Security Team Weekly Summary: September 21, 2017

• [USN-3416-1] Thunderbird vulnerabilities

• [USN-3417-1] Libgcrypt vulnerability

• [USN-3415-2] tcpdump vulnerabilities

• [USN-3415-1] tcpdump vulnerabilities

• [USN-3414-1] QEMU vulnerabilities

• [USN-3413-1] BlueZ vulnerability

Bug Triage

• Backlog: https://bugs.launchpad.net/~ubuntu-security/+subscribedbugs

Mainline Inclusion Requests

• completed nghttp2 (LP: #1687454)

• MIR backlog: https://bugs.launchpad.net/~ubuntu-security/+assignedbugs?field.searchtext=%5BMIR%5D

Development

• validate license and deprecate aliases in the review tools
• reviews
• broadcom-asic-control updates PR 3898
• bootstrap.c of snap-confine calling snap-update-ns PR 3621
• s390x and i386 socket snap-seccomp test failures fix (PR 3900)
• network interface update PR 3898
• ‘mount host system fonts in desktop interface’ PR 3889
• ‘enable partial apparmor support’ PR 3814
• ‘run secondary-arch tests via gcc-multilib’ PR 3901
• apparmor profile changes for snap-confine calling snap-update-ns PR 3621
• implement/submit PR 3919 for miscellaneous policy updates xxix
• implement/submit PR 3921 for miscellaneous policy updates xxix for 2.28

• policy update for org.freedesktop.DBus ListNames() PR 3928

• regression and manual testing of LSM stacking with AppArmor and SELinux

• fscrypt 0.2.1 packaged
• upload apparmor 2.11.0-2ubuntu17 for systemd stub resolver
• send up patch to upstream apparmor to drop /var/run alternation in favor of /run

What the Security Team is Reading This Week

• Rethinking Kernel Isolation

• New Hardware Announcement

• Linux Security Summit

Weekly Meeting

• Log: https://wiki.ubuntu.com/MeetingLogs/Security/20170911

• Info: https://wiki.ubuntu.com/SecurityTeam/Meeting

More Info

• Ubuntu CVE Tracker

• Ubuntu security notices

• Follow Ubuntu Security on Twitter

• How to help improve Ubuntu security