KnowledgeBase
1688
Comment:
|
6655
reorg KB article listings....
|
Deletions are marked like this. | Additions are marked like this. |
Line 1: | Line 1: |
[[Include(SecurityTeam/Header)]] | <<Include(SecurityTeam/Header)>> |
Line 3: | Line 3: |
||<tablestyle="float:right; font-size: 0.9em; width:30%; background:#F1F1ED; background-repeat: no-repeat; background-position: 98% 0.5ex; margin: 0 0 1em 1em; padding: 0.5em;">'''Contents'''[[BR]][[TableOfContents]]|| {{{ This page is still very much place-holder. If you have time, please update it with more information. }}} |
||<tablestyle="float:right; font-size: 0.9em; width:30%; background:#F1F1ED; background-repeat: no-repeat; background-position: 98% 0.5ex; margin: 0 0 1em 1em; padding: 0.5em;"><<TableOfContents>>|| |
Line 13: | Line 7: |
=== Announcements === * Official [[http://www.ubuntu.com/usn/|Ubuntu Security Notices]] (USNs) * Ubuntu security update notifications [[SecurityTeam/UpdateNotifications|additional information]] === Media coverage === In order to stay secure, Ubuntu users should simply apply all Ubuntu security updates to their systems when they become available. For some vulnerabilities that are highlighted by the media, we've provided additional information as part of our !KnowledgeBase: ==== 2021 ==== * [[ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass2021 | GRUB2 Secure Boot Bypass (CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233, CVE-2021-3418)]] ==== 2020 ==== * [[ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Platypus | Intel power side-channels (CVE-2020-8694 and CVE-2020-8695, aka Platypus)]] * [[ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass | GRUB2 Secure Boot Bypass (CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707, aka BootHole)]] * [[ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS | Special Register Buffer Data Sampling (SRBDS) Hardware Vulnerability in Intel CPUs (CVE-2020-0543, aka Crosstalk)]] ==== 2019 ==== * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/runC | runC / docker.io Privileged Container Escape (CVE-2019-5736)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SnapSocketParsing | Snap Socket Parsing (CVE-2019-7304)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS | Microarchitectural Data Sampling (MDS) (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic | SACK Panic and Other TCP Denial of Service Issues (CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/k8s-CVE-2019-11247 | Kubernetes API Server Vulnerability (CVE-2019-11247) ]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/http2 | HTTP/2 Denial of Service Vulnerabilities ]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915 | TSX Asynchronous Abort (TAA, CVE-2019-11135), Intel® Processor Machine Check Error (MCEPSC, CVE-2018-12207), and i915 graphics (CVE-2019-0155, CVE-2019-0154) vulnerabilities]] ==== 2018 ==== * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Pop_SS | Mov/Pop SS vulnerabilities (CVE-2018-8897 and CVE-2018-1087) ]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4 | Variant 4 of Side Channel issues (CVE-2018-3639)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/LazyFP | Lazy FP Save/Restore (CVE-2018-3665)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BCBS | Bounds Check Bypass Store (BCBS) (CVE-2018-3693) ]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/NetSpectre | NetSpectre ]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF | L1 Terminal Fault (L1TF) (CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646)]] ==== 2017 ==== * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BlueBorne | BlueBorne bluetooth vulnerabilities (CVE-2017-1000250, CVE-2017-1000251)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown | Spectre and Meltdown vulnerabilities (CVE-2017-5753, CVE-2017-5754, and CVE-2017-5715) ]] ==== 2016 ==== * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/OpenSSHClientRoaming|OpenSSH Client Roaming (CVE-2016-0777, CVE-2016-0778)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/httpoxy|httpoxy CGI application vulnerability]] ==== 2015 ==== * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GHOST|GHOST (CVE-2015-0235)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/VENOM|VENOM (CVE-2015-3456)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/LogJam|LogJam (CVE-2015-4000)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Stagefright|Stagefright (CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828, CVE-2015-3829)]] |
