KnowledgeBase
5346
Comment:
|
← Revision 69 as of 2024-04-24 13:30:26 ⇥
7580
|
Deletions are marked like this. | Additions are marked like this. |
Line 8: | Line 8: |
* Official [[http://www.ubuntu.com/usn/|Ubuntu Security Notices]] (USNs) | * Official [[https://ubuntu.com/security/notices|Ubuntu Security Notices]] (USNs) |
Line 15: | Line 15: |
* [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GHOST|GHOST (CVE-2015-0235)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/VENOM|VENOM (CVE-2015-3456)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/LogJam|LogJam (CVE-2015-4000)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Stagefright|Stagefright (CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828, CVE-2015-3829)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/OpenSSHClientRoaming|OpenSSH Client Roaming (CVE-2016-0777, CVE-2016-0778)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/httpoxy|httpoxy CGI application vulnerability]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BlueBorne | BlueBorne bluetooth vulnerabilities (CVE-2017-1000250, CVE-2017-1000251)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown | Spectre and Meltdown vulnerabilities (CVE-2017-5753, CVE-2017-5754, and CVE-2017-5715) ]] |
==== 2024 ==== * [[ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Native-BHI | Native BHI (Branch History Injection) (CVE-2024-2201) ]] ==== 2023 ==== * [[ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GDS_Downfall | Gather Data Sampling (GDS) Downfall (CVE-2022-40982) ]] ==== 2022 ==== * [[ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Retbleed | Retbleed and related return predictor microarchitectural flaws (CVE-2022-29901, CVE-2022-28693, CVE-2022-23816, CVE-2022-23825) ]] * [[ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/DirtyPipe | Page cache overwrite with pipes flaw in the Linux Kernel (CVE-2022-0847 aka Dirty Pipe) ]] * [[ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BHI | Branch History Injection Microarchitectural flaws (CVE-2022-0001, CVE-2022-0002, CVE-2022-23960) ]] ==== 2021 ==== * [[ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Log4Shell | Apache Log4j 2 remote code execution (CVE-2021-44228 [aka Log4Shell])]] * [[ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass2021 | GRUB2 Secure Boot Bypass (CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233, CVE-2021-3418)]] ==== 2020 ==== * [[ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Platypus | Intel power side-channels (CVE-2020-8694 and CVE-2020-8695, aka Platypus)]] * [[ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass | GRUB2 Secure Boot Bypass (CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707, aka BootHole)]] * [[ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS | Special Register Buffer Data Sampling (SRBDS) Hardware Vulnerability in Intel CPUs (CVE-2020-0543, aka Crosstalk)]] ==== 2019 ==== * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/runC | runC / docker.io Privileged Container Escape (CVE-2019-5736)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SnapSocketParsing | Snap Socket Parsing (CVE-2019-7304)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS | Microarchitectural Data Sampling (MDS) (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic | SACK Panic and Other TCP Denial of Service Issues (CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/k8s-CVE-2019-11247 | Kubernetes API Server Vulnerability (CVE-2019-11247) ]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/http2 | HTTP/2 Denial of Service Vulnerabilities ]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915 | TSX Asynchronous Abort (TAA, CVE-2019-11135), Intel® Processor Machine Check Error (MCEPSC, CVE-2018-12207), and i915 graphics (CVE-2019-0155, CVE-2019-0154) vulnerabilities]] ==== 2018 ==== |
Line 29: | Line 54: |
* [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/runC | runC / docker.io Privileged Container Escape (CVE-2019-5736)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SnapSocketParsing | Snap Socket Parsing (CVE-2019-7304)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS | Microarchitectural Data Sampling (MDS) (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic | SACK Panic and Other TCP Denial of Service Issues (CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/k8s-CVE-2019-11247 | Kubernetes API Server Vulnerability (CVE-2019-11247) ]] |
==== 2017 ==== * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BlueBorne | BlueBorne bluetooth vulnerabilities (CVE-2017-1000250, CVE-2017-1000251)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown | Spectre and Meltdown vulnerabilities (CVE-2017-5753, CVE-2017-5754, and CVE-2017-5715) ]] ==== 2016 ==== * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/OpenSSHClientRoaming|OpenSSH Client Roaming (CVE-2016-0777, CVE-2016-0778)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/httpoxy|httpoxy CGI application vulnerability]] ==== 2015 ==== * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GHOST|GHOST (CVE-2015-0235)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/VENOM|VENOM (CVE-2015-3456)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/LogJam|LogJam (CVE-2015-4000)]] * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Stagefright|Stagefright (CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828, CVE-2015-3829)]] |
Line 37: | Line 72: |
* [[http://people.canonical.com/~ubuntu-security/cve/|Ubuntu CVE Tracker]] (web view) | * [[https://ubuntu.com/security/cve|Ubuntu CVE Tracker]] (web view) |
Line 49: | Line 84: |
* [[https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures#Preparing%20an%20update|How to prepare an updated package]] | * [[SecurityTeam/UpdateProcedures#Preparing%20an%20update|How to prepare an updated package]] |
Line 59: | Line 94: |
* [[https://wiki.ubuntu.com/SecurityTeam/UpdatePublication#Media_coverage|Media coverage]] | * [[SecurityTeam/UpdatePublication#Media_coverage|Media coverage]] |
Security updates
Announcements
Official Ubuntu Security Notices (USNs)
Ubuntu security update notifications additional information
Media coverage
In order to stay secure, Ubuntu users should simply apply all Ubuntu security updates to their systems when they become available.
For some vulnerabilities that are highlighted by the media, we've provided additional information as part of our KnowledgeBase:
2024
2023
2022
Page cache overwrite with pipes flaw in the Linux Kernel (CVE-2022-0847 aka Dirty Pipe)
Branch History Injection Microarchitectural flaws (CVE-2022-0001, CVE-2022-0002, CVE-2022-23960)
2021
2020
2019
2018
Mov/Pop SS vulnerabilities (CVE-2018-8897 and CVE-2018-1087)
L1 Terminal Fault (L1TF) (CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646)
2017
BlueBorne bluetooth vulnerabilities (CVE-2017-1000250, CVE-2017-1000251)
Spectre and Meltdown vulnerabilities (CVE-2017-5753, CVE-2017-5754, and CVE-2017-5715)
2016
2015
Vulnerability Resources
Ubuntu CVE Tracker (web view)
Update processes
StableReleaseUpdates (SRU)
Update techniques
- How to handle backporting security updates
- How to test the update
- Proof of Concept (PoC)
- Build test suites (eg, 'make check')
- ABI compatibility (eg, check-symbols, nm)
- Checklists
Policies
Features
Feature Matrix (for all releases since Dapper, see the Historical Feature Matrix.)
AppArmor docs
SELinux docs
Process
Problems
DebuggingSecurity for bug reports
DebuggingApparmor for bug reports dealing with AppArmor profiles
SecurityTeam/KnowledgeBase (last edited 2024-04-24 13:30:26 by rodrigo-zaiden)