This week we take a look at the recent announcement of .NET 6 for Ubuntu 22.04 LTS, plus we cover security updates for the Linux kernel, Booth, WebKitGTK, Unbound and more.
24 unique CVEs addressed
CAP_NET_ADMINwhich is privileged, but with unprivileged user-namespaces this is trivial - so can mitigate this by disabling unpriv userns - but this may then affect applications like Google Chrome and others which use this to setup their sandboxes etc
sudo sysctl kernel.unprivileged_userns_clone=0
Transfer-Encoding- but would only process the first - could then allow the second to be misinterpreted by other proxies etc which could then be used for a request smuggling attack
authfiledirective in its config file, allowing sites / nodes which did not have the correct auth key to communicate with nodes that did - oops… - upstream refactored code previously which introduced this vuln - reverted the refactor to fix this
dotnet6package in Ubuntu contains the .NET 6 SDK - so can do .NET development on Ubuntu
musl) and has other differences too