Weekly Changes – 14/03/2022
A fairly small release this week, a couple of bits are related to the recent release of the 4th minor update for Ubuntu Focal (20.04.4). Please note the removal of nsu from DICE SL7 desktops. Here are all the details…
nsu
The nsu utility has been removed from the standard environment for DICE SL7 desktop machines. Where necessary it can be restored by including the dice/options/nsu.h
header or by defining the DICE_OPTIONS_NSU_ENABLE
macro at the top of an LCFG profile. Currently it is still included as standard for the server environment but the intention is to remove it soon, please check that all your scripts have been updated.
To help with this transition the lcfg-nsu
package is now included in the lcfg/options/nsu.h header
, this has no affect on other sites since the package will already be included from the lcfg_el7_lcfg.rpms
package list.
Kernel
The INF_TEST
kernel for Ubuntu has been updated to 5.4.0-104.118
.
On DICE Ubuntu two kernel sysctl settings have been modified to improve our security protections against intrusion. We don’t expect either of these to have any impact on our users.
kernel.unprivileged_userns_clone
- The support for unprivileged user-namespace cloning is now disabled (set to zero). See the Ubuntu CVE-2022-0185 security notice for details.
kernel.unprivileged_bpf_disabled
- The support for unprivileged Berkeley Packet Filter (BPF) is now disabled (set to one). For details see the Ubuntu CVE-2021-33624 security notice and also the advice from Redhat.
VirtualBox
On Ubuntu the VirtualBox version has been upgraded from 6.1.26
to 6.1.32
.
PostgreSQL
PostgreSQL updates have been released for 14.2, 13.6, 12.10, 11.15, and 10.20. See the announcement for full details. Note that these versions are currently only supported in LCFG for SL7.
Ubuntu Rust packages
With the release of Ubuntu 20.04.4 the version of Rust was updated to 1.57, which changed some of the dependencies. This is handled as a postship change which was missed last week so some sites may have seen issues with running apteryx.
Recent comments