Ubuntu 23.10 Development and Ubuntu Testing Week
Ubuntu Testing Week takes place during the holiday season when development slows down. This quality assurance test, conducted by community volunteers, utilizes the current ISO image to identify any major issues. Any issues discovered are reported in the bug tracker on Launchpad, and efforts are made to fix them before the official release if they are critical.
In addition, after passing the Feature Freeze phase, a selection of different features begins. For example, the snap version of CUPS has been removed in this release and will likely be replaced with the same .deb package used before. On the other hand, an “Scheduled Exception” process has been smoothly implemented, starting with the Exception Request for LibreOffice 7.6.
Alongside these developments, Ubuntu has shared its long-term goals and target milestones for 23.10. Some exciting features to look forward to include improved privacy settings for all applications and full disk encryption. However, specific details about Ubuntu 23.10 are being kept under wraps for now, so stay tuned for more updates.
[1] LibreOffice 7.6 was released on August 21st, and while it couldn’t make it in time for the Feature Freeze phase, an Exception process was approved after the freeze. Ubuntu Feature Freeze often includes software that is not expected to meet the release deadline, such as OpenStack, which is typically introduced as the RC version and later replaced with the GA version through the SRU process.
[2] It is a common sentiment in the Ubuntu community to feel like you are already in a Feature Freeze!
Ubuntu’s Response to the Inception Vulnerability
In response to the Inception vulnerability discovered in AMD CPUs, Ubuntu has taken action. Inception is a variant of Spectre, a classic example of a random channel attack that affects AMD CPUs.
The recommended response to CPU vulnerabilities remains the same, including vulnerabilities like Downfall and Zenbleed. If a corresponding microcode update is released, it should be applied. Currently, only the 3rd and 4th generation EPYC microcodes have been released, and Ubuntu provides the corresponding package (amd64-microcode) for these. While Ubuntu 14.04 is still in the extended support period from ESM, it will not be supported for this specific vulnerability due to the unlikely scenario of users combining 3rd generation EPYC CPUs with Ubuntu 14.04 [3]. For other processors, especially consumer desktops and mobile phones, firmware updates will be applied as AGESA firmware becomes available.
[3] The non-ESM support period for Ubuntu 14.04 lasts until 2019 (ESM until 2024), while the 3rd generation EPYC was announced in March 2021. The combination of these two is highly unlikely unless one assumes the user has freshly installed Ubuntu 14.04 on a whim.
Other News
Basic use of Rust support in the kernel has been available since Lunar (23.04).
Security Update of the Week
usn-6304-1: Security Update for Inetutils
Updates have been released for Ubuntu 23.04, 22.04 LTS, and 20.04 LTS. These updates fix CVE-2022-39028 and CVE-2023-40303, which allowed for denial of service attacks, unauthorized access to confidential information, and arbitrary code execution. Applying the update is the recommended solution for resolving these issues.
usn-6305-1: PHP Security Update
Updates have been released for Ubuntu 23.04 and 22.04 LTS. These updates address CVE-2023-3823 and CVE-2023-3824, resolving potential security vulnerabilities. Applying the update is the recommended solution.
usn-6306-1: Fast DDS Security Update
Updates have been released for Ubuntu 23.04 and 22.04 LTS (Ubuntu Pro only). These updates address multiple CVEs, including CVE-2021-38425, CVE-2023-39534, CVE-2023-39945, CVE-2023-39946, CVE-2023-39947, CVE-2023-39948, and CVE-2023-3994. By exploiting malicious input, attackers could perform denial of service attacks and access confidential information. Applying the update is recommended.
usn-6307-1: Security Update for JOSE for C/C++
Updates have been released for Ubuntu 23.04, 22.04 LTS, 20.04 LTS, and 18.04 ESM. These updates fix CVE-2023-37464, addressing potential denial of service attacks and unauthorized access to confidential information. Applying the update is recommended.
usn-6308-1: Libqb Security Update
Updates have been released for Ubuntu 23.04 and 22.04 LTS. These updates resolve CVE-2023-39976, which could lead to crashes and memory corruption, allowing for arbitrary code execution and denial of service attacks. Applying the update is recommended.
usn-6309-1: Linux Kernel Security Update
Updates have been released for Ubuntu 16.04 ESM and 14.04 ESM. These updates fix multiple CVEs, including CVE-2023-2269, CVE-2023-2985, CVE-2023-31084, CVE-2023-3567, CVE-2023-3611, and CVE-2023-3776. Applying the update and rebooting the system is required. Note that there are ABI changes, so if you compile kernel modules, you will need to recompile them. Kernel module-related packages will be automatically updated based on their dependencies.
