Skip links

‘Now’ would be the right time to patch Ubuntu container hosts and ditch 21.04 thanks to heap buffer overflow bug

The CVE-2022-0185 vulnerability in Ubuntu is severe enough that Red Hat is also advising immediate patching.

The flaw allows a process inside a Linux user namespace to escape, which means it potentially affects any machine running containers.

If you’re not running any containers, you can just disable the user-namespace functionality – both companies’ vulnerability descriptions describe how to do that on their respective distros. It affects RHEL (and derivatives) as well as Ubuntu 20.04, 21.04 and 21.10 – and presumably other distros, too.

So it’s possibly a good thing that “Hirsute Hippo”, as Ubuntu 21.04 is nicknamed, just went end of life today (20 January 2022). If you have any 21.04 machines, it’s time to upgrade them now. That means 21.10 “Impish Indri” for the moment, until the next LTS release appears in April.

Ubuntu 22.04, which will revel in the cognomen of “Jammy Jellyfish”, is still in testing for now, so don’t try it yet – it won’t even hit feature freeze until next month. It should be out 21 April, and is likely to include GNOME 42 and some, but not all, of the accompanying GTK 4 applications.

Old Ubuntu hands may remember that in the dim and distant days of the Noughties, Ubuntu’s twice-a-year release cycle was originally intended to synchronise with GNOME 2 releases. When founder Mark Shuttleworth suggested broadening that so that other FOSS projects synched up their releases too, it didn’t go down well. Then again, those who have a preferred brand for their daily ibuprofen may recall that Microsoft originally promised that service packs for Windows NT would be quarterly.

Ubuntu 22.04 should include new firmware-upgrade functionality (so long as your machine uses UEFI), and the company plans to support the 2GB model of Raspberry Pi 4 using zswap – on-the-fly swap compression. This might be aimed at making it viable to run Ubuntu on elderly Chromebooks with only 2GB of RAM once they go past their Auto Update policy date. ®