== Security Team Weekly Summary for 08 September 2017 == ||<>|| The [[SecurityTeam|Security Team]] weekly reports are intended to be very short summaries of the Security Team's weekly activities. If you would like to reach the Security Team, you can find us at the #ubuntu-hardened channel on FreeNode. Alternatively, you can mail the Ubuntu Hardened mailing list at: ubuntu-hardened@lists.ubuntu.com During the last week, the Ubuntu Security team: * Triaged 234 public security vulnerability reports, retaining the 109 that applied to Ubuntu. * Published 6 Ubuntu Security Notices which fixed 15 security issues (CVEs) across 5 supported packages. === Ubuntu Security Notices === * [[https://www.ubuntu.com/usn/usn-3412-1|[USN-3412-1] file vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3411-1|[USN-3411-1] Bazaar vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3410-2|[USN-3410-2] GD library vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3410-1|[USN-3410-1] GD library vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3409-1|[USN-3409-1] FontForge vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3408-1|[USN-3408-1] Liblouis vulnerabilities ]] === Bug Triage === * Backlog: https://bugs.launchpad.net/~ubuntu-security/+subscribedbugs === Mainline Inclusion Requests === * completed websockify, spice-html5 underway (LP: #Bug:1108935) * nghttp2 underway (LP: #Bug:1687454) * MIR backlog: https://bugs.launchpad.net/~ubuntu-security/+assignedbugs?field.searchtext=%5BMIR%5D === Updates to Community Supported Packages === * Gianfranco Costamagna provided a debdiff for xenial for check-all-the-things (LP: #Bug:1597245) * Simon Quigley (tsimonq2) provided a debdiff for xenial for karchive (LP: #Bug:1712948) * James Cowgill (jcowgill) provided debdiffs for xenial and zesty for mbedtls (LP: #Bug:1714640) === Call for Testing === * Updates for Wordpress are available in the security-proposed PPA and are just waiting for some testing before being published. Jump into #ubuntu-hardened on Freenode and ping the security team member on community duty if you are interested in helping test this community supported package. === Development === * Submitted PR for snapcraft-desktop-helpers for new desktop interfaces * [[https://forum.snapcraft.io/t/the-dbus-interface/2038|dbus interface documentation]] * [[https://forum.snapcraft.io/t/network-management-status-and-connectivity-interfaces/2040|Network management status and connectivity interfaces]] * [[https://forum.snapcraft.io/t/the-desktop-interfaces/2042|desktop interfaces documentation]] * Assist snapd team with socketcall testsuite regression triage * Investigate and fix NETLINK_KOBJECT_UEVENT regression in 2.27.5 (fixed in 2.27.6 === What the Security Team is Reading This Week === * [[ https://krebsonsecurity.com/2017/09/equifax-breach-response-turns-dumpster-fire/|Equifax Breach Response Turns Dumpster Fire]] * [[ https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-redini.pdf |BootStomp]] === Weekly Meeting === * Log: https://wiki.ubuntu.com/MeetingLogs/Security/20170904 * Info: https://wiki.ubuntu.com/SecurityTeam/Meeting === More Info === * [[http://people.canonical.com/~ubuntu-security/cve/| Ubuntu CVE Tracker]] * [[https://www.ubuntu.com/usn/| Ubuntu security notices]] * [[https://www.twitter.com/ubuntu_sec| Follow Ubuntu Security on Twitter]] * [[https://wiki.ubuntu.com/SecurityTeam/GettingInvolved| How to help improve Ubuntu security ]]