## page was renamed from SecurityTeam/WeeklyReports/20170209 ## page was renamed from SecurityTeam/WeeklyReports/20170208 == Security Team Weekly Summary for 09 February 2018 == ||<>|| After an extended absence the Security Team Weekly Report returns this week. You can read about what we (and many other people in and around Canonical) were up to during its absence at the [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown | Spectre and Meltdown KnowledgeBase]] page. The [[SecurityTeam|Security Team]] weekly reports are intended to be very short summaries of the Security Team's weekly activities. If you would like to reach the Security Team, you can find us at the #ubuntu-hardened channel on FreeNode. Alternatively, you can mail the Ubuntu Hardened mailing list at: ubuntu-hardened@lists.ubuntu.com During the last week, the Ubuntu Security team: * Triaged 239 public security vulnerability reports, retaining the 56 that applied to Ubuntu. * Published 9 Ubuntu Security Notices which fixed 21 security issues (CVEs) across 11 supported packages. === Ubuntu Security Notices === * [[https://www.ubuntu.com/usn/usn-3564-1|[USN-3564-1] PostgreSQL vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3563-1|[USN-3563-1] Mailman vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3562-1|[USN-3562-1] MiniUPnP vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3561-1|[USN-3561-1] libvirt update ]] * [[https://www.ubuntu.com/usn/usn-3560-1|[USN-3560-1] QEMU update ]] * [[https://www.ubuntu.com/usn/usn-3559-1|[USN-3559-1] Django vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3558-1|[USN-3558-1] systemd vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3557-1|[USN-3557-1] Squid vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3550-2|[USN-3550-2] ClamAV vulnerabilities ]] === Bug Triage === * Backlog: https://bugs.launchpad.net/~ubuntu-security/+subscribedbugs === Mainline Inclusion Requests === * Completed MIRs: * libteam (LP: #Bug:1392012) * rdma-core (LP: #Bug:1732892) * chrony (LP: #Bug:1744072) * argon2 (LP: #Bug:1746047) * papi (LP: #Bug:1704130) * underway openjpeg2 (LP: #Bug:711061) * MIR backlog: https://bugs.launchpad.net/~ubuntu-security/+assignedbugs?field.searchtext=%5BMIR%5D === Updates to Community Supported Packages === * Jeremy Bicha provided a debdiff for xenial for brotli (LP: #Bug:1737364) * Many thanks to the many people who provided community support during the past month and to those who tested beta kernels and other updates for Meltdown and Spectre. === Development === * [[https://lkml.org/lkml/2018/2/9/688|4.16 AppArmor pull request]] * ubuntu-security-status fix in bionic, and sru uploads * Reviews * PR 3963 - add support for per-user mounts * PR 4572 - mir: software clients need access to shared memory * PR 4590 - allow constructing layouts (phase 1) * PR 4608 - allow snap-update-ns to chown things * PR 4610 - interfaces/apparmor: early support for snap-update-ns snippets * PR 4632 - fixing denial for when using avahi-observe slot * PR 4545 - allow X11 slot implementations * PR 4640 - allow using bind-file layouts * PR 4643 - disallow layouts in various special directories * PR 4644 - add spread test for layouts * submit PR 4591 and 4592 to update desktop-legacy and unity7 for gtk_show_uri() * prepare review-tools 0.47 for release === What the Security Team is Reading This Week === * [[ http://www.brendangregg.com/blog/2018-02-09/kpti-kaiser-meltdown-performance.html|KPTI/KAISER Meltdown Initial Performance Regressions]] * [[ https://newsroom.intel.com/wp-content/uploads/sites/11/2018/02/microcode-update-guidance.pdf |Microcode Revision Guidance]] === Weekly Meeting === * Log: https://wiki.ubuntu.com/MeetingLogs/Security/20180205 * Info: https://wiki.ubuntu.com/SecurityTeam/Meeting === More Info === * [[http://people.canonical.com/~ubuntu-security/cve/| Ubuntu CVE Tracker]] * [[https://www.ubuntu.com/usn/| Ubuntu security notices]] * [[https://www.twitter.com/ubuntu_sec| Follow Ubuntu Security on Twitter]] * [[https://wiki.ubuntu.com/SecurityTeam/GettingInvolved| How to help improve Ubuntu security ]]