|
Line 14: | Line 57: |
* [https://launchpad.net/ubuntu-cve-tracker Ubuntu CVE tracker] * [http://cve.mitre.org Common Vulnerabilities and Exposures] (CVEs) * [http://nvd.nist.gov/nvd.cfm National Vulnerabilities Database] * [http://oss-security.openwall.org Open Source Software Security] |
* [[https://launchpad.net/ubuntu-cve-tracker|Ubuntu CVE tracker]] * [[http://people.canonical.com/~ubuntu-security/cve/|Ubuntu CVE Tracker]] (web view) * [[http://cve.mitre.org|Common Vulnerabilities and Exposures]] (CVEs) * [[http://nvd.nist.gov/nvd.cfm|National Vulnerabilities Database]] * [[http://oss-security.openwall.org|Open Source Software Security]] |
Line 20: | Line 64: |
* [:SecurityUpdateProcedures: Security Update Procedures] * [:StableReleaseUpdates/MicroReleaseExceptions] * [:StableReleaseUpdates] (SRU) * [:BackportRequestProcess] |
* [[SecurityTeam/UpdateProcedures|Security update procedures]] * [[StableReleaseUpdates/MicroReleaseExceptions]] * [[StableReleaseUpdates]] (SRU) * [[https://help.ubuntu.com/community/UbuntuBackports|Backport Requests]] |
Line 26: | Line 70: |
* [[https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures#Preparing%20an%20update|How to prepare an updated package]] | |
Line 27: | Line 72: |
* [[SecurityTeam/BuildEnvironment|schroot/sbuild setup]] * [[SecurityTeam/TestingEnvironment|virtual machine setup]] |
|
Line 28: | Line 75: |
* [https://code.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master QA Regression Testing] | * [[https://code.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master|QA Regression Testing]] |
Line 33: | Line 80: |
* [[https://wiki.ubuntu.com/SecurityTeam/UpdatePublication#Media_coverage|Media coverage]] | |
Line 35: | Line 83: |
(FAQ could link to Knowledge{{{}}}Base) * policy on local DoS * policy on root passwords/sudo * policy on open network ports * policy on sudo * policy on home directory permissions |
* [[SecurityTeam/Policies|Ubuntu Security Policies]] * [[ApparmorProfileMigration|Creating enforcing AppArmor profiles policy]] |
Line 43: | Line 87: |
* ["AppArmor"] docs * ["SELinux"] docs |
* [[Security/Features|Feature Matrix]] (for all releases since Dapper, see the [[Security/Features/Historical|Historical Feature Matrix]].) * [[CompilerFlags|Security Hardening Compiler Flags]] * [[SecurityTeam/KnowledgeBase/AppArmorProfiles|AppArmor Profiles]] * [[SecurityTeam/KnowledgeBase/BuiltPIE|Applications Built with PIE]] * [[AppArmor]] docs * [[SELinux]] docs == Process == * [[SecurityTeam/BugTriage|Bug Triage]] * [[SecurityTeam/ReleaseCycle|Release Cycle Actions]] |
Line 47: | Line 99: |
* [:DebuggingSecurity] for bug reports * [:DebuggingApparmor] for bug reports dealing with ["AppArmor"] profiles |
* [[DebuggingSecurity]] for bug reports * [[DebuggingApparmor]] for bug reports dealing with [[AppArmor]] profiles |
Security updates
Announcements
Official Ubuntu Security Notices (USNs)
Ubuntu security update notifications additional information
Media coverage
In order to stay secure, Ubuntu users should simply apply all Ubuntu security updates to their systems when they become available.
For some vulnerabilities that are highlighted by the media, we've provided additional information as part of our KnowledgeBase:
2021
2020
2019
2018
Mov/Pop SS vulnerabilities (CVE-2018-8897 and CVE-2018-1087)
L1 Terminal Fault (L1TF) (CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646)
2017
BlueBorne bluetooth vulnerabilities (CVE-2017-1000250, CVE-2017-1000251)
Spectre and Meltdown vulnerabilities (CVE-2017-5753, CVE-2017-5754, and CVE-2017-5715)
2016
2015
Vulnerability Resources
Ubuntu CVE Tracker (web view)
Update processes
StableReleaseUpdates (SRU)
Update techniques
- How to handle backporting security updates
- How to test the update
- Proof of Concept (PoC)
- Build test suites (eg, 'make check')
- ABI compatibility (eg, check-symbols, nm)
- Checklists
Policies
Features
Feature Matrix (for all releases since Dapper, see the Historical Feature Matrix.)
AppArmor docs
SELinux docs
Process
Problems
DebuggingSecurity for bug reports
DebuggingApparmor for bug reports dealing with AppArmor profiles
SecurityTeam/KnowledgeBase (last edited 2023-08-25 14:36:54 by rodrigo-zaiden)