Blog posts tagged
"Vulnerabilities"

19 posts

ebarretto
18 June 2025

Fixes available for local privilege escalation vulnerability in libblockdev using udisks

Article Ubuntu

Qualys discovered two vulnerabilities in various Linux distributions which allow local attackers to escalate privileges. The first vulnerability (CVE-2025-6018) was found in the PAM configuration. This CVE does not impact default Ubuntu installations because of how the pam_systemd.so and pam_env.so modules are invoked....

ebarretto
18 June 2025

Octavio Galland
30 May 2025

Apport local information disclosure vulnerability fixes available

Article Ubuntu

Qualys discovered two vulnerabilities in various Linux distributions which allow a local attacker with permission to create user namespaces to leak core dumps for processes of suid executables. These affect both apport, the Ubuntu default core dump handler (CVE-2025-5054), and systemd-coredump, the default core dump...

Octavio Galland
30 May 2025

eslerm
14 January 2025

Rsync remote code execution and related vulnerability fixes available

Article Hardening

Canonical’s security team has released updates of the rsync packages for all supported Ubuntu releases. The updates remediate CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, and CVE-2024-12747.

eslerm
14 January 2025

Matthew de Klerk
12 December 2024

What is vulnerability management?

Article Security

Vulnerability management is the holistic process of identifying and handling security risks in an organization’s networks, systems and devices. Vulnerability management serves an overarching strategy that describes and outlines the many individual efforts and steps taken to reduce cyber incident risk to acceptable...

Matthew de Klerk
12 December 2024

eslerm
19 November 2024

Needrestart local privilege escalation vulnerability fixes available

Article Ubuntu

Qualys discovered vulnerabilities which allow a local attacker to gain root privileges in the needrestart package (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, and CVE-2024-11003) and a related issue in libmodule-scandeps-perl (CVE-2024-10224). The vulnerabilities affect Debian, Ubuntu and other Linux distributions....

eslerm
19 November 2024

Luci Stanescu
26 September 2024

CUPS Remote Code Execution Vulnerability Fix Available

Article Ubuntu

Four CVE IDs have been assigned that together form an high-impact exploit chain surrounding CUPS: CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177. Canonical’s security team has released updates for the cups-browsed, cups-filters, libcupsfilters and libppd packages for all supported Ubuntu LTS releases....

Luci Stanescu
26 September 2024

Diogo Sousa
21 August 2024

How Ubuntu keeps you secure with KEV prioritisation

Article Security

The Known Exploited Vulnerabilities Catalog (KEV) is a database published by the US Cybersecurity and Infrastructure Security Agency (CISA) that serves as a reference to help organisations better manage vulnerabilities and keep pace with threat activity.By having a commitment to prioritise vulnerabilities contained in...

Diogo Sousa
21 August 2024

Luci Stanescu
3 July 2024

What you need to know about regreSSHion: an OpenSSH server remote code execution vulnerability (CVE-2024-6387)

Security Security

Details about the high-impact CVE-2024-6387 vulnerability, nicknamed regreSSHion, and the Ubuntu fix released on the CRD.

Luci Stanescu
3 July 2024

Henry Coggill
3 November 2023

Meet Cyber Essentials requirements with Ubuntu Pro

Article Hardening

Cyber Essentials is an increasingly important security standard within the UK that allows organisations to demonstrate to their customers that they operate their business in a secure and trustworthy manner. Achieving the Cyber Essentials certification helps businesses win new customers and  stand out amongst their...

Henry Coggill
3 November 2023

Lech Sandecki
3 October 2023

Zenbleed vulnerability fix for Ubuntu

Article Cloud and server

On 24 July 2023, security researchers from Google’s Information Security Engineering team disclosed a hardware vulnerability affecting AMD’s Zen 2 family of microprocessors. They dubbed this vulnerability “Zenbleed” (CVE-2023-20593), evoking memories of previous vulnerabilities like HeartBleed and hinting at its...

Lech Sandecki
3 October 2023

Canonical
16 December 2021

Log4Shell: Log4j remote code execution vulnerability

Article Security

Last updated on 18th January 2022 to include the latest vulnerability updates. A high impact vulnerability was discovered in Apache Log4j 2, a widely deployed software component used by a lot of Java applications to facilitate logging. An attacker who can control the log messages or their parameters can cause the...

Canonical
16 December 2021

Florencia Cabral Berenfus
15 December 2021

Security vulnerabilities on the Data Distribution Service (DDS)

Article Robotics

Learn more about DDS, and how to stay protected while using it If you are currently running the Robot Operating System 2 (ROS 2), this piece is especially relevant to the security of your robots. A few weeks ago, a group of security researchers reported 13 security vulnerabilities affecting some of the most used...

Florencia Cabral Berenfus
15 December 2021

Lech Sandecki
28 October 2021

Enhance the security of your open-source applications and share feedback

Article Ubuntu

Are you spending time on high-impact, high-value activities, or are you constantly derailed by maintenance, support, and deployment challenges? Does your organisation consume open-source software that needs security patching? Where do you get the security updates from, and how do you track what’s available? Are you...

Lech Sandecki
28 October 2021

Nikos Mavrogiannopoulos
9 July 2021

Linux kernel Livepatching

Article Cloud and server

Ubuntu Livepatch is the service and the software that enables organizations to quickly patch vulnerabilities on the Ubuntu Linux kernels. Livepatch provides uninterrupted service while reducing fire drills during high and critical severity kernel vulnerabilities. It is a complex technology and the details can be...

Nikos Mavrogiannopoulos
9 July 2021

  1. Previous page
  2. 1
  3. 2
  4. Next page