== Security Team Weekly Summary for 18 August 2017 == ||<>|| The [[SecurityTeam|Security Team]] weekly reports are intended to be very short summaries of the Security Team's weekly activities. If you would like to reach the Security Team, you can find us at the #ubuntu-hardened channel on FreeNode. Alternatively, you can mail the Ubuntu Hardened mailing list at: ubuntu-hardened@lists.ubuntu.com During the last week, the Ubuntu Security team: * Triaged 195 public security vulnerability reports, retaining the 42 that applied to Ubuntu. * Published 13 Ubuntu Security Notices which fixed 54 security issues (CVEs) across 16 supported packages. === Ubuntu Security Notices === * [[https://www.ubuntu.com/usn/usn-3389-1|[USN-3389-1] LibGD vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3389-2|[USN-3389-2] GD vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3390-1|[USN-3390-1] PostgreSQL vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3391-1|[USN-3391-1] Firefox vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3392-1|[USN-3392-1] Linux kernel regression ]] * [[https://www.ubuntu.com/usn/usn-3392-2|[USN-3392-2] Linux kernel (Xenial HWE) regression ]] * [[https://www.ubuntu.com/usn/usn-3391-2|[USN-3391-2] Ubufox update ]] * [[https://www.ubuntu.com/usn/usn-3393-1|[USN-3393-1] ClamAV vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3394-1|[USN-3394-1] libmspack vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3395-1|[USN-3395-1] c-ares vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3393-2|[USN-3393-2] ClamAV vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3391-3|[USN-3391-3] Firefox regression ]] * [[https://www.ubuntu.com/usn/usn-3396-1|[USN-3396-1] OpenJDK 7 vulnerabilities ]] === Bug Triage === * Backlog: https://bugs.launchpad.net/~ubuntu-security/+subscribedbugs === Mainline Inclusion Requests === * pcp (LP: #Bug:1700827) completed * websockify (LP: #Bug:1108935) underway * MIR backlog: https://bugs.launchpad.net/~ubuntu-security/+assignedbugs?field.searchtext=%5BMIR%5D === Development === * [[ https://forum.snapcraft.io/t/snapd-vs-upstream-kernel-vs-apparmor/1704/2 | snapd on Debian discussion ]] * add wayland interface spread test * verify wayland interface with sway and weston * reviews for snapd: solus, broadcom-asic-control interface, udev tagging, bluez implicit classic) * continue/propose desktop, accessibility and desktop-input interfaces * lots of discussion with snappy team regarding auto-connectable content snaps * fix apparmor 'ux' warning with lxd snap * miscellaneous policy updates (some in response to chromium snap call for testing) * review tools updates for new interfaces * [[ https://lkml.org/lkml/2017/8/18/525 | AppArmor pull request for next (4.14) ]] === What the Security Team is Reading This Week === * [[ https://askubuntu.com/questions/938606/dwarf-fortress-starting-during-apt-get-upgrade| Dwarf Fortress Starting During Upgrade]] * [[ https://www.openssl.org/blog/blog/2017/08/12/random/ | Random Thoughts ]] by Rich Salz === Weekly Meeting === * Log: https://wiki.ubuntu.com/MeetingLogs/Security/20170814 * Info: https://wiki.ubuntu.com/SecurityTeam/Meeting === More Info === * [[http://people.canonical.com/~ubuntu-security/cve/| Ubuntu CVE Tracker]] * [[https://www.ubuntu.com/usn/| Ubuntu security notices]] * [[https://www.twitter.com/ubuntu_sec| Follow Ubuntu Security on Twitter]] * [[https://wiki.ubuntu.com/SecurityTeam/GettingInvolved| How to help improve Ubuntu security ]]