Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close
Thank you for contacting us. A member of our team will be in touch shortly. Close
Qualys discovered two vulnerabilities in various Linux distributions which allow a local attacker with permission to create user namespaces to leak core dumps for processes of suid executables. These affect both apport, the Ubuntu core dump handler (CVE-2025-5054), and systemd-coredump, the core dump handler in Red Hat Enterprise Linux, F ...
Canonical’s security team has released updates of the rsync packages for all supported Ubuntu releases. The updates remediate CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, and CVE-2024-12747. ...
Vulnerability management is the holistic process of identifying and handling security risks in an organization’s networks, systems and devices. Vulnerability management serves an overarching strategy that describes and outlines the many individual efforts and steps taken to reduce cyber incident risk to acceptable levels and improve overa ...
Qualys discovered vulnerabilities which allow a local attacker to gain root privileges in the needrestart package (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, and CVE-2024-11003) and a related issue in libmodule-scandeps-perl (CVE-2024-10224). The vulnerabilities affect Debian, Ubuntu and other Linux distributions. Canonical’s securit ...
Four CVE IDs have been assigned that together form an high-impact exploit chain surrounding CUPS: CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177. Canonical’s security team has released updates for the cups-browsed, cups-filters, libcupsfilters and libppd packages for all supported Ubuntu LTS releases. The updates remedi ...
The Known Exploited Vulnerabilities Catalog (KEV) is a database published by the US Cybersecurity and Infrastructure Security Agency (CISA) that serves as a reference to help organisations better manage vulnerabilities and keep pace with threat activity.By having a commitment to prioritise vulnerabilities contained in the KEV, Ubuntu is p ...
Cyber Essentials is an increasingly important security standard within the UK that allows organisations to demonstrate to their customers that they operate their business in a secure and trustworthy manner. Achieving the Cyber Essentials certification helps businesses win new customers and stand out amongst their peers. It is a requireme ...
On 24 July 2023, security researchers from Google’s Information Security Engineering team disclosed a hardware vulnerability affecting AMD’s Zen 2 family of microprocessors. They dubbed this vulnerability “Zenbleed” (CVE-2023-20593), evoking memories of previous vulnerabilities like HeartBleed and hinting at its possible impact. In respon ...
Last updated on 18th January 2022 to include the latest vulnerability updates. A high impact vulnerability was discovered in Apache Log4j 2, a widely deployed software component used by a lot of Java applications to facilitate logging. An attacker who can control the log messages or their parameters can cause the application to execute ar ...
Learn more about DDS, and how to stay protected while using it If you are currently running the Robot Operating System 2 (ROS 2), this piece is especially relevant to the security of your robots. A few weeks ago, a group of security researchers reported 13 security vulnerabilities affecting some of the most used implementations ...
Are you spending time on high-impact, high-value activities, or are you constantly derailed by maintenance, support, and deployment challenges? Does your organisation consume open-source software that needs security patching? Where do you get the security updates from, and how do you track what’s available? Are you responsible for vulnera ...
