== Security Team Weekly Summary for 08 December 2017 == ||<>|| The [[SecurityTeam|Security Team]] weekly reports are intended to be very short summaries of the Security Team's weekly activities. If you would like to reach the Security Team, you can find us at the #ubuntu-hardened channel on FreeNode. Alternatively, you can mail the Ubuntu Hardened mailing list at: ubuntu-hardened@lists.ubuntu.com During the last week, the Ubuntu Security team: * Triaged 213 public security vulnerability reports, retaining the 65 that applied to Ubuntu. * Published 15 Ubuntu Security Notices which fixed 16 security issues (CVEs) across 15 supported packages. === Ubuntu Security Notices === * [[https://www.ubuntu.com/usn/usn-3507-2|[USN-3507-2] Linux kernel (GCP) vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3511-1|[USN-3511-1] Linux kernel (Azure) vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3510-2|[USN-3510-2] Linux kernel (Trusty HWE) vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3510-1|[USN-3510-1] Linux kernel vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3509-2|[USN-3509-2] Linux kernel (Xenial HWE) vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3509-1|[USN-3509-1] Linux kernel vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3508-2|[USN-3508-2] Linux kernel (HWE) vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3508-1|[USN-3508-1] Linux kernel vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3507-1|[USN-3507-1] Linux kernel vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3506-2|[USN-3506-2] rsync vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3506-1|[USN-3506-1] rsync vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3505-1|[USN-3505-1] Linux firmware vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3504-1|[USN-3504-1] libxml2 vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3498-2|[USN-3498-2] curl vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3503-1|[USN-3503-1] Evince vulnerability ]] === Bug Triage === * Backlog: https://bugs.launchpad.net/~ubuntu-security/+subscribedbugs === Mainline Inclusion Requests === * libteam underway (LP: #Bug:1392012) * MIR backlog: https://bugs.launchpad.net/~ubuntu-security/+assignedbugs?field.searchtext=%5BMIR%5D === Development === * review tools testsuite updates for resquashfs * write-up processes for reviewing base snaps * send up PR 4375 and PR 4375 (2.30) to add an app/hook-specific udev rule for hotplugging (fixes mir hotplug issue) * debug chromium mknod issue with nvidia GPUs * send up PR 4359 and PR 4360 (2.30) policy updates PRs * add missing rule to upstream !AppArmor fonts abstraction * pickup PR 4100 and send up PR 4383 (2.30) for new ssh/gpg keys interfaces * send up PR 4366 and PR 4367 (2.30) for small removable-media fix * update review-tools for 2.30 interfaces * discuss options for possible biometrics interface * snapd reviews * PR 4365 - allow wayland socket and non-root sockets/wayland slot policy * PR 4140 - add an interface for gnome-online-accounts D-Bus service * PR 4369 - add write permission to optical-drive interface * https://forum.snapcraft.io/t/proposal-to-disable-squashfs-fragments-in-snaps/3103 === What the Security Team is Reading This Week === * [[ https://www.twosixlabs.com/bluesteal-popping-gatt-safes/|BlueSteal: Popping GATT Safes ]] * [[ https://marcan.st/2017/12/debugging-an-evil-go-runtime-bug/ | Debugging an evil Go runtime bug ]] === Weekly Meeting === * Log: https://wiki.ubuntu.com/MeetingLogs/Security/20171204 * Info: https://wiki.ubuntu.com/SecurityTeam/Meeting === More Info === * [[http://people.canonical.com/~ubuntu-security/cve/| Ubuntu CVE Tracker]] * [[https://www.ubuntu.com/usn/| Ubuntu security notices]] * [[https://www.twitter.com/ubuntu_sec| Follow Ubuntu Security on Twitter]] * [[https://wiki.ubuntu.com/SecurityTeam/GettingInvolved| How to help improve Ubuntu security ]]