== Security Team Weekly Summary for 10 November 2017 == ||<>|| The [[SecurityTeam|Security Team]] weekly reports are intended to be very short summaries of the Security Team's weekly activities. If you would like to reach the Security Team, you can find us at the #ubuntu-hardened channel on FreeNode. Alternatively, you can mail the Ubuntu Hardened mailing list at: ubuntu-hardened@lists.ubuntu.com During the last week, the Ubuntu Security team: * Triaged 149 public security vulnerability reports, retaining the 50 that applied to Ubuntu. * Published 5 Ubuntu Security Notices which fixed 21 security issues (CVEs) across 5 supported packages. === Ubuntu Security Notices === * [[https://www.ubuntu.com/usn/usn-3476-1|[USN-3476-1] postgresql-common vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3346-3|[USN-3346-3] Bind vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3473-1|[USN-3473-1] OpenJDK 8 vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3475-1|[USN-3475-1] OpenSSL vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3474-1|[USN-3474-1] Liblouis vulnerability ]] === Bug Triage === * Backlog: https://bugs.launchpad.net/~ubuntu-security/+subscribedbugs === Mainline Inclusion Requests === * spice-vdagent underway (LP: #Bug:1200296) * MIR backlog: https://bugs.launchpad.net/~ubuntu-security/+assignedbugs?field.searchtext=%5BMIR%5D === Development === * (snapd) submitted fix for for /dev/pts slave EPERM fix - PR 4159 and 4160 (2.29) * (snapd) submitted fix for modprobe failure causing all security backends to fail - PR 4162 * (snapd) submitted fix for raw-usb udev_enumerate issue - PR 4164 and 4165 (2.29) * (snapd) created policy-updates-xxxii PR for master (PR 4180) and 2.29 (PR 4181), coordinate with snapd team. Among other things, this has a workaround rule for the above electron denial * (snapd) submitted 'add test-policy-app spread test' - PR 4157 * updated eCryptfs -next branch for linux-next testing and got it ready to create a 4.15 pull request * snapd reviews * 'fix udev tagging for hooks' - PR 4144 * 'drop group filter from seccomp rules' PR 4185 * 'support bash as base runtime' PR 4197 * landed documentation for the new (Linux 4.14) seccomp dynamic logging support in the upstream Linux man-pages project: [[https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/commit/?id=2577dbba2b4f0906d2941e5f38095a494537b255|1]], [[https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/commit/?id=6d1728dad1adcfae9248081a9c39ced2a16bd160|2]], [[https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/commit/?id=17c56ad055e349b690cf4eb6ff375df86c1136b7|3]], [[https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/commit/?id=f04207f4062e95d97a994586a4af30f6eab586e4|4]] === What the Security Team is Reading This Week === * [[ https://www.feistyduck.com/bulletproof-tls-newsletter/issue_33_why_tls_13_isnt_there_yet|Why TLS 1.3 isn’t there yet]] * [[ https://salls.github.io/Linux-Kernel-CVE-2017-5123/ |Exploiting CVE-2017-5123 with full protections. SMEP, SMAP, and the Chrome Sandbox!]] === Weekly Meeting === * Log: https://wiki.ubuntu.com/MeetingLogs/Security/20171106 * Info: https://wiki.ubuntu.com/SecurityTeam/Meeting === More Info === * [[http://people.canonical.com/~ubuntu-security/cve/| Ubuntu CVE Tracker]] * [[https://www.ubuntu.com/usn/| Ubuntu security notices]] * [[https://www.twitter.com/ubuntu_sec| Follow Ubuntu Security on Twitter]] * [[https://wiki.ubuntu.com/SecurityTeam/GettingInvolved| How to help improve Ubuntu security ]]