== Security Team Weekly Summary for 16 February 2018 == ||<>|| The [[SecurityTeam|Security Team]] weekly reports are intended to be very short summaries of the Security Team's weekly activities. If you would like to reach the Security Team, you can find us at the #ubuntu-hardened channel on FreeNode. Alternatively, you can mail the Ubuntu Hardened mailing list at: ubuntu-hardened@lists.ubuntu.com During the last week, the Ubuntu Security team: * Triaged 551 public security vulnerability reports, retaining the 60 that applied to Ubuntu. * Published 10 Ubuntu Security Notices which fixed 19 security issues (CVEs) across 10 supported packages. === Ubuntu Security Notices === * [[https://www.ubuntu.com/usn/usn-3573-1|[USN-3573-1] Quagga vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3572-1|[USN-3572-1] FreeType vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3571-1|[USN-3571-1] Erlang vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3570-1|[USN-3570-1] AdvanceCOMP vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3569-1|[USN-3569-1] libvorbis vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3544-2|[USN-3544-2] Firefox regressions ]] * [[https://www.ubuntu.com/usn/usn-3568-1|[USN-3568-1] WavPack vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3567-1|[USN-3567-1] Puppet vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3566-1|[USN-3566-1] PHP vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3565-1|[USN-3565-1] Exim vulnerability ]] === Bug Triage === * Backlog: https://bugs.launchpad.net/~ubuntu-security/+subscribedbugs === Mainline Inclusion Requests === * openjpeg2 (LP: #Bug:711061) underway * MIR backlog: https://bugs.launchpad.net/~ubuntu-security/+assignedbugs?field.searchtext=%5BMIR%5D === Development === * Submitted PR 4683 and PR 4685 for 'interfaces/time-control,netlink-audit: adjust for util-linux compiled with libaudit' * Submit PR 4687 for snapd policy updates * Reviews * PR 4652 - tests: fix spread test failures on 18.04 * PR 4663 - allow MM to access login1 * PR 4694 - small re-factor for upcoming per-user mounts (portals) * PR 4664 - ensure snap-confine profile for reexec is current * PR 4670 - add support for per-user mount entries (portals) * PR 4659 - improve the version validator's error messages * LSM stacking demo * Respun the gcc-4.8/trusty package * Participated in CNA Summit === What the Security Team is Reading This Week === * [[ https://www.paulkocher.com/doc/MicrosoftCompilerSpectreMitigation.html|Spectre Mitigations in Microsoft's C/C++ Compiler]] * [[ http://www.r2d3.us/visual-intro-to-machine-learning-part-1/ |A Visual Introduction to Machine Learning]] === Weekly Meeting === * Log: https://wiki.ubuntu.com/MeetingLogs/Security/20180212 * Info: https://wiki.ubuntu.com/SecurityTeam/Meeting === More Info === * [[http://people.canonical.com/~ubuntu-security/cve/| Ubuntu CVE Tracker]] * [[https://www.ubuntu.com/usn/| Ubuntu security notices]] * [[https://www.twitter.com/ubuntu_sec| Follow Ubuntu Security on Twitter]] * [[https://wiki.ubuntu.com/SecurityTeam/GettingInvolved| How to help improve Ubuntu security ]]