Security News > 2022 > January > 'Now' would be the right time to patch Ubuntu container hosts and ditch 21.04 thanks to heap buffer overflow bug
The CVE-2022-0185 vulnerability in Ubuntu is severe enough that Red Hat is also advising immediate patching.
It affects RHEL as well as Ubuntu 20.04, 21.04 and 21.10 - and presumably other distros, too.
So it's possibly a good thing that "Hirsute Hippo", as Ubuntu 21.04 is nicknamed, just went end of life today.
Ubuntu 22.04, which will revel in the cognomen of "Jammy Jellyfish", is still in testing for now, so don't try it yet - it won't even hit feature freeze until next month.
Old Ubuntu hands may remember that in the dim and distant days of the Noughties, Ubuntu's twice-a-year release cycle was originally intended to synchronise with GNOME 2 releases.
Ubuntu 22.04 should include new firmware-upgrade functionality, and the company plans to support the 2GB model of Raspberry Pi 4 using zswap - on-the-fly swap compression.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/01/20/ubuntu_2104_eol/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-11 | CVE-2022-0185 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. | 8.4 |