== Security Team Weekly Summary for 22 September 2017 == ||<>|| The [[SecurityTeam|Security Team]] weekly reports are intended to be very short summaries of the Security Team's weekly activities. If you would like to reach the Security Team, you can find us at the #ubuntu-hardened channel on FreeNode. Alternatively, you can mail the Ubuntu Hardened mailing list at: ubuntu-hardened@lists.ubuntu.com During the last week, the Ubuntu Security team: * Triaged 296 public security vulnerability reports, retaining the 81 that applied to Ubuntu. * Published 16 Ubuntu Security Notices which fixed 37 security issues (CVEs) across 18 supported packages. === Ubuntu Security Notices === * [[https://www.ubuntu.com/usn/usn-3428-1|[USN-3428-1] Emacs vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3427-1|[USN-3427-1] Emacs vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3426-1|[USN-3426-1] Samba vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3414-2|[USN-3414-2] QEMU regression ]] * [[https://www.ubuntu.com/usn/usn-3425-1|[USN-3425-1] Apache HTTP Server vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3424-1|[USN-3424-1] libxml2 vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3423-1|[USN-3423-1] Linux kernel vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3422-2|[USN-3422-2] Linux kernel (Trusty HWE) vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3420-2|[USN-3420-2] Linux kernel (Xenial HWE) vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3419-2|[USN-3419-2] Linux kernel (HWE) vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3419-1|[USN-3419-1] Linux kernel vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3420-1|[USN-3420-1] Linux kernel vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3421-1|[USN-3421-1] Libidn2 vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3422-1|[USN-3422-1] Linux kernel vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3346-2|[USN-3346-2] Bind regression ]] * [[https://www.ubuntu.com/usn/usn-3418-1|[USN-3418-1] GDK-PixBuf vulnerabilities ]] === Bug Triage === * Backlog: https://bugs.launchpad.net/~ubuntu-security/+subscribedbugs === Mainline Inclusion Requests === * python-pyelftools underway (LP: #Bug:1630073) * MIR backlog: https://bugs.launchpad.net/~ubuntu-security/+assignedbugs?field.searchtext=%5BMIR%5D === Updates to Community Supported Packages === * Simon Quigley (tsimonq2) provided debdiffs for trusty-zesty for jython (LP: #Bug:1714728) === Development === * review * udisks2 PR 3931 * snap-confile calls snap-update-ns PR 3621 * bind mount relative to snap-confine PR 3956 * snaps on NFS support * completed: create PR 3937 to use only 'udevadm trigger --action=change' instead of 'udevadm control --reload-rules' * update snap-confine to unconditional add the nvidia devices to the device cgroup and rely only on apparmor for mediation * wrote/tested libseccomp-golang changes to complement the libseccomp changes: https://github.com/seccomp/libseccomp-golang/pull/29 * uploaded libseccomp, with the most minimal change needed to support snapd, to artful after receiving a Feature Freeze exception === What the Security Team is Reading This Week === * [[ https://tyhicks.com/2017/09/22/2017-Linux-Security-Summit-Day-1/|2017 Linux Security Summit (Day 1) ]] * [[ https://blog.acolyer.org/2017/09/21/clkscrew-exposing-the-perils-of-security-oblivious-energy-management/ |CLKSCREW: Exposing the perils of security-oblivious energy management ]] * [[ https://penguindroppings.wordpress.com/2017/09/20/easy-ssh-into-libvirt-vms-and-lxd-containers/ | Easy ssh into libvirt VMs and LXD containers ]] === Weekly Meeting === * Log: https://wiki.ubuntu.com/MeetingLogs/Security/20170918 * Info: https://wiki.ubuntu.com/SecurityTeam/Meeting === More Info === * [[http://people.canonical.com/~ubuntu-security/cve/| Ubuntu CVE Tracker]] * [[https://www.ubuntu.com/usn/| Ubuntu security notices]] * [[https://www.twitter.com/ubuntu_sec| Follow Ubuntu Security on Twitter]] * [[https://wiki.ubuntu.com/SecurityTeam/GettingInvolved| How to help improve Ubuntu security ]]