KnowledgeBase

Differences between revisions 1 and 54 (spanning 53 versions)
Revision 1 as of 2008-03-27 19:16:28
Size: 963
Editor: c-76-105-157-155
Comment:
Revision 54 as of 2019-11-12 18:14:17
Size: 5707
Editor: tyhicks
Comment: Add link to TAA_MCEPSC_i915 KB article
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
[[Include(SecurityTeam/Header)]] <<Include(SecurityTeam/Header)>>
Line 3: Line 3:
||<tablestyle="float:right; font-size: 0.9em; width:30%; background:#F1F1ED; background-repeat: no-repeat; background-position: 98% 0.5ex; margin: 0 0 1em 1em; padding: 0.5em;">'''Contents'''[[BR]][[TableOfContents]]|| ||<tablestyle="float:right; font-size: 0.9em; width:30%; background:#F1F1ED; background-repeat: no-repeat; background-position: 98% 0.5ex; margin: 0 0 1em 1em; padding: 0.5em;"><<TableOfContents>>||
Line 5: Line 5:
== Security updates ==
Line 6: Line 7:
=== Announcements ===
 * Official [[http://www.ubuntu.com/usn/|Ubuntu Security Notices]] (USNs)
 * Ubuntu security update notifications [[SecurityTeam/UpdateNotifications|additional information]]
Line 7: Line 11:
{{{This page is still very much place-holder. If you have time, please update it with more information.}}} === Media coverage ===
In order to stay secure, Ubuntu users should simply apply all Ubuntu security updates to their systems when they become available.
Line 9: Line 14:
For some vulnerabilities that are highlighted by the media, we've provided additional information as part of our !KnowledgeBase:
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GHOST|GHOST (CVE-2015-0235)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/VENOM|VENOM (CVE-2015-3456)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/LogJam|LogJam (CVE-2015-4000)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Stagefright|Stagefright (CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828, CVE-2015-3829)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/OpenSSHClientRoaming|OpenSSH Client Roaming (CVE-2016-0777, CVE-2016-0778)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/httpoxy|httpoxy CGI application vulnerability]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BlueBorne | BlueBorne bluetooth vulnerabilities (CVE-2017-1000250, CVE-2017-1000251)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown | Spectre and Meltdown vulnerabilities (CVE-2017-5753, CVE-2017-5754, and CVE-2017-5715) ]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Pop_SS | Mov/Pop SS vulnerabilities (CVE-2018-8897 and CVE-2018-1087) ]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4 | Variant 4 of Side Channel issues (CVE-2018-3639)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/LazyFP | Lazy FP Save/Restore (CVE-2018-3665)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BCBS | Bounds Check Bypass Store (BCBS) (CVE-2018-3693) ]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/NetSpectre | NetSpectre ]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF | L1 Terminal Fault (L1TF) (CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/runC | runC / docker.io Privileged Container Escape (CVE-2019-5736)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SnapSocketParsing | Snap Socket Parsing (CVE-2019-7304)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS | Microarchitectural Data Sampling (MDS) (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic | SACK Panic and Other TCP Denial of Service Issues (CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/k8s-CVE-2019-11247 | Kubernetes API Server Vulnerability (CVE-2019-11247) ]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/http2 | HTTP/2 Denial of Service Vulnerabilities ]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915 | TSX Asynchronous Abort (TAA, CVE-2019-11135), Intel® Processor Machine Check Error (MCEPSC, CVE-2018-12207), and i915 graphics (CVE-2019-0155, CVE-2019-0154) vulnerabilities]]
Line 10: Line 37:
 * security updates
  * [:SecurityUpdateProcedures: Security Update Procedures]
  * Ubuntu CVE tracker link
  * mitre
  * NVD
  * oss-security link
 * Policies (FAQ could link to Knowledge{{{}}}Base)
  * policy on local DoS
  * policy on root passwords/sudo
  * policy on open network ports
  * policy on sudo
  * policy on home directory permissions
 * AppArmor docs
 * SELinux docs
=== Vulnerability Resources ===
 * [[https://launchpad.net/ubuntu-cve-tracker|Ubuntu CVE tracker]]
 * [[http://people.canonical.com/~ubuntu-security/cve/|Ubuntu CVE Tracker]] (web view)
 * [[http://cve.mitre.org|Common Vulnerabilities and Exposures]] (CVEs)
 * [[http://nvd.nist.gov/nvd.cfm|National Vulnerabilities Database]]
 * [[http://oss-security.openwall.org|Open Source Software Security]]

=== Update processes ===
 * [[SecurityTeam/UpdateProcedures|Security update procedures]]
 * [[StableReleaseUpdates/MicroReleaseExceptions]]
 * [[StableReleaseUpdates]] (SRU)
 * [[https://help.ubuntu.com/community/UbuntuBackports|Backport Requests]]

=== Update techniques ===
 * [[https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures#Preparing%20an%20update|How to prepare an updated package]]
Line 25: Line 53:
  * good upstream patches
  * micro release
  * SRU
  * -backports
 * [:DebuggingSecurity] for bug reports
  * [[SecurityTeam/BuildEnvironment|schroot/sbuild setup]]
  * [[SecurityTeam/TestingEnvironment|virtual machine setup]]
 * How to test the update
  * [[https://code.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master|QA Regression Testing]]
  * Proof of Concept (PoC)
  * Build test suites (eg, 'make check')
 * ABI compatibility (eg, check-symbols, nm)
 * Checklists
 * [[https://wiki.ubuntu.com/SecurityTeam/UpdatePublication#Media_coverage|Media coverage]]

== Policies ==
 * [[SecurityTeam/Policies|Ubuntu Security Policies]]
 * [[ApparmorProfileMigration|Creating enforcing AppArmor profiles policy]]

== Features ==
 * [[Security/Features|Feature Matrix]] (for all releases since Dapper, see the [[Security/Features/Historical|Historical Feature Matrix]].)
 * [[CompilerFlags|Security Hardening Compiler Flags]]
 * [[SecurityTeam/KnowledgeBase/AppArmorProfiles|AppArmor Profiles]]
 * [[SecurityTeam/KnowledgeBase/BuiltPIE|Applications Built with PIE]]
 * [[AppArmor]] docs
 * [[SELinux]] docs

== Process ==
 * [[SecurityTeam/BugTriage|Bug Triage]]
 * [[SecurityTeam/ReleaseCycle|Release Cycle Actions]]

== Problems ==
 * [[DebuggingSecurity]] for bug reports
 * [[DebuggingApparmor]] for bug reports dealing with [[AppArmor]] profiles

Security updates

Announcements

Media coverage

In order to stay secure, Ubuntu users should simply apply all Ubuntu security updates to their systems when they become available.

For some vulnerabilities that are highlighted by the media, we've provided additional information as part of our KnowledgeBase:

Vulnerability Resources

Update processes

Update techniques

Policies

Features

Process

Problems


CategorySecurityTeam

SecurityTeam/KnowledgeBase (last edited 2023-08-25 14:36:54 by rodrigo-zaiden)