usn-6310-1: Security Update for json-c
An update has been released for Ubuntu 22.04 LTS. This update addresses CVE-2021-32292, which could lead to crashes and memory corruption. Applying the update and rebooting the system is recommended.
usn-6311-1: Linux Kernel Security Update
Updates have been released for Ubuntu 22.04 LTS and 20.04 LTS. These updates fix multiple CVEs, including CVE-2022-4269, CVE-2022-48502, CVE-2023-0597, CVE-2023-1611, CVE-2023-1855, CVE-2023-1990, CVE-2023-2002, CVE-2023, CVE-2023-2023 -2163, CVE-2023-2194, CVE-2023-2235, CVE-2023-2269, CVE-2023-23004, CVE-2023-28466, CVE-2023-30772, CVE3-202-2023 32248, CVE-2023 Fixes -3268, CVE-2023-33203, CVE-2023-33288, CVE-2023-35823, CVE-2023-35824, CVE-2023-35828, CVE3-2029. Applying the update and rebooting the system is required. Note that there are ABI changes, so if you compile kernel modules, you will need to recompile them. Kernel module-related packages will be automatically updated based on their dependencies.
usn-6312-1: Linux Kernel Security Update
An update has been released for Ubuntu 20.04 LTS and 18.04 ESM. These updates fix multiple CVEs,
mantic (Ubuntu 23.10 development) / Ubuntu Testing Week and spec selection
Ubuntu Testing Week is held during the holiday season when development slows down a bit. As the name suggests, Test Week is a QA test that uses the “current ISO image” to find out if there are any major issues, and testing is mostly done by volunteers at the community. Issues found here are registered in the bug tracker on Launchpad, and if it’s fatal, we’ll aim to fix it until release.
On the other hand, after passing Feature Freeze, a selection of different functions has also started. For example, the snap version of CUPS has been withdrawn in this release, and will likely be reverted to the same .deb package as before. Conversely, starting with the Exception Request for LibreOffice 7.6, a “Scheduled Exception”[1]is processed smoothly.
Alongside these moves, Ubuntu Desktop long-term goals and target milestones for 23.10 have been posted. Ubuntu 23.10: This one we’re keeping quiet about for now, stay tuned!”), or it talks about privacy settings for all applications and full disk encryption.[2]It also includes a description of Until mantic is released, there seems to be a lot of ups and downs.
[1] LibreOffice 7.6 was released on August 21st, and the original plan in developing mantic was based on the premise “Because it won’t be in time for a Feature Freeze, we will pass the Exception process after a Feature Freeze”. There’s always a certain amount of “no matter how you think about it, the release time won’t be in time for Feature Freeze on Ubuntu release schedule” kind of software, and Ubuntu Feature Freeze incorporates things from such (a typical example is OpenStack, and since the GA release of OpenStack is generally just before the release of Ubuntu, the RC version is introduced at the time of release, and later replaced with the GA version through the SRU process).
[2] It’s a common feeling in Ubuntu that you feel like you already have a Feature Freeze!
Ubuntu’s Response to Startup
Ubuntu has prepared a response to the Inception vulnerability found in AMD CPUs. Inception is a classic example of a random channel attack, essentially a variant of Specter that runs on AMD CPUs.
The basic response is the same as when a CPU vulnerability is discovered, similar to Downfall and Zenbleed, “If the corresponding microcode is released, apply it.” Currently, only the 3rd and 4th generation EPYC microcodes have u release, and the corresponding package (amd64-microcode) in Ubuntu is also for these. Ubuntu 14.04 is still in the extended support period from ESM, but it is said that Ubuntu will not support it because it is ” unrealistic to think that there are users who use the combination of 3rd generation EPYC + Ubuntu 14.04″. opinion[3]. In the case of other processors (mainly for consumer desktops and mobile phones), we will wait for AGESA firmware to be released successively and update the firmware on the hardware side.
[3] Non-ESM Ubuntu 14.04 support period until 2019 (ESM until 2024), EPYC announced 3rd generation in March 2021. This combination does not exist unless you make the wild assumption that you have installed Ubuntu 14.04 is fresh If it doesn’t actually exist, or if it does, you can assume you set it “on a whim.”
Other news
Basic use of Rust support in kernel since Lunar (23.04).
