Security News > 2022 > January > 'Now' would be the right time to patch Ubuntu container hosts and ditch 21.04 thanks to heap buffer overflow bug

'Now' would be the right time to patch Ubuntu container hosts and ditch 21.04 thanks to heap buffer overflow bug
2022-01-20 14:38

The CVE-2022-0185 vulnerability in Ubuntu is severe enough that Red Hat is also advising immediate patching.

It affects RHEL as well as Ubuntu 20.04, 21.04 and 21.10 - and presumably other distros, too.

So it's possibly a good thing that "Hirsute Hippo", as Ubuntu 21.04 is nicknamed, just went end of life today.

Ubuntu 22.04, which will revel in the cognomen of "Jammy Jellyfish", is still in testing for now, so don't try it yet - it won't even hit feature freeze until next month.

Old Ubuntu hands may remember that in the dim and distant days of the Noughties, Ubuntu's twice-a-year release cycle was originally intended to synchronise with GNOME 2 releases.

Ubuntu 22.04 should include new firmware-upgrade functionality, and the company plans to support the 2GB model of Raspberry Pi 4 using zswap - on-the-fly swap compression.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/01/20/ubuntu_2104_eol/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-02-11 CVE-2022-0185 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length.
local
low complexity
linux netapp CWE-191
8.4
8.4

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Ubuntu 14 14 40 21 19 94