'Now' would be the right time to patch Ubuntu container hosts and ditch 21.04 thanks to heap buffer overflow bug
Red Hat agrees
The flaw allows a process inside a Linux user namespace to escape, which means it potentially affects any machine running containers.
If you're not running any containers, you can just disable the user-namespace functionality – both companies' vulnerability descriptions describe how to do that on their respective distros. It affects RHEL (and derivatives) as well as Ubuntu 20.04, 21.04 and 21.10 – and presumably other distros, too.
So it's possibly a good thing that "Hirsute Hippo", as Ubuntu 21.04 is nicknamed, just went end of life today (20 January 2022). If you have any 21.04 machines, it's time to upgrade them now. That means 21.10 "Impish Indri" for the moment, until the next LTS release appears in April.
- Need to prioritize security bug patches? Don't forget to scan Twitter as well as use CVSS scores
- Crypto.com acknowledges 'unauthorized activity' on servers, maintains no funds have been lost
- Bug in WebKit's IndexedDB implementation makes Safari 15 leak Google account info... and more
- Google says open source software should be more secure
Ubuntu 22.04, which will revel in the cognomen of "Jammy Jellyfish", is still in testing for now, so don't try it yet – it won't even hit feature freeze until next month. It should be out 21 April, and is likely to include GNOME 42 and some, but not all, of the accompanying GTK 4 applications.
Old Ubuntu hands may remember that in the dim and distant days of the Noughties, Ubuntu's twice-a-year release cycle was originally intended to synchronise with GNOME 2 releases. When founder Mark Shuttleworth suggested broadening that so that other FOSS projects synched up their releases too, it didn't go down well. Then again, those who have a preferred brand for their daily ibuprofen may recall that Microsoft originally promised that service packs for Windows NT would be quarterly.
Ubuntu 22.04 should include new firmware-upgrade functionality (so long as your machine uses UEFI), and the company plans to support the 2GB model of Raspberry Pi 4 using zswap – on-the-fly swap compression. This might be aimed at making it viable to run Ubuntu on elderly Chromebooks with only 2GB of RAM once they go past their Auto Update policy date. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Elementary OS
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero Day Initiative
- Zero trust