Overview
It’s main vs universe as we take a deep dive into the Ubuntu archive and
look at these components plus what goes into each and how the security team
goes about reviewing software destined for main, plus we cover security
updates for Django, BlueZ, NVIDIA Graphics Drivers and more.
This week in Ubuntu Security Updates
53 unique CVEs addressed
[USN-5265-1] Linux kernel vulnerabilities [01:19]
- 10 CVEs addressed in Focal (20.04 LTS), Impish (21.10)
- 5.13 impish + focal hwe + 5.11 focal cloud kernel (gcp/aws/oracle/azure)
[USN-5266-1] Linux kernel (GKE) vulnerabilities
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- 5.4 gke
[USN-5267-1] Linux kernel vulnerabilities
- 3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- 5.4 focal + bionic hwe
[USN-5268-1] Linux kernel vulnerabilities
- 4 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
- 4.15 bionic + 16.04 hwe + 14.04 azure
[USN-5260-3] Samba vulnerability [02:29]
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
- Episode 147 -
vfs_fruit
RCE
- 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10)
- XSS via incorrect handling of the
{% debug %}
template tag - failed to
properly encode the current context
- Possible infinite loop when parsing multipart forms as used when doing
file uploads
- 26 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10)
- 6 CVEs addressed in Xenial ESM (16.04 ESM)
- 8.0.23 for Ubuntu 20.04 LTS and 21.10
- 5.7.37 for Ubuntu 18.04 LTS and Ubuntu 16.04 ESM
[USN-5030-2] Perl DBI module vulnerabilities [04:11]
[USN-5262-1] GPT fdisk vulnerabilities
- 2 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-5264-1] Graphviz vulnerabilities
- 3 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-5275-1] BlueZ vulnerability [04:25]
- 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10)
- Heap buffer overflow in gatt-server implementation since failed to check
lengths of incoming packets - could allow a remote attacker to DoS or RCE
[USN-4754-5] Python vulnerability [04:53]
- 2 CVEs addressed in Trusty ESM (14.04 ESM)
- Reinstate fix for CVE-2021-3177 which was previously removed due to a
regression
[USN-5276-1] NVIDIA graphics drivers vulnerabilities [05:15]
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10)
- Various issues around handling of permissions within the kernel - could
allow a local user to write to protected memory in the kernel and DoS
machine
[USN-5267-2] Linux kernel regression [05:52]
- 3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- 5.4 focal + bionic hwe
- Inadvertent DoS when accessing CIFS shares - kernel hang - fixed by
reverting various CIFS related patches
Goings on in Ubuntu Security Community
Main vs Universe with Camila
- Camila discusses the different software repository components in Ubuntu -
what they are, how they compare and what you can expect to find in each,
as well as the process for moving packages from universe to main to be
supported by Canonical, in particular focusing on the security team’s
role in performing security audits of each software package along the
way.
Get in contact