Here are some examples of what I am talking about;
Code:
amd64-microcode (3.20191021.1+really3.20181128.1~ubuntu0.18.04.1) bionic-security; urgency=medium
* Revert to 3.20181128.1 version of microcode because of regressions on
certain hardware. (LP: #1853614)
-- Marc Deslauriers <[email protected]> Mon, 25 Nov 2019 14:52:06 -0500
I don't have any AMD64 on this machine. It is an Intel Core i5 with Intel HD Graphics. Are they using "amd64" as a generic descriptor for ALL 64 bit processors? Why install microcode which does not even apply to my machine? Even if it did - everything is working fine - I am not having any "regressions on certain hardware".
Code:
chromium-browser (79.0.3945.79-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 79.0.3945.79
- CVE-2019-13725: Use after free in Bluetooth.
- CVE-2019-13726: Heap buffer overflow in password manager.
- CVE-2019-13727: Insufficient policy enforcement in WebSockets.
- CVE-2019-13728: Out of bounds write in V8.
- CVE-2019-13729: Use after free in WebSockets.
- CVE-2019-13730: Type Confusion in V8.
- CVE-2019-13732: Use after free in WebAudio.
- CVE-2019-13734: Out of bounds write in SQLite.
- CVE-2019-13735: Out of bounds write in V8.
- CVE-2019-13764: Type Confusion in V8.
- CVE-2019-13736: Integer overflow in PDFium.
- CVE-2019-13737: Insufficient policy enforcement in autocomplete.
- CVE-2019-13738: Insufficient policy enforcement in navigation.
- CVE-2019-13739: Incorrect security UI in Omnibox.
- CVE-2019-13740: Incorrect security UI in sharing.
- CVE-2019-13741: Insufficient validation of untrusted input in Blink.
- CVE-2019-13742: Incorrect security UI in Omnibox.
- CVE-2019-13743: Incorrect security UI in external protocol handling.
- CVE-2019-13744: Insufficient policy enforcement in cookies.
- CVE-2019-13745: Insufficient policy enforcement in audio.
- CVE-2019-13746: Insufficient policy enforcement in Omnibox.
- CVE-2019-13747: Uninitialized Use in rendering.
- CVE-2019-13748: Insufficient policy enforcement in developer tools.
- CVE-2019-13749: Incorrect security UI in Omnibox.
- CVE-2019-13750: Insufficient data validation in SQLite.
- CVE-2019-13751: Uninitialized Use in SQLite.
- CVE-2019-13752: Out of bounds read in SQLite.
- CVE-2019-13753: Out of bounds read in SQLite.
- CVE-2019-13754: Insufficient policy enforcement in extensions.
- CVE-2019-13755: Insufficient policy enforcement in extensions.
- CVE-2019-13756: Incorrect security UI in printing.
- CVE-2019-13757: Incorrect security UI in Omnibox.
- CVE-2019-13758: Insufficient policy enforcement in navigation.
- CVE-2019-13759: Incorrect security UI in interstitials.
- CVE-2019-13761: Incorrect security UI in Omnibox.
- CVE-2019-13762: Insufficient policy enforcement in downloads.
- CVE-2019-13763: Insufficient policy enforcement in payments.
* debian/patches/chromium_useragent.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/default-allocator: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/touch-v35: refreshed
* debian/patches/widevine-enable-version-string.patch: updated
* debian/patches/widevine-other-locations: updated
-- Olivier Tilloy <[email protected]> Wed, 11 Dec 2019 10:17:07 +0100
I have NO chromium browser on my machine. I've looked. Perhaps there is a program Linux Mint is using, such as a media player or some such, which uses chromium for the 'back-end'. I don't know. But if I don't have any chromium browser - why install updates for it?
Code:
intel-microcode (3.20191115.1ubuntu0.18.04.2) bionic-security; urgency=medium
* REGRESSION UPDATE: warm reboots cause hangs on certain Skylake
processors (LP: 1854764)
+ Reverted microcode (from revision 0x2000065):
sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792
-- Steve Beattie <[email protected]> Mon, 02 Dec 2019 09:23:20 -0800
This one may apply. But if I am not having any "hangs" why mess with it? I'm not even sure if I have "certain Skylake" processors.
Notice the "REGRESSION UPDATE" and "Reverted microcode" - this indicates to me that a previous microcode update introduced a problem (regression) and now we have to 'patch the patch'. If it is working fine I think I will leave it alone unless it is an urgent SECURITY patch. If it ain't broke.....
Code:
Linux kernel 4.15.0-72.81
Old Version 4.15.0-66.75 New Version 4.15.0-72.81
No changelog available
Sigh... Sure would be nice if Mint Update would give us SOME indication of what and why. This has been the case for numerous kernel updates. I guess it is up to the user to look up the changes for themselves. I suppose I could head on over to
https://www.kernel.org/ and nose around.
But wait - there seems to be a conspicuous lack of kernel 4.15.0-72.81 listed!
Sorry, I'll turn my sarcasm filter back on :/ But you get my point. I'm sure I can find the changelog with a little searching but it sure would be nice if it was right there in Mint Update along with all the other changelogs.
Code:
grub2 (2.02-2ubuntu8.14) bionic; urgency=medium
* Fix kexec on ACPI/UEFI ARM systems w/ crashkernel reserved memory
beyond the 4GiB boundary. (LP: #1851190)
* Apply patch from Peter Jones to forbid the "devicetree" command when
Secure Boot is enabled. (LP: #1851897)
-- dann frazier <[email protected]> Sun, 10 Nov 2019 22:52:35 -0700
"ARM" systems - this machine is not one of. Secure Boot is not enabled. I see no reason to install this update.
Remember the UNIX principle - 'keep it simple' - why keep adding more lines of code to my system, potentially introducing new problems and/or regressions, adding complexity, for something which does not apply or I am not using?
Code:
linux-firmware (1.173.14) bionic; urgency=medium
* Fix latency issue on Realtek Bluetooth (LP: #1856077)
- rtl_bt: Update RTL8723D BT FW to 0x828A_96F1
* Intel Wireless-AC 9560 Bluetooth, whenever connected to BLE devices,
causes UI freeze when re-logging in after resumed from suspend
(LP: #1855235)
- linux-firmware: Update firmware file for Intel Bluetooth AX201
-- Seth Forshee <[email protected]> Thu, 12 Dec 2019 07:48:58 -0600
This one could possibly apply to my machine. But my Bluetooth and Wi-Fi are working fine. Why mess with it?
Code:
network-manager-applet Old Version New Version
1.8.10-2ubuntu2 1.8.10-2ubuntu3mint1
[ Clement Lefebvre ]
* Use symbolic icons in systray
[ Michael Webster ]
* Revert a broken quilt patch
Here again - working fine. This does not appear to be a "security" patch - everything is working as it should - I see no reason to apply this update just because it is offered.
Code:
mintreport
Troubleshooting tool for Linux Mint Old Version New Version
1.0.9 1.1.4
* Remove root password check
Ugh! I made the mistake of installing this one on my desktop machine and the it would not stop bugging me! No thanks - I'll pass on this one!
And this all brings me around to the issue of 'telemetry'. I think
@wizardfromoz posted something the other day about Zorin collecting some sort of telemetry. Ubuntu tried years ago to collect telemetry - perhaps they still do. But many, many Linux users get upset over the idea of their operating system calling home to the mothership.
This is one instance where I would not mind sharing some information about my hardware specs and software installed if it meant I would only be offered updates which were applicable to my unique machine.
Now you. Any thoughts? ¯\_(ツ)_/¯