== Security Team Weekly Summary for 21 July 2017 == The [[SecurityTeam|Security Team]] weekly reports are intended to be very short summaries of the Security Team's weekly activities. If you would like to reach the Security Team, you can find us at the #ubuntu-hardened channel on FreeNode. Alternatively, you can mail the Ubuntu Hardened mailing list at: ubuntu-hardened@lists.ubuntu.com During the last week, the Ubuntu Security team: * Triaged 418 public security vulnerability reports, retaining the 160 that applied to Ubuntu. * Published 15 Ubuntu Security Notices which fixed 98 security issues (CVEs) across 14 supported packages. === Ubuntu Security Notices === * [[https://www.ubuntu.com/usn/usn-3347-2|[USN-3347-2] Libgcrypt vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3274-2|[USN-3274-2] ICU vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3354-1|[USN-3354-1] Apport vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3309-2|[USN-3309-2] Libtasn1 vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3307-2|[USN-3307-2] OpenLDAP vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3212-3|[USN-3212-3] LibTIFF vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3355-1|[USN-3355-1] Spice vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3356-1|[USN-3356-1] Expat vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3356-2|[USN-3356-2] Expat vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3357-1|[USN-3357-1] MySQL vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3358-1|[USN-3358-1] Linux kernel vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3359-1|[USN-3359-1] Linux kernel vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3360-1|[USN-3360-1] Linux kernel vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3361-1|[USN-3361-1] Linux kernel (HWE) vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3360-2|[USN-3360-2] Linux kernel (Trusty HWE) vulnerabilities ]] === Bug Triage === * Backlog: https://bugs.launchpad.net/~ubuntu-security/+subscribedbugs === Mainline Inclusion Requests === * htop completed (LP: #Bug:1644364) * parallax completed (LP: #Bug:1653959) * MIR backlog: https://bugs.launchpad.net/~ubuntu-security/+assignedbugs?field.searchtext=%5BMIR%5D === Development === * TO BE FILLED IN === What the Security Team is Reading This Week === * [[https://c3.nasa.gov/dashlink/static/media/other/ObservedFailures42.html| "...no IC greater than 16 pins...has worked according to its documentation..."] * [[https://www.iacr.org/archive/crypto2004/31520306/multicollisions.pdf|Multicollisions in iterated hash Functions] === Weekly Meeting === * The weekly meeting was canceled this week due to multiple members of the team being away at a sprint. * Info: https://wiki.ubuntu.com/SecurityTeam/Meeting === More Info === * [[http://people.canonical.com/~ubuntu-security/cve/| Ubuntu CVE Tracker]] * [[https://www.ubuntu.com/usn/| Ubuntu security notices]] * [[https://www.twitter.com/ubuntu_sec| Follow Ubuntu Security on Twitter]] * [[https://wiki.ubuntu.com/SecurityTeam/GettingInvolved| How to help improve Ubuntu security ]]