KnowledgeBase

Differences between revisions 7 and 61 (spanning 54 versions)
Revision 7 as of 2008-08-06 16:20:52
Size: 1749
Editor: localhost
Comment: converted to 1.6 markup
Revision 61 as of 2021-12-14 11:24:17
Size: 6740
Editor: alexmurray
Comment:
Deletions are marked like this. Additions are marked like this.
Line 3: Line 3:
||<tablestyle="float:right; font-size: 0.9em; width:30%; background:#F1F1ED; background-repeat: no-repeat; background-position: 98% 0.5ex; margin: 0 0 1em 1em; padding: 0.5em;">'''Contents'''<<BR>><<TableOfContents>>||



{{{
This page is still very much place-holder. If you have time, please update it with more information.
}}}
||<tablestyle="float:right; font-size: 0.9em; width:30%; background:#F1F1ED; background-repeat: no-repeat; background-position: 98% 0.5ex; margin: 0 0 1em 1em; padding: 0.5em;"><<TableOfContents>>||
Line 13: Line 7:
=== Announcements ===
 * Official [[https://ubuntu.com/security/notices|Ubuntu Security Notices]] (USNs)
 * Ubuntu security update notifications [[SecurityTeam/UpdateNotifications|additional information]]

=== Media coverage ===
In order to stay secure, Ubuntu users should simply apply all Ubuntu security updates to their systems when they become available.

For some vulnerabilities that are highlighted by the media, we've provided additional information as part of our !KnowledgeBase:

==== 2021 ====
 * [[ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Log4Shell | Apache Log4j 2 remote code execution (CVE-2021-44228 [aka Log4Shell])]]
 * [[ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass2021 | GRUB2 Secure Boot Bypass (CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233, CVE-2021-3418)]]

==== 2020 ====
 * [[ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Platypus | Intel power side-channels (CVE-2020-8694 and CVE-2020-8695, aka Platypus)]]
 * [[ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass | GRUB2 Secure Boot Bypass (CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707, aka BootHole)]]
 * [[ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS | Special Register Buffer Data Sampling (SRBDS) Hardware Vulnerability in Intel CPUs (CVE-2020-0543, aka Crosstalk)]]

==== 2019 ====
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/runC | runC / docker.io Privileged Container Escape (CVE-2019-5736)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SnapSocketParsing | Snap Socket Parsing (CVE-2019-7304)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS | Microarchitectural Data Sampling (MDS) (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic | SACK Panic and Other TCP Denial of Service Issues (CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/k8s-CVE-2019-11247 | Kubernetes API Server Vulnerability (CVE-2019-11247) ]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/http2 | HTTP/2 Denial of Service Vulnerabilities ]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915 | TSX Asynchronous Abort (TAA, CVE-2019-11135), Intel® Processor Machine Check Error (MCEPSC, CVE-2018-12207), and i915 graphics (CVE-2019-0155, CVE-2019-0154) vulnerabilities]]

==== 2018 ====
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Pop_SS | Mov/Pop SS vulnerabilities (CVE-2018-8897 and CVE-2018-1087) ]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4 | Variant 4 of Side Channel issues (CVE-2018-3639)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/LazyFP | Lazy FP Save/Restore (CVE-2018-3665)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BCBS | Bounds Check Bypass Store (BCBS) (CVE-2018-3693) ]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/NetSpectre | NetSpectre ]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF | L1 Terminal Fault (L1TF) (CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646)]]

==== 2017 ====
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BlueBorne | BlueBorne bluetooth vulnerabilities (CVE-2017-1000250, CVE-2017-1000251)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown | Spectre and Meltdown vulnerabilities (CVE-2017-5753, CVE-2017-5754, and CVE-2017-5715) ]]

==== 2016 ====
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/OpenSSHClientRoaming|OpenSSH Client Roaming (CVE-2016-0777, CVE-2016-0778)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/httpoxy|httpoxy CGI application vulnerability]]

==== 2015 ====
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GHOST|GHOST (CVE-2015-0235)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/VENOM|VENOM (CVE-2015-3456)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/LogJam|LogJam (CVE-2015-4000)]]
 * [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Stagefright|Stagefright (CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828, CVE-2015-3829)]]

Line 15: Line 59:
 * [[https://ubuntu.com/security/cve|Ubuntu CVE Tracker]] (web view)
Line 20: Line 65:
 * [[SecurityUpdateProcedures| Security Update Procedures]]  * [[SecurityTeam/UpdateProcedures|Security update procedures]]
Line 26: Line 71:
 * [[SecurityTeam/UpdateProcedures#Preparing%20an%20update|How to prepare an updated package]]
Line 27: Line 73:
  * [[SecurityTeam/BuildEnvironment|schroot/sbuild setup]]
  * [[SecurityTeam/TestingEnvironment|virtual machine setup]]
Line 33: Line 81:
 * [[SecurityTeam/UpdatePublication#Media_coverage|Media coverage]]
Line 35: Line 84:
(FAQ could link to Knowledge{{{}}}Base)
 * policy on local DoS
 * policy on root passwords/sudo
 * policy on open network ports
 * policy on sudo
 * policy on home directory permissions
 * [[SecurityTeam/Policies|Ubuntu Security Policies]]
 * [[ApparmorProfileMigration|Creating enforcing AppArmor profiles policy]]
Line 43: Line 88:
 * [[Security/Features|Feature Matrix]] (for all releases since Dapper, see the [[Security/Features/Historical|Historical Feature Matrix]].)
 * [[CompilerFlags|Security Hardening Compiler Flags]]
 * [[SecurityTeam/KnowledgeBase/AppArmorProfiles|AppArmor Profiles]]
 * [[SecurityTeam/KnowledgeBase/BuiltPIE|Applications Built with PIE]]
Line 45: Line 94:

== Process ==
 * [[SecurityTeam/BugTriage|Bug Triage]]
 * [[SecurityTeam/ReleaseCycle|Release Cycle Actions]]

Security updates

Announcements

Media coverage

In order to stay secure, Ubuntu users should simply apply all Ubuntu security updates to their systems when they become available.

For some vulnerabilities that are highlighted by the media, we've provided additional information as part of our KnowledgeBase:

2021

2020

2019

2018

2017

2016

2015

Vulnerability Resources

Update processes

Update techniques

Policies

Features

Process

Problems


CategorySecurityTeam

SecurityTeam/KnowledgeBase (last edited 2023-08-25 14:36:54 by rodrigo-zaiden)