== Security Team Weekly Summary for 11 August 2017 == ||<>|| The [[SecurityTeam|Security Team]] weekly reports are intended to be very short summaries of the Security Team's weekly activities. If you would like to reach the Security Team, you can find us at the #ubuntu-hardened channel on FreeNode. Alternatively, you can mail the Ubuntu Hardened mailing list at: ubuntu-hardened@lists.ubuntu.com During the last week, the Ubuntu Security team: * Triaged 537 public security vulnerability reports, retaining the 134 that applied to Ubuntu. * Published 16 Ubuntu Security Notices which fixed 36 security issues (CVEs) across 17 supported packages. === Ubuntu Security Notices === * [[https://www.ubuntu.com/usn/usn-3388-1|[USN-3388-1] Subversion vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3387-1|[USN-3387-1] Git vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3385-2|[USN-3385-2] Linux kernel (Xenial HWE) vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3386-2|[USN-3386-2] Linux kernel (Trusty HWE) vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3384-2|[USN-3384-2] Linux kernel (HWE) vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3386-1|[USN-3386-1] Linux kernel vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3385-1|[USN-3385-1] Linux kernel vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3384-1|[USN-3384-1] Linux kernel vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3383-1|[USN-3383-1] libsoup vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3382-1|[USN-3382-1] PHP vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3381-2|[USN-3381-2] Linux kernel (Trusty HWE) vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3381-1|[USN-3381-1] Linux kernel vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3380-1|[USN-3380-1] FreeRDP vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3379-1|[USN-3379-1] Shotwell vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3339-2|[USN-3339-2] OpenVPN vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3212-4|[USN-3212-4] LibTIFF vulnerabilities ]] === Bug Triage === * Backlog: https://bugs.launchpad.net/~ubuntu-security/+subscribedbugs === Mainline Inclusion Requests === * http-parser completed (LP: #Bug:1638957) * python-certifi completed (LP: #Bug:1708496) * MIR backlog: https://bugs.launchpad.net/~ubuntu-security/+assignedbugs?field.searchtext=%5BMIR%5D === Updates to Community Supported Packages === * Simon Quigley (tsimonq2) provided debdiffs for trusty-zesty for vlc (LP: #Bug:1709420) === Development === * [[https://lkml.org/lkml/2017/8/11/14|Improved seccomp logging patches submitted to -next]] * review tools updated for 2.27 * [[https://github.com/snapcore/snapd/wiki/Interfaces|snapd interfaces documentation]] updated to include all interfaces * [[https://forum.snapcraft.io/t/security-policy-and-sandboxing/554|Security policy and sandboxing]] updated * [[https://github.com/snapcore/snapd/pull/3715|miscellaneous snapd policy updates]] for master and 2.27.1 * finish [[https://forum.snapcraft.io/t/wayland-dconf-and-xdg-runtime-dir/186/10|wayland/XDG_RUNTIME_DIR investigation]], submit [[https://github.com/snapcore/snapd/pull/3690|wayland PR]], submit/discuss [[https://github.com/ubuntu/snapcraft-desktop-helpers/pull/68|snap-desktop-helpers PR]], sync with desktop team for their next steps * [[https://forum.snapcraft.io/t/desktop-interfaces-moving-forward/1652|proposal for desktop interfaces going forward]] * [[https://github.com/snapcore/snapd/pull/3719|'desktop' and 'desktop-accessibility' interfaces]] * snapd PR interface reviews for avahi, opengl, optical-drive, physical-memory-observe, spi === What the Security Team is Reading This Week === * [[ http://hackingdistributed.com/2017/07/20/parity-wallet-not-alone/ |Parity's Wallet Bug is not Alone]] by Emin Gün Sirer * [[ https://media.ccc.de/v/SHA2017-199-because_use_urandom_isn_t_everything_a_deep_dive_into_csprngs_in_operating_systems_programming_languages#video&t=1623 | Because urandom isn't everything ]] === Weekly Meeting === * Log: https://wiki.ubuntu.com/MeetingLogs/Security/20170807 * Info: https://wiki.ubuntu.com/SecurityTeam/Meeting === More Info === * [[http://people.canonical.com/~ubuntu-security/cve/| Ubuntu CVE Tracker]] * [[https://www.ubuntu.com/usn/| Ubuntu security notices]] * [[https://www.twitter.com/ubuntu_sec| Follow Ubuntu Security on Twitter]] * [[https://wiki.ubuntu.com/SecurityTeam/GettingInvolved| How to help improve Ubuntu security ]]