linux-libc-dev package has vulnerabilities
Bug #2083312 reported by
Varun Agarwal
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Hello Team,
We are using the latest AWS Cloud images from us-west-2 region. We have observed many vulnerabilities impacting the package linux-libc-dev across all ubuntu(focal/jammy and noble).
Please find the vulnerability scan results for all there release.
CVE References
information type: | Private Security → Public Security |
To post a comment you must log in.
Since February 2024, Linux Kernel CVEs have been assigned and published by people at kernel.org.
Their understanding of a CVE sadly differs from the commonly accepted CVE standards, especially regarding selection criteria, vulnerability descriptions, and severity evaluation.
Due to this policy and methodology change, the Linux Kernel world receives approximately 120 CVEs monthly. This used to be around 15 until January 2024.
We, the Kernel Security Squad here at Canonical, are always working hard to fix any significantly important CVE within an acceptable timeframe, however, due to the sheer number of incoming CVEs, we have to postpone some and prioritize others, even though they seem to have equal CVSS. (Two Mediums can differ greatly from each other due to configuration changes in Ubuntu).
I assure you that we will carefully evaluate the list of CVEs you shared and act accordingly, however, it would be impossible for me to propose an ETA right now.
Thank you for your understanding.