Overview This week we look at some recent security developments from PyPI, the Linux Security Summit North America and the pending transition of Ubuntu 18.04 to ESM, plus we cover security updates for cups-filter, the Linux kernel, Git, runC, ncurses, cloud-init and more. This week in Ubuntu Security Updates 83 unique CVEs addressed [USN-6083-1] cups-filters vulnerability (01:03) 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04) CVE-2023-24805 Legacy BEH (Backend Error Handler) allows to create a network accessible printer - allowe ..read more

Overview Alex and Camila discuss security update management strategies after a recent outage at Datadog was attributed to a security update for systemd on Ubuntu, plus we look at security vulnerabilities in the Linux kernel, OpenStack, Synapse, OpenJDK and more. This week in Ubuntu Security Updates 66 unique CVEs addressed [USN-6069-1] Linux kernel (Raspberry Pi) vulnerability (01:01) 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS) CVE-2023-1829 5.4 raspi in 20.04 / 18.04 HWE [USN-6058-1] Linux kernel vulnerability from Episode 194 UAF in Traffic-Control Index (TCINDEX) filter fr ..read more

Overview The team are back from Prague and bring with them a new segment, drilling into recent academic research in the cybersecurity space - for this inaugural segment new team member Andrei looks at modelling of attacks against network intrusion detections systems, plus we cover the week in security updates looking at vulnerabilities in Django, Ruby, Linux kernel, Erlang, OpenStack and more. This week in Ubuntu Security Updates 57 unique CVEs addressed [USN-6054-1] Django vulnerability (00:55) 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lun ..read more

Overview The release of Ubuntu 23.04 Lunar Lobster is nigh so we take a look at some of the things the security team has been doing along the way, plus it’s our 6000th USN so we look back at the last 19 years of USNs whilst covering security updates for the Linux kernel, Emacs, Irssi, Sudo, Firefox and more. This week in Ubuntu Security Updates 109 unique CVEs addressed [USN-5998-1] Apache Log4j vulnerabilities (01:00) 4 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS) CVE-2022-23307 CVE-2022-23305 CVE-2022-23302 CVE-2019-17571 A bunch of older vulnerabilitie ..read more

Overview This week saw the unexpected release of Ubuntu 20.04.6 so we go into the detail behind that, plus we talk Everything Open and we cover security updates including Emacs, LibreCAD, Python, vim and more. This week in Ubuntu Security Updates 82 unique CVEs addressed [USN-5955-1] Emacs vulnerability [00:50] 1 CVEs addressed in Xenial ESM (16.04 ESM) CVE-2022-48339 htmlfontify package would try and validate whether a given file is text by calling file on it - but would fail to escape the filename - so if a user could be tricked into running htmlfontify-copy-and-link-dir on a crafted dir ..read more

Overview The Ubuntu Security Podcast is on a two week break to focus on Everything Open 2023 in Melbourne next week - come hear Alex talk about Securing a distribution and securing your own open source project in person if you can. Get in contact security@ubuntu.com #ubuntu-security on the Libera.Chat IRC network ubuntu-hardened mailing list Security section on discourse.ubuntu.com @ubuntusecurity@fosstodon.org, @ubuntu_sec on twitter ..read more

Overview This week we dive into the BlackLotus UEFI bootkit teardown and find out how this malware has some roots in the FOSS ecosystem, plus we look at security updates for the Linux kernel, DCMTK, ZoneMinder, Python, tar and more. This week in Ubuntu Security Updates 111 unique CVEs addressed [USN-5739-2] MariaDB regression [00:48] Affecting Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10) Latest point release had various memory and performance regressions [USN-5883-1] Linux kernel (HWE) vulnerabilities [01:05] 19 CVEs addressed in Xenial ESM (16.04 ESM) CVE-2023-0461 CVE-2022-43750 ..read more

Overview This week the common theme is vulnerabilities in setuid-root binaries and their use of environment variables, so we take a look at a great blog post from the Trail of Bits team about one such example in the venerable chfn plus we look at some security vulnerabilities in, and updates for the Linux kernel, Go Text, the X Server and more, and finally we cover the recent announcement of Ubuntu 22.04.2 LTS. This week in Ubuntu Security Updates 75 unique CVEs addressed [USN-5872-1] NSS vulnerabilities [00:57] 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM) CVE-2022-3448 ..read more

Overview The Ubuntu Security Podcast is back for 2023! We ease into the year with coverage of the recently announced launch of Ubuntu Pro as GA, plus we look at some recent vulns in git, sudo, OpenSSL and more. This week in Ubuntu Security Updates 212 unique CVEs addressed [USN-5778-1] X.Org X Server vulnerabilities 6 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10) CVE-2022-46344 CVE-2022-46343 CVE-2022-46342 CVE-2022-46341 CVE-2022-46340 CVE-2022-4283 [USN-5779-1] Linux kernel (Azure) vulnerabilities 9 CVEs addressed in Focal (20.04 LTS), Jamm ..read more

Overview For our final episode of 2022, Camila is back with a special holiday themed discussion of the security of open source code, plus we hint at what is in store for the podcast for 2023 and we cover some recent security updates including Python, PostgreSQL, Squid and more. This week in Ubuntu Security Updates 54 unique CVEs addressed [USN-5765-1] PostgreSQL vulnerability [00:55] 1 CVEs addressed in Xenial ESM (16.04 ESM) CVE-2021-23222 [USN-5145-1] PostgreSQL vulnerabilities in Episode 138 Akin to STARTTLS vulns - could inject cleartext before a secure connection has been established ..read more