Episode 237

Posted on Friday, Sep 20, 2024
John and Maximé have been talking about Ubuntu’s AppArmor user namespace restrictions at the the Linux Security Summit in Europe this past week, plus we cover some more details from the official announcement of permission prompting in Ubuntu 24.10, a new release of Intel TDX for Ubuntu 24.04 LTS and more.

Show Notes

Overview

John and Maximé have been talking about Ubuntu’s AppArmor user namespace restrictions at the the Linux Security Summit in Europe this past week, plus we cover some more details from the official announcement of permission prompting in Ubuntu 24.10, a new release of Intel TDX for Ubuntu 24.04 LTS and more.

This week in Ubuntu Security Updates (01:11)

613 unique CVEs addressed in the past fortnight

[USN-6989-1] OpenStack vulnerability

  • 1 CVEs addressed in Jammy (22.04 LTS), Noble (24.04 LTS)

[USN-6990-1] znc vulnerability

  • 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)

[USN-6992-1] Firefox vulnerabilities

[USN-6993-1] Vim vulnerabilities

  • 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)

[USN-6991-1] AIOHTTP vulnerability

  • 1 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)

[USN-6995-1] Thunderbird vulnerabilities

[USN-6996-1] WebKitGTK vulnerabilities

[USN-6841-2] PHP vulnerability

  • 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM)

[USN-6997-1, USN-6997-2] LibTIFF vulnerability

  • 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)

[USN-6994-1] Netty vulnerabilities

[USN-6998-1] Unbound vulnerabilities

  • 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)

[USN-6999-1] Linux kernel vulnerabilities

  • 220 CVEs addressed in Noble (24.04 LTS)
  • Full CVE list elided - see USN for details

[USN-7003-1, USN-7003-2, USN-7003-3] Linux kernel vulnerabilities

  • 85 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS)
  • Full CVE list elided - see USN for details

[USN-7004-1] Linux kernel vulnerabilities

  • 221 CVEs addressed in Noble (24.04 LTS)
  • Full CVE list elided - see USN for details

[USN-7005-1, USN-7005-2] Linux kernel vulnerabilities

  • 219 CVEs addressed in Jammy (22.04 LTS), Noble (24.04 LTS)
  • Full CVE list elided - see USN for details

[USN-7006-1] Linux kernel vulnerabilities

  • 94 CVEs addressed in Focal (20.04 LTS)
  • Full CVE list elided - see USN for details

[USN-7007-1] Linux kernel vulnerabilities

  • 219 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
  • Full CVE list elided - see USN for details

[USN-7008-1] Linux kernel vulnerabilities

  • 222 CVEs addressed in Jammy (22.04 LTS)
  • Full CVE list elided - see USN for details

[USN-7009-1] Linux kernel vulnerabilities

  • 219 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
  • Full CVE list elided - see USN for details

[USN-7019-1] Linux kernel vulnerabilities

  • 429 CVEs addressed in Jammy (22.04 LTS)
  • Full CVE list elided - see USN for details

[USN-7002-1] Setuptools vulnerability

  • 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)

[USN-7000-1, USN-7000-2] Expat vulnerabilities

[USN-7001-1, USN-7001-2] xmltok library vulnerabilities

  • 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)

[USN-6560-3] OpenSSH vulnerability

[USN-7011-1, USN-7011-2] ClamAV vulnerabilities

  • 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)

[USN-7012-1] curl vulnerability

  • 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)

[USN-7013-1] Dovecot vulnerabilities

[USN-7014-1] nginx vulnerability

  • 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)

[USN-7015-1] Python vulnerabilities

[USN-7010-1] DCMTK vulnerabilities

[USN-7016-1] FRR vulnerability

  • 1 CVEs addressed in Jammy (22.04 LTS), Noble (24.04 LTS)

[USN-7017-1] Quagga vulnerability

[USN-7018-1] OpenSSL vulnerabilities

Goings on in Ubuntu Security Community

Linux Security Summit Europe 2024 (03:44)

Official announcement of Permissions Prompting in Ubuntu 24.10 (09:00)

Version 2.1 of IntelⓇ TDX on Ubuntu 24.04 LTS Released (11:46)

Ubuntu 22.04.5 LTS released (13:45)

AppArmor security update for CVE-2016-1585 published (14:23)

Get in contact