Diff for "SecurityTeam/KnowledgeBase"

KnowledgeBase

Differences between revisions 54 and 67 (spanning 13 versions)

Ubuntu Security Team • Roadmap • Getting Involved • Knowledge Base • FAQ • Contacts

Contents

Security updates
Policies
Features
Process
Problems

Security updates

Announcements

Official Ubuntu Security Notices (USNs)
Ubuntu security update notifications additional information

Media coverage

In order to stay secure, Ubuntu users should simply apply all Ubuntu security updates to their systems when they become available.

For some vulnerabilities that are highlighted by the media, we've provided additional information as part of our KnowledgeBase:

2022

2021

2020

2019

2018

2017

2016

2015

Vulnerability Resources

Update processes

Update techniques

How to prepare an updated package
How to handle backporting security updates
- schroot/sbuild setup
- virtual machine setup
How to test the update
- QA Regression Testing
- Proof of Concept (PoC)
- Build test suites (eg, 'make check')
ABI compatibility (eg, check-symbols, nm)
Checklists
Media coverage

Policies

Features

Feature Matrix (for all releases since Dapper, see the Historical Feature Matrix.)
Security Hardening Compiler Flags
AppArmor Profiles
Applications Built with PIE
AppArmor docs
SELinux docs

Process

Problems

DebuggingSecurity for bug reports
DebuggingApparmor for bug reports dealing with AppArmor profiles

CategorySecurityTeam

SecurityTeam/KnowledgeBase (last edited 2024-04-24 13:30:26 by rodrigo-zaiden)

-  ⇤ ← Revision 54 as of 2019-11-12 18:14:17 → 
  Size: 5707
  Editor: tyhicks
  Comment: Add link to TAA_MCEPSC_i915 KB article
+   ← Revision 67 as of 2022-07-12 17:23:41 → ⇥
  Size: 7283
  Editor: sbeattie
  Comment: lol can't even fix tyop corrtcly
-Deletions are marked like this.
+Additions are marked like this.
 Line 8:
- * Official [[http://www.ubuntu.com/usn/|Ubuntu Security Notices]] (USNs)
+ * Official [[https://ubuntu.com/security/notices|Ubuntu Security Notices]] (USNs)
 Line 15:
- * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GHOST|GHOST (CVE-2015-0235)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/VENOM|VENOM (CVE-2015-3456)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/LogJam|LogJam (CVE-2015-4000)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Stagefright|Stagefright (CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828, CVE-2015-3829)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/OpenSSHClientRoaming|OpenSSH Client Roaming (CVE-2016-0777, CVE-2016-0778)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/httpoxy|httpoxy CGI application vulnerability]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BlueBorne | BlueBorne bluetooth vulnerabilities (CVE-2017-1000250, CVE-2017-1000251)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown | Spectre and Meltdown vulnerabilities (CVE-2017-5753, CVE-2017-5754, and CVE-2017-5715) ]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Pop_SS | Mov/Pop SS vulnerabilities (CVE-2018-8897 and CVE-2018-1087) ]] 
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4 | Variant 4 of Side Channel issues (CVE-2018-3639)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/LazyFP | Lazy FP Save/Restore (CVE-2018-3665)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BCBS | Bounds Check Bypass Store (BCBS) (CVE-2018-3693) ]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/NetSpectre | NetSpectre ]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF | L1 Terminal Fault (L1TF) (CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646)]]
+==== 2022 ====
 * [[ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Retbleed | Retbleed and related return predictor microarchitectural flaws (CVE-2022-29901, CVE-2022-28693, CVE-2022-23816, CVE-2022-23825) ]]
 * [[ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/DirtyPipe | Page cache overwrite with pipes flaw in the Linux Kernel (CVE-2022-0847 aka Dirty Pipe) ]]
 * [[ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BHI | Branch History Injection Microarchitectural flaws (CVE-2022-0001, CVE-2022-0002, CVE-2022-23960) ]]

==== 2021 ====
 * [[ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Log4Shell | Apache Log4j 2 remote code execution (CVE-2021-44228 [aka Log4Shell])]]
 * [[ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass2021 | GRUB2 Secure Boot Bypass (CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233, CVE-2021-3418)]]

==== 2020 ====
 * [[ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Platypus | Intel power side-channels (CVE-2020-8694 and CVE-2020-8695, aka Platypus)]]
 * [[ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass | GRUB2 Secure Boot Bypass (CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707, aka BootHole)]]
 * [[ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS | Special Register Buffer Data Sampling (SRBDS) Hardware Vulnerability in Intel CPUs (CVE-2020-0543, aka Crosstalk)]]

==== 2019 ====
-Line 37:
+Line 39:
+==== 2018 ====
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Pop_SS | Mov/Pop SS vulnerabilities (CVE-2018-8897 and CVE-2018-1087) ]] 
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4 | Variant 4 of Side Channel issues (CVE-2018-3639)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/LazyFP | Lazy FP Save/Restore (CVE-2018-3665)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BCBS | Bounds Check Bypass Store (BCBS) (CVE-2018-3693) ]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/NetSpectre | NetSpectre ]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF | L1 Terminal Fault (L1TF) (CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646)]]

==== 2017 ====
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BlueBorne | BlueBorne bluetooth vulnerabilities (CVE-2017-1000250, CVE-2017-1000251)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown | Spectre and Meltdown vulnerabilities (CVE-2017-5753, CVE-2017-5754, and CVE-2017-5715) ]]

==== 2016 ====
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/OpenSSHClientRoaming|OpenSSH Client Roaming (CVE-2016-0777, CVE-2016-0778)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/httpoxy|httpoxy CGI application vulnerability]]

==== 2015 ====
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GHOST|GHOST (CVE-2015-0235)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/VENOM|VENOM (CVE-2015-3456)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/LogJam|LogJam (CVE-2015-4000)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Stagefright|Stagefright (CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828, CVE-2015-3829)]]
-Line 39:
+Line 64:
- * [[http://people.canonical.com/~ubuntu-security/cve/|Ubuntu CVE Tracker]] (web view)
+ * [[https://ubuntu.com/security/cve|Ubuntu CVE Tracker]] (web view)
-Line 51:
+Line 76:
- * [[https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures#Preparing%20an%20update|How to prepare an updated package]]
+ * [[SecurityTeam/UpdateProcedures#Preparing%20an%20update|How to prepare an updated package]]
-Line 61:
+Line 86:
- * [[https://wiki.ubuntu.com/SecurityTeam/UpdatePublication#Media_coverage|Media coverage]]
+ * [[SecurityTeam/UpdatePublication#Media_coverage|Media coverage]]

Ubuntu Wiki