== Security Team Weekly Summary for 06 November 2017 == ||<>|| The [[SecurityTeam|Security Team]] weekly reports are intended to be very short summaries of the Security Team's weekly activities. If you would like to reach the Security Team, you can find us at the #ubuntu-hardened channel on FreeNode. Alternatively, you can mail the Ubuntu Hardened mailing list at: ubuntu-hardened@lists.ubuntu.com During the last week, the Ubuntu Security team: * Triaged 201 public security vulnerability reports, retaining the 45 that applied to Ubuntu. * Published 13 Ubuntu Security Notices which fixed 33 security issues (CVEs) across 16 supported packages. === Ubuntu Security Notices === * [[https://www.ubuntu.com/usn/usn-3426-2|[USN-3426-2] Samba vulnerabilities]] * [[https://www.ubuntu.com/usn/usn-3472-1|[USN-3472-1] LibreOffice vulnerabilities]] * [[https://www.ubuntu.com/usn/usn-3470-2|[USN-3470-2] Linux kernel (Trusty HWE) vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3471-1|[USN-3471-1] Quagga vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3469-2|[USN-3469-2] Linux kernel (Xenial HWE) vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3469-1|[USN-3469-1] Linux kernel vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3470-1|[USN-3470-1] Linux kernel vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3468-3|[USN-3468-3] Linux kernel (GCP) vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3468-2|[USN-3468-2] Linux kernel (HWE) vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3468-1|[USN-3468-1] Linux kernel vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3459-2|[USN-3459-2] MySQL vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3464-2|[USN-3464-2] Wget vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3467-1|[USN-3467-1] poppler vulnerability ]] === Bug Triage === * Backlog: https://bugs.launchpad.net/~ubuntu-security/+subscribedbugs === Mainline Inclusion Requests === * spice-vdagent underway (LP: #Bug:1200296) * pcp (pcp-3.12.2) completed (LP: #Bug:1700827) * MIR backlog: https://bugs.launchpad.net/~ubuntu-security/+assignedbugs?field.searchtext=%5BMIR%5D === Updates to Community Supported Packages === * Lucas Kocia (lkocia) provided a debdiff for xenial for firewalld (LP: #Bug:1617617) * Jeremy Bicha (jbicha) provided a debdiff for zesty for gdm3 (LP: #Bug:1729354) === Development === * fixed last of snappy-debug updates (handle core vs classic policy), test, push to stable * reviews * PR 4105 - i386/socket/trusty testsuite fix * review apparmor.d man page patch from jj * PR 4109 - fix parsing of mountinfo fields * PRs 4123 and 4124 - fix bug in ofono interface * PR 4136 - snap-confine apparmor policy bug * https://forum.snapcraft.io/t/device-cgroup-is-applied-to-devmode-snap/2663 * documented the content interface wrt shared libraries to follow store guidelines for cross-publisher sharing. * documented auto-connection for a specific plugging snap to a specific slotting snap * documented errno for different security backends * 1724785 * PR 4114 don't udev tag with devmode/classic snaps * PR 4115 udev tag serial-port interface with only path attribute * PR 4116 udev tag hidraw interface with only path attribute * PR 4127 don't udev tag but add /dev/uhid to device cgroup * PRs 4131-4134 for 2.29 * Migrated !AppArmor to !GitLab: https://gitlab.com/apparmor * [Work-in-progress] !AppArmor support for multiple policy cache directories: [[https://gitlab.com/apparmor/apparmor/merge_requests/4|apparmor/apparmor!4]] * Simplified usage of libapparmor cleanup functions by preserving errno: [[https://gitlab.com/apparmor/apparmor/merge_requests/6|apparmor/apparmor!6]] * Landed upstream libseccomp changes to support new dynamic seccomp logging: [[https://github.com/seccomp/libseccomp/pull/92|seccomp/libseccomp#92]] === What the Security Team is Reading This Week === * [[ https://arstechnica.com/information-technology/2017/11/critical-tor-flaw-leaks-users-real-ip-address-update-now/|TorMoil]] * [[ https://blog.acolyer.org/2017/11/02/my-vm-is-lighter-and-safer-than-your-container/l |My VM is Lighter and Safer Than Your Container]] === Weekly Meeting === * Log: https://wiki.ubuntu.com/MeetingLogs/Security/20171030 * Info: https://wiki.ubuntu.com/SecurityTeam/Meeting === More Info === * [[http://people.canonical.com/~ubuntu-security/cve/| Ubuntu CVE Tracker]] * [[https://www.ubuntu.com/usn/| Ubuntu security notices]] * [[https://www.twitter.com/ubuntu_sec| Follow Ubuntu Security on Twitter]] * [[https://wiki.ubuntu.com/SecurityTeam/GettingInvolved| How to help improve Ubuntu security ]]