Ubuntu Security Podcast
285 FOLLOWERS
A weekly podcast talking about the latest developments and updates from the Ubuntu Security team, including a summary of the security vulnerabilities and fixes from the last week as well as a discussion on some of the goings on in the wider Ubuntu Security community.
Ubuntu Security Podcast
6d ago
Overview
John and Georgia are at the Linux Security Summit presenting on some long awaited developments in AppArmor and we give you all the details in a sneak peek preview as well as some of the other talks to look out for, plus we cover security updates for NSS, Squid, Apache, libvirt and more and we put out a call for testing of a pending AppArmor security fix too.
This week in Ubuntu Security Updates
86 unique CVEs addressed
[USN-6727-1, USN-6727-2] NSS vulnerabilities + regression (01:02)
3 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10)
CVE-2023-6135
CVE-2023-5388 ..read more
Ubuntu Security Podcast
1w ago
Overview
This week we cover the recent reports of a new local privilege escalation exploit against the Linux kernel, follow-up on the xz-utils backdoor from last week and it’s the beta release of Ubuntu 24.04 LTS - plus we talk security vulnerabilities in the X Server, Django, util-linux and more.
This week in Ubuntu Security Updates
76 unique CVEs addressed
[LSN-0102-1] Linux kernel vulnerability (00:53)
6 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS)
CVE-2024-1086
CVE-2024-0646
CVE-2023-51781
CVE-2023-6176
CVE ..read more
Ubuntu Security Podcast
2w ago
Overview
It’s been an absolutely manic week in the Linux security community as the news and reaction to the recent announcement of a backdoor in the xz-utils project was announced late last week, so we dive deep into this issue and discuss how it impacts Ubuntu and give some insights for what this means for the open source and Linux communities in the future.
This week in Ubuntu Security Updates
20 unique CVEs addressed
[USN-6718-2] curl vulnerability
1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM)
CVE-2024-2398
[USN-6719-1] util-linux vulnerability
1 CVEs addressed in ..read more
Ubuntu Security Podcast
1M ago
Overview
We cover recent Linux malware from the Magnet Goblin threat actor, plus the news of Ubuntu 23.10 as a target in Pwn2Own Vancouver 2024 and we detail vulnerabilities in Puma, AccountsService, Open vSwitch, OVN, and more.
This week in Ubuntu Security Updates
102 unique CVEs addressed
[USN-6679-1] FRR vulnerability (01:11)
1 CVEs addressed in Jammy (22.04 LTS), Mantic (23.10)
CVE-2024-27913
OOB read when parsing a malformed OSPF LSA packet - would try and access attributes fields even if none where present
[LSN-0101-1] Linux kernel vulnerability (01:50)
5 CVEs addressed in Trusty E ..read more
Ubuntu Security Podcast
1M ago
Overview
Andrei is back to discuss recent academic research into malware within the Python/PyPI ecosystem and whether it is possible to effectively combat it with open source tooling, plus we cover security updates for Unbound, libuv, node.js, the Linux kernel, libgit2 and more.
This week in Ubuntu Security Updates
56 unique CVEs addressed
[USN-6665-1] Unbound vulnerabilities (00:50)
2 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10)
CVE-2023-50868
CVE-2023-50387
Another update for recent vulns discovered in DNSSEC standard - [USN-6633-1] Bind vulnerabilities from Epi ..read more
Ubuntu Security Podcast
1M ago
Overview
The Linux kernel.org CNA has assigned their first CVEs so we revisit this topic to assess the initial impact on Ubuntu and the CVE ecosystem, plus we cover security updates for Roundcube Webmail, less, GNU binutils and the Linux kernel itself.
This week in Ubuntu Security Updates
64 unique CVEs addressed
[USN-6647-1] Linux kernel vulnerabilities (01:14)
3 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM)
CVE-2023-7192
CVE-2023-51782
CVE-2023-51780
4.15 - AWS/Azure/GCP/HWE/KVM/Oracle
Memory leak in netfilter able to be abused via an unprivileged user namespace - DoS ..read more
Ubuntu Security Podcast
2M ago
Overview
This week the Linux kernel project announced they will be assigning their own CVEs so we discuss the possible implications and fallout from such a shift, plus we cover vulnerabilities in the kernel, Glance_store, WebKitGTK, Bind and more.
This week in Ubuntu Security Updates
64 unique CVEs addressed
[LSN-0100-1] Linux kernel vulnerability (00:56)
5 CVEs addressed in Jammy (22.04 LTS), Focal (20.04 LTS), Bionic ESM (18.04 ESM), Xenial ESM (16.04 ESM), Trusty ESM (14.04 ESM)
CVE-2023-6932
CVE-2023-6817
CVE-2023-6176
CVE-2023-6040
CVE-2023-5345
UAF in IGMP protocol ([USN-6601-1] Linu ..read more
Ubuntu Security Podcast
2M ago
Overview
AppArmor unprivileged user namespace restrictions are back on the agenda this week as we survey the latest improvements to this hardening feature in the upcoming Ubuntu 24.04 LTS, plus we discuss SMTP smuggling in Postfix, runC container escapes and Qualys’ recent disclosure of a privilege escalation exploit for GNU libc and more.
This week in Ubuntu Security Updates
39 unique CVEs addressed
[USN-6591-2] Postfix update (00:48)
1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10)
CVE-2023-5176 ..read more
Ubuntu Security Podcast
2M ago
Overview
For the first episode of 2024 we take a look at the case of a raft of bogus FOSS CVEs reported on full-disclosure as well as AppSec tools in Ubuntu and the EOL announcement for 23.04, plus we cover vulnerabilities in the Linux kernel, Puma, Paramiko and more.
This week in Ubuntu Security Updates
81 unique CVEs addressed
[USN-6601-1] Linux kernel vulnerability (01:16)
1 CVEs addressed in Trusty ESM (14.04 ESM)
CVE-2023-6932
UAF in IGMP protocol (allows multiple devices to share the same IPv4 address and hence all receive the same data via multicasting - often used for things like v ..read more
Ubuntu Security Podcast
4M ago
Overview
For the final episode of 2023 we discuss creating PoCs for vulns in tar and the looming EOL for Ubuntu 23.04, plus we look into security updates for curl, BlueZ, Netatalk, GNOME Settings and a heap more.
This week in Ubuntu Security Updates
57 unique CVEs addressed
[USN-6535-1] curl vulnerabilities (00:54)
2 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Lunar (23.04), Mantic (23.10)
CVE-2023-46219
CVE-2023-46218
Mishandled cookies from domains with mixed case - allowing an attacker to create so called “super cookies” that would then get passed back to more domains that w ..read more