== Security Team Weekly Summary for 06 October 2017 == ||<>|| The [[SecurityTeam|Security Team]] weekly reports are intended to be very short summaries of the Security Team's weekly activities. If you would like to reach the Security Team, you can find us at the #ubuntu-hardened channel on FreeNode. Alternatively, you can mail the Ubuntu Hardened mailing list at: ubuntu-hardened@lists.ubuntu.com During the last week, the Ubuntu Security team: * Triaged 238 public security vulnerability reports, retaining the 75 that applied to Ubuntu. * Published 12 Ubuntu Security Notices which fixed 43 security issues (CVEs) across 9 supported packages. === Ubuntu Security Notices === * [[https://www.ubuntu.com/usn/usn-3440-1|[USN-3440-1] poppler vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3439-1|[USN-3439-1] Ruby vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3438-1|[USN-3438-1] Git vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3435-2|[USN-3435-2] Firefox regression ]] * [[https://www.ubuntu.com/usn/usn-3437-1|[USN-3437-1] OCaml vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3430-2|[USN-3430-2] Dnsmasq vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3435-1|[USN-3435-1] Firefox vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3434-1|[USN-3434-1] Libidn vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3433-1|[USN-3433-1] poppler vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3430-1|[USN-3430-1] Dnsmasq vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3432-1|[USN-3432-1] ca-certificates update ]] * [[https://www.ubuntu.com/usn/usn-3431-1|[USN-3431-1] NSS vulnerability ]] === Bug Triage === * Backlog: https://bugs.launchpad.net/~ubuntu-security/+subscribedbugs === Mainline Inclusion Requests === * spice-vdagent underway * MIR backlog: https://bugs.launchpad.net/~ubuntu-security/+assignedbugs?field.searchtext=%5BMIR%5D === Updates to Community Supported Packages === * Simon Quigley (tsimonq2) provided debdiffs for trusty-artful for git (LP: #1719740) === Development === * Reviews: * PR 3973/cgroup freezer in support of layouts * PR 3998/utilize new seccomp logging features * PR 3999/add detection of stale mount namespaces for layouts * PR 3872/preserve TMPDIR and HOSTALIASES across snap-confine invocation * PR 3958/add support for /home on NFS * PR 4008/create missing mountpoints in support of layouts * submitted policy-updates-xxx PR 4002 * submitted small lttng PR 4003 * submitted small lxd PR 4004 * fscrypt 0.2.1 and 0.2.2 packaged * [[ https://github.com/seccomp/libseccomp/commit/355953c00ae34083f8acd89eac3360707e02dfaf#commitcomment-24741964 | libseccomp patches rebased to latest ]] === What the Security Team is Reading This Week === * [[ https://threatpost.com/experts-have-sobering-message-on-human-rights-privacy-for-security-pros/128271/|Experts Have Sobering Message on Human Rights, Privacy for Security Pros]] * [[ https://miyuki.github.io/2017/10/04/gcc-archaeology-1.html |Building and using a 29-year-old compiler on a modern system]] * [[ https://www.softwareheritage.org/2017/09/22/software-heritage-a-white-paper/ | Software Heritage: a white paper ]] === Weekly Meeting === * Log: https://wiki.ubuntu.com/MeetingLogs/Security/20171002 * Info: https://wiki.ubuntu.com/SecurityTeam/Meeting === More Info === * [[http://people.canonical.com/~ubuntu-security/cve/| Ubuntu CVE Tracker]] * [[https://www.ubuntu.com/usn/| Ubuntu security notices]] * [[https://www.twitter.com/ubuntu_sec| Follow Ubuntu Security on Twitter]] * [[https://wiki.ubuntu.com/SecurityTeam/GettingInvolved| How to help improve Ubuntu security ]]