Sveriges mest populära poddar

Ubuntu Security Podcast

Episode 13

9 min • 26 november 2018

Overview

This week we look at some details of the 16 unique CVEs addressed across the supported Ubuntu releases and more.

This week in Ubuntu Security Updates

16 unique CVEs addressed

[USN-3816-2] systemd vulnerability

  • 3 CVEs addressed in Xenial, Bionic, Cosmic
  • Episode 12 - original fix for CVE-2018-6954 was incomplete - this includes the complete fix
  • Also includes an update to avoid a possible hang on shutdown in unattended-upgrades - LP #1803391
    • During shutdown, systemd is already in the process of shutting down
    • Then unattended-upgrades runs and it goes and tries to update systemd - which then tries to reexec it - which blocks waiting for it to finish shutting down
    • Creates a deadlock since systemd is waiting on unattended-upgrades to finish but u-u is waiting on systemd reexec
    • Fix is to not do reexec if systemd is already in the process of stopping

[USN-3825-1, USN-3825-2] mod_perl vulnerability

  • 1 CVEs addressed in Precise ESM, Trusty, Xenial, Bionic, Cosmic
  • Old CVE - reported to Debian in 2011, who assigned a CVE internally but didn’t go any further with it
  • Recently the original reporter of the vulnerability submitted a patch to Debian to fix it - so vuln was reported to Mitre
  • Now fixed in Ubuntu as well

[USN-3801-2] Firefox regressions

Goings on in Ubuntu Security Community

Linux Cryptocoin Malware

Preview of next episode

Upcoming fixes

  • qemu, webkitgtk

Get in contact

Kategorier
Förekommer på
00:00 -00:00