linux-libc-dev package has vulnerabilities

Bug #2083312 reported by Varun Agarwal
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
New
Undecided
Unassigned

Bug Description

Hello Team,

We are using the latest AWS Cloud images from us-west-2 region. We have observed many vulnerabilities impacting the package linux-libc-dev across all ubuntu(focal/jammy and noble).

Please find the vulnerability scan results for all there release.

CVE References

Revision history for this message
Varun Agarwal (agarwav7) wrote :
Varun Agarwal (agarwav7)
information type: Private Security → Public Security
Revision history for this message
Cengiz Can (cengizcan) wrote :

Since February 2024, Linux Kernel CVEs have been assigned and published by people at kernel.org.

Their understanding of a CVE sadly differs from the commonly accepted CVE standards, especially regarding selection criteria, vulnerability descriptions, and severity evaluation.

Due to this policy and methodology change, the Linux Kernel world receives approximately 120 CVEs monthly. This used to be around 15 until January 2024.

We, the Kernel Security Squad here at Canonical, are always working hard to fix any significantly important CVE within an acceptable timeframe, however, due to the sheer number of incoming CVEs, we have to postpone some and prioritize others, even though they seem to have equal CVSS. (Two Mediums can differ greatly from each other due to configuration changes in Ubuntu).

I assure you that we will carefully evaluate the list of CVEs you shared and act accordingly, however, it would be impossible for me to propose an ETA right now.

Thank you for your understanding.

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.