March 24, 2024

The CVE-2022-0185 vulnerability in Ubuntu is severe enough that Red Hat is also advising immediate patching.

The flaw allows a process inside a Linux user namespace to escape, which means it potentially affects any machine running containers.

If you’re not running any containers, you can just disable the user-namespace functionality – both companies’ vulnerability descriptions describe how to do that on their respective distros. It affects RHEL (and derivatives) as well as Ubuntu 20.04, 21.04 and 21.10 – and presumably other distros, too.

So it’s possibly a good thing that “Hirsute Hippo”, as Ubuntu 21.04 is nicknamed, just went end of life today (20 January 2022). If you have any 21.04 machines, it’s time to upgrade them now. That means 21.10 “Impish Indri” for the moment, until the next LTS release appears in April.

Ubuntu 22.04, which will revel in the cognomen of “Jammy Jellyfish”, is still in testing for now, so don’t try it yet – it won’t even hit feature freeze until next month. It should be out 21 April, and is likely to include GNOME 42 and some, but not all, of the accompanying GTK 4 applications.

Old Ubuntu hands may remember that in the dim and distant days of the Noughties, Ubuntu’s twice-a-year release cycle was originally intended to synchronise with GNOME 2 releases. When founder Mark Shuttleworth suggested broadening that so that other FOSS projects synched up their releases…

Read more…

Leave a Reply

Your email address will not be published. Required fields are marked *