Security update of the week
usn-6304-1: security update for Inetutils
Updates for Ubuntu 23.04, 22.04 LTS and 20.04 LTS have been released. Fixes CVE-2022-39028, CVE-2023-40303. Malicious input allowed DoS, access to information that should have been kept confidential, and arbitrary code execution. Solution: Applying the update usually solves the problem.
usn-6305-1: PHP security update
Updates for Ubuntu 23.04 and 22.04 LTS have been released. Fixes CVE-2023-3823, CVE-2023-3824. Solution: Applying the update usually solves the problem.
usn-6306-1: Fast DDS security update
Updates for Ubuntu 23.04 and 22.04 LTS (Ubuntu Pro only) have been released. Fixes CVE-2021-38425, CVE-2023-39534, CVE-2023-39945, CVE-2023-39946, CVE-2023-39947, CVE-2023-39948, CVE-2023-3994. By performing malicious input, it was possible to access DoS and information that should have been kept confidential. Solution: Applying the update usually solves the problem.
usn-6307-1: Security update for JOSE for C/C++
Updates for Ubuntu 23.04, 22.04 LTS, 20.04 LTS and 18.04 ESM have been released. Fixes CVE-2023-37464. It is suspected that it is possible to commit DoS and gain access to information that should be kept confidential by entering malicious information. Solution: Applying the update usually solves the problem.
usn-6308-1: Libqb security update
Updates for Ubuntu 23.04 and 22.04 LTS have been released. Fixes CVE-2023-39976. By providing malicious input, it was possible to cause a crash with memory corruption. It was possible to execute arbitrary code and DoS. Solution: Applying the update usually solves the problem.
usn-6309-1: Linux kernel security update
Updates for Ubuntu 16.04 ESM and 14.04 ESM have been released. Fixes CVE-2023-2269, CVE-2023-2985, CVE-2023-31084, CVE-2023-3567, CVE-2023-3611, CVE-2023-3776. Solution: Apply the update and reboot the system. Note: This involves ABI changes, so if you compile kernel modules yourself, you will need to recompile. Packages related to kernel modules (linux-restricted-standard-modules, linux-backport-modules, linux-ubuntu-modules, etc.) are automatically updated depending on their dependencies, so you can usually apply the updates as they are. Masu.
usn-6310-1: security update for json-c
An updater has been released for Ubuntu 22.04 LTS. Fixes CVE-2021-32292. By providing malicious input, it was possible to cause a crash with memory corruption. It was possible to execute arbitrary code and DoS. Solution: Apply the update and reboot the system.
usn-6311-1: Linux kernel security update
Updates for Ubuntu 22.04 LTS and 20.04 LTS have been released. CVE-2022-4269, CVE-2022-48502, CVE-2023-0597, CVE-2023-1611, CVE-2023-1855, CVE-2023-1990, CVE-2023-2002, CVE-2023, CVE-2023-2023 -2163, CVE-2023-2194, CVE-2023-2235, CVE-2023-2269, CVE-2023-23004, CVE-2023-28466, CVE-2023-30772, CVE3-202-2023 32248, CVE-2023 Fixes -3268, CVE-2023-33203, CVE-2023-33288, CVE-2023-35823, CVE-2023-35824, CVE-2023-35828, CVE3-2029. Solution: Apply the update and reboot the system. Note: This involves ABI changes, so if you compile kernel modules yourself, you will need to recompile. Packages related to kernel modules (linux-restricted-standard-modules, linux-backport-modules, linux-ubuntu-modules, etc.) are automatically updated depending on their dependencies, so you can usually apply the updates as they are. Masu.
usn-6312-1: Linux kernel security update
An updater for Ubuntu 20.04 LTS and 18.04 ESM has been released. CVE-2020-36691, CVE-2022-0168, CVE-2022-1184, CVE-2022-27672, CVE-2022-4269, CVE-2023-0590, CVE-2023-1611, CVE-2505, CVE-2505 Fixes 2023-1990, CVE-2023-2124, CVE-2023-2194, CVE-2023-28466, CVE-2023-30772, CVE-2023-3111, CVE-2023-3141, CVE-2003. Solution: Apply the update and reboot the system. Note: This involves ABI changes, so if you compile kernel modules yourself, you will need to recompile. Packages related to kernel modules (linux-restricted-standard-modules, linux-backport-modules, linux-ubuntu-modules, etc.) are automatically updated depending on their dependencies, so you can usually apply the updates as they are. Masu.
#Ubuntu #development #mantic #Ubuntu #Testing #Week #spec #selection #Ubuntus #response #Inception
