Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Security

'Now' would be the right time to patch Ubuntu container hosts and ditch 21.04 thanks to heap buffer overflow bug

Red Hat agrees

Liam Proven Thu 20 Jan 2022  //  14:38 UTC

The CVE-2022-0185 vulnerability in Ubuntu is severe enough that Red Hat is also advising immediate patching.

The flaw allows a process inside a Linux user namespace to escape, which means it potentially affects any machine running containers.

If you're not running any containers, you can just disable the user-namespace functionality – both companies' vulnerability descriptions describe how to do that on their respective distros. It affects RHEL (and derivatives) as well as Ubuntu 20.04, 21.04 and 21.10 – and presumably other distros, too.

So it's possibly a good thing that "Hirsute Hippo", as Ubuntu 21.04 is nicknamed, just went end of life today (20 January 2022). If you have any 21.04 machines, it's time to upgrade them now. That means 21.10 "Impish Indri" for the moment, until the next LTS release appears in April.

Ubuntu 22.04, which will revel in the cognomen of "Jammy Jellyfish", is still in testing for now, so don't try it yet – it won't even hit feature freeze until next month. It should be out 21 April, and is likely to include GNOME 42 and some, but not all, of the accompanying GTK 4 applications.

Old Ubuntu hands may remember that in the dim and distant days of the Noughties, Ubuntu's twice-a-year release cycle was originally intended to synchronise with GNOME 2 releases. When founder Mark Shuttleworth suggested broadening that so that other FOSS projects synched up their releases too, it didn't go down well. Then again, those who have a preferred brand for their daily ibuprofen may recall that Microsoft originally promised that service packs for Windows NT would be quarterly.

Ubuntu 22.04 should include new firmware-upgrade functionality (so long as your machine uses UEFI), and the company plans to support the 2GB model of Raspberry Pi 4 using zswap – on-the-fly swap compression. This might be aimed at making it viable to run Ubuntu on elderly Chromebooks with only 2GB of RAM once they go past their Auto Update policy date. ®
Send us news
13 Comments

Delinea Secret Server customers should apply latest patches

Attackers could nab an org's most sensitive keys if left unaddressed

Microsoft squashes SmartScreen security bypass bug exploited in the wild

Plus: Adobe, SAP, Fortinet, VMware, Cisco issue pressing updates

After delay due to xz, Ubuntu 24.04 'Noble Numbat' belatedly hits beta

Kernel 6.8, GNOME 46, and more apps in Snap packages

OpenAI's GPT-4 can exploit real vulnerabilities by reading security advisories

While some other LLMs appear to flat-out suck

CISA in a flap as Chirp smart door locks can be trivially unlocked remotely

Hard-coded credentials last thing you want in home security app

Zero-day exploited right now in Palo Alto Networks' GlobalProtect gateways

Out of the PAN-OS and into the firewall, a Python backdoor this way comes

Qt Ubuntu 24.04 betas show that there's room to innovate

Hot on the heels of Ubuntu Noble beta come the betas of the Qt-based remixes, with some interesting differences

Cisco creates architecture to improve security and sell you new switches

Hypershield detects bad behavior and automagically reconfigures networks to snuff out threats

Exploit code for Palo Alto Networks zero-day now public

Race on to patch as researchers warn of mass exploitation of directory traversal bug

Fedora 40 is just around the corner with more spins and flavors than ever

KDE edition has the most conspicuous changes, and could become future flagship

Japanese government rejects Yahoo<i>!</i> infosec improvement plan

Just doesn't believe it will sort out the mess that saw data leak from LINE messaging app

Old Windows print spooler bug is latest target of Russia's Fancy Bear gang

Putin's pals use 'GooseEgg' malware to launch attacks you can defeat with patches or deletion