Overview
John and Maximé have been talking about Ubuntu’s AppArmor user namespace
restrictions at the the Linux Security Summit in Europe this past week, plus we
cover some more details from the official announcement of permission prompting
in Ubuntu 24.10, a new release of Intel TDX for Ubuntu 24.04 LTS and more.
This week in Ubuntu Security Updates (01:11)
613 unique CVEs addressed in the past fortnight
[USN-6989-1] OpenStack vulnerability
- 1 CVEs addressed in Jammy (22.04 LTS), Noble (24.04 LTS)
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-6992-1] Firefox vulnerabilities
- 8 CVEs addressed in Focal (20.04 LTS)
[USN-6993-1] Vim vulnerabilities
- 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-6991-1] AIOHTTP vulnerability
- 1 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-6995-1] Thunderbird vulnerabilities
- 10 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
[USN-6996-1] WebKitGTK vulnerabilities
- 6 CVEs addressed in Jammy (22.04 LTS), Noble (24.04 LTS)
- 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM)
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-6994-1] Netty vulnerabilities
- 2 CVEs addressed in Jammy (22.04 LTS)
- HTTP/2 DoS, seen exploited in the wild and listen on the CISA KEV
[USN-6998-1] Unbound vulnerabilities
- 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-6999-1] Linux kernel vulnerabilities
- 220 CVEs addressed in Noble (24.04 LTS)
- Full CVE list elided - see USN for details
- 85 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS)
- Full CVE list elided - see USN for details
[USN-7004-1] Linux kernel vulnerabilities
- 221 CVEs addressed in Noble (24.04 LTS)
- Full CVE list elided - see USN for details
- 219 CVEs addressed in Jammy (22.04 LTS), Noble (24.04 LTS)
- Full CVE list elided - see USN for details
[USN-7006-1] Linux kernel vulnerabilities
- 94 CVEs addressed in Focal (20.04 LTS)
- Full CVE list elided - see USN for details
[USN-7007-1] Linux kernel vulnerabilities
- 219 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- Full CVE list elided - see USN for details
[USN-7008-1] Linux kernel vulnerabilities
- 222 CVEs addressed in Jammy (22.04 LTS)
- Full CVE list elided - see USN for details
[USN-7009-1] Linux kernel vulnerabilities
- 219 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- Full CVE list elided - see USN for details
[USN-7019-1] Linux kernel vulnerabilities
- 429 CVEs addressed in Jammy (22.04 LTS)
- Full CVE list elided - see USN for details
[USN-7002-1] Setuptools vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
- 3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
- 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-6560-3] OpenSSH vulnerability
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
- 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-7012-1] curl vulnerability
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-7013-1] Dovecot vulnerabilities
- 2 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
[USN-7014-1] nginx vulnerability
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-7015-1] Python vulnerabilities
- 5 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-7010-1] DCMTK vulnerabilities
- 9 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
- 1 CVEs addressed in Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-7017-1] Quagga vulnerability
- 1 CVEs addressed in Focal (20.04 LTS)
[USN-7018-1] OpenSSL vulnerabilities
- 6 CVEs addressed in Trusty ESM (14.04 ESM)
Goings on in Ubuntu Security Community
Linux Security Summit Europe 2024 (03:44)
- https://events.linuxfoundation.org/linux-security-summit-europe/program/schedule/
- Sep 16-17 - Vienna, Austria
- John Johansen and Maxime Bélair from AppArmor team presented “Restricting
Unprivileged User Namespaces in Ubuntu”
- Other talks
- Deep-dive into xz-utils supply chain attack
- Internals of the SLUB memory allocator for exploit developers
- Landlock update - including details of new IOCTL restrictions etc
- systemd and TPM2 update
Official announcement of Permissions Prompting in Ubuntu 24.10 (09:00)
Version 2.1 of IntelⓇ TDX on Ubuntu 24.04 LTS Released (11:46)
Ubuntu 22.04.5 LTS released (13:45)
AppArmor security update for CVE-2016-1585 published (14:23)
Get in contact