We’re back after a few weeks off to cover the launch of the Ubuntu Security Guide for DISA-STIG, plus we detail the latest vulnerabilities and updates for lxml, PolicyKit, the Linux Kernel, systemd, Samba and more.
100 unique CVEs addressed
CL_SCAN_GENERAL_COLLECT_METADATA option and
handling OOXML files - remote attacker could supply an input file which
could trigger this -> crash
.screenrc file which could
possibly contain private info
LD_PRELOAD value to cause arbitrary code to be
executed as root
DISA-STIG is a U.S. Department of Defense security configuration standard consisting of configuration guidelines for hardening systems to improve a system’s security posture.
It can be seen as a checklist for securing protocols, services, or servers to improve the overall security by reducing the attack surface.
The Ubuntu Security Guide (USG) brings simplicity by integrating the experience of several teams working on compliance. It enables the audit, fixing, and customisation of a system while enabling a system-wide configuration for compliance, making management by diverse people in a DevOps team significantly easier.
The DISA-STIG automated configuration tooling for Ubuntu 20.04 LTS is available with Ubuntu Advantage subscriptions and Ubuntu Pro, alongside additional open source security and support services.