== Security Team Weekly Summary for 15 September 2017 == ||<>|| The [[SecurityTeam|Security Team]] weekly reports are intended to be very short summaries of the Security Team's weekly activities. If you would like to reach the Security Team, you can find us at the #ubuntu-hardened channel on FreeNode. Alternatively, you can mail the Ubuntu Hardened mailing list at: ubuntu-hardened@lists.ubuntu.com During the last week, the Ubuntu Security team: * Triaged 489 public security vulnerability reports, retaining the 152 that applied to Ubuntu. * Published 6 Ubuntu Security Notices which fixed 122 security issues (CVEs) across 5 supported packages. === Ubuntu Security Notices === * [[https://www.ubuntu.com/usn/usn-3416-1|[USN-3416-1] Thunderbird vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3417-1|[USN-3417-1] Libgcrypt vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3415-2|[USN-3415-2] tcpdump vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3415-1|[USN-3415-1] tcpdump vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3414-1|[USN-3414-1] QEMU vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3413-1|[USN-3413-1] BlueZ vulnerability ]] === Bug Triage === * Backlog: https://bugs.launchpad.net/~ubuntu-security/+subscribedbugs === Mainline Inclusion Requests === * completed nghttp2 (LP: #Bug:1687454) * MIR backlog: https://bugs.launchpad.net/~ubuntu-security/+assignedbugs?field.searchtext=%5BMIR%5D === Development === * validate license and deprecate aliases in the review tools * reviews * broadcom-asic-control updates PR 3898 * bootstrap.c of snap-confine calling snap-update-ns PR 3621 * s390x and i386 socket snap-seccomp test failures fix (PR 3900) * network interface update PR 3898 * 'mount host system fonts in desktop interface' PR 3889 * 'enable partial apparmor support' PR 3814 * 'run secondary-arch tests via gcc-multilib' PR 3901 * apparmor profile changes for snap-confine calling snap-update-ns PR 3621 * implement/submit PR 3919 for miscellaneous policy updates xxix * implement/submit PR 3921 for miscellaneous policy updates xxix for 2.28 * policy update for org.freedesktop.DBus ListNames() PR 3928 * regression and manual testing of LSM stacking with AppArmor and SELinux * fscrypt 0.2.1 packaged * upload apparmor 2.11.0-2ubuntu17 for systemd stub resolver * send up patch to upstream apparmor to drop /var/run alternation in favor of /run === What the Security Team is Reading This Week === * [[ https://cs.brown.edu/~vpk/papers/ret2dir.sec14.pdf|Rethinking Kernel Isolation]] * [[ http://www.anandtech.com/show/11750/hot-chips-ibms-next-generation-z14-cpu-mainframe-live-blog-5pm-pt-12am-utc |New Hardware Announcement]] * [[ https://twitter.com/xjamesmorris/status/908362909117440000|Linux Security Summit]] === Weekly Meeting === * Log: https://wiki.ubuntu.com/MeetingLogs/Security/20170911 * Info: https://wiki.ubuntu.com/SecurityTeam/Meeting === More Info === * [[http://people.canonical.com/~ubuntu-security/cve/| Ubuntu CVE Tracker]] * [[https://www.ubuntu.com/usn/| Ubuntu security notices]] * [[https://www.twitter.com/ubuntu_sec| Follow Ubuntu Security on Twitter]] * [[https://wiki.ubuntu.com/SecurityTeam/GettingInvolved| How to help improve Ubuntu security ]]