Ubuntu Wiki

Security Team Weekly Summary for 16 June 2017

The Security Team weekly reports are intended to be very short summaries of the Security Team's weekly activities.

If you would like to reach the Security Team, you can find us at the #ubuntu-hardened channel on FreeNode. Alternatively, you can mail the Ubuntu Hardened mailing list at: ubuntu-hardened@lists.ubuntu.com

During the last week, the Ubuntu Security team:

• Triaged 327 public security vulnerability reports, retaining the 81 that applied to Ubuntu.
• Published 5 Ubuntu Security Notices which fixed 33 security issues (CVEs) across 6 supported packages.

Ubuntu Security Notices

• [USN-3317-1] Irssi vulnerabilities

• [USN-3318-1] GnuTLS vulnerabilities

• [USN-3315-1] Firefox vulnerabilities

• [USN-3319-1] libmwaw vulnerability

• [USN-3320-1] zziplib vulnerabilities

Bug Triage

• Backlog: https://bugs.launchpad.net/~ubuntu-security/+subscribedbugs

Mainline Inclusion Requests

• xdelta3 review complete (LP: #1647222)

• gdm3 underway (LP: #1686393)

• MIR backlog: https://bugs.launchpad.net/~ubuntu-security/+assignedbugs?field.searchtext=%5BMIR%5D

Updates to Community Supported Packages

• Thanks to Chris Dunlap for providing a patch for munge (LP: #1287624)

Fake syncs

"Fake syncs" are security updates for community supported packages which are sync'd across from Debian with no changes, rebuilt in Launchpad and then released.

• libosip2
• tnef

Development

• AppArmor pull request for 4.13 submitted

  • http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1418556.html

Weekly Meeting

• Log: https://wiki.ubuntu.com/MeetingLogs/Security/20170612

• Info: https://wiki.ubuntu.com/SecurityTeam/Meeting

More Info

• Ubuntu CVE Tracker

• Ubuntu security notices

• Follow Ubuntu Security on Twitter

• How to help improve Ubuntu security