Sveriges mest populära poddar

Ubuntu Security Podcast

Episode 57

19 min • 19 december 2019

Overview

In the final episode of 2019, we look at security updates for RabbitMQ, GraphicsMagick, OpenJDK and more, plus Joe and Alex discuss a typical day-in-the-life of a Ubuntu Security Team member.

This week in Ubuntu Security Updates

34 unique CVEs addressed

[USN-4217-2] Samba vulnerabilities [01:00]

[USN-4214-2] RabbitMQ vulnerability [01:23]

  • 1 CVEs addressed in Xenial, Bionic
  • AMQP implementation
  • Possible integer overflow when handling the CONNECTION_STATE_HEADER frame - rogue server could return a malicious frame header which is then processed by the client and leads to a smaller target_size value due to integer overflow - then when the frame data is copied in via memcpy() this would overwrite past the bounds of the heap allocation, and with attacker controlled data
  • Not an issue if connecting to trusted servers

[USN-4222-1] GraphicsMagick vulnerabilities [02:28]

[USN-4223-1] OpenJDK vulnerabilities [03:00]

Goings on in Ubuntu Security Community

Joe and Alex discuss a day-in-the-life of a Ubuntu Security Team member [03:50]

Get in contact

Kategorier
Förekommer på
00:00 -00:00