® use cases for the telecommunications industry
MongoDB® is one of the most widely used databases (DB Engines, 2024) for enterprises, including those in the telecommunications industry. It provides a...
Canonical to present keynote session at Kubecon China 2024
We are excited to announce that, on the 21st of August 2024, product managers Andreea Munteanu (AI) and Adrian Matei (Managed Services) will represent...
Meet us in Sydney and let’s talk about how you can navigate your AI journey
Date: August 27, 2024 Venue: The Fullerton Hotel Sydney Time: 13:00 PM – 18:00 PM AI has officially taken off. Today, thousands of exciting projects are being...