== Security Team Weekly Summary for 23 February 2018 == ||<>|| The [[SecurityTeam|Security Team]] weekly reports are intended to be very short summaries of the Security Team's weekly activities. If you would like to reach the Security Team, you can find us at the #ubuntu-hardened channel on FreeNode. Alternatively, you can mail the Ubuntu Hardened mailing list at: ubuntu-hardened@lists.ubuntu.com During the last week, the Ubuntu Security team: * Triaged 202 public security vulnerability reports, retaining the 32 that applied to Ubuntu. * Published 14 Ubuntu Security Notices which fixed 51 security issues (CVEs) across 17 supported packages. === Ubuntu Security Notices === * [[https://www.ubuntu.com/usn/usn-3583-2|[USN-3583-2] Linux kernel (Trusty HWE) vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3583-1|[USN-3583-1] Linux kernel vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3581-3|[USN-3581-3] Linux kernel (Raspberry Pi 2) vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3582-2|[USN-3582-2] Linux kernel (Xenial HWE) vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3582-1|[USN-3582-1] Linux kernel vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3581-2|[USN-3581-2] Linux kernel (HWE) vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3581-1|[USN-3581-1] Linux kernel vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3578-1|[USN-3578-1] WavPack vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3580-1|[USN-3580-1] Linux kernel vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3579-1|[USN-3579-1] LibreOffice vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3577-1|[USN-3577-1] CUPS vulnerability ]] * [[https://www.ubuntu.com/usn/usn-3576-1|[USN-3576-1] libvirt vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3575-1|[USN-3575-1] QEMU vulnerabilities ]] * [[https://www.ubuntu.com/usn/usn-3574-1|[USN-3574-1] Bind vulnerability ]] === Bug Triage === * Backlog: https://bugs.launchpad.net/~ubuntu-security/+subscribedbugs === Mainline Inclusion Requests === * openjpeg2 (LP: #Bug:711061) paused * brotli (LP: #Bug:1737053) underway * MIR backlog: https://bugs.launchpad.net/~ubuntu-security/+assignedbugs?field.searchtext=%5BMIR%5D === Updates to Community Supported Packages === * Simon Deziel (sdeziel) provided a debdiff for artful for unbound (LP: #Bug:1723900) === Development === * snap review tools updates * PR 4733, 4734 and 4736 for screen-inhibit-control and network-status policy bugs * verified audit SRU * work !AppArmor reload issue (LP: #Bug:1750594) * reviews * PR 1945 - elf: clear execstack by default * PR 4720 - add xdg-desktop-portal support to desktop interface === What the Security Team is Reading This Week === * [[ https://arxiv.org/abs/1802.03367|When Textbook RSA is Used to Protect the Privacy of Hundreds of Millions of Users]] * [[ https://www.harpercollins.com/9780062430489/the-woman-who-smashed-codes |The Woman Who Smashed Codes]] A True Story of Love, Spies, and the Unlikely Heroine Who Outwitted America's Enemies by Jason Fagone === Weekly Meeting === * There was no weekly meeting last week due to a U. S. holiday. * Info: https://wiki.ubuntu.com/SecurityTeam/Meeting === More Info === * [[http://people.canonical.com/~ubuntu-security/cve/| Ubuntu CVE Tracker]] * [[https://www.ubuntu.com/usn/| Ubuntu security notices]] * [[https://www.twitter.com/ubuntu_sec| Follow Ubuntu Security on Twitter]] * [[https://wiki.ubuntu.com/SecurityTeam/GettingInvolved| How to help improve Ubuntu security ]]