Sveriges mest populära poddar

Ubuntu Security Podcast

Episode 58

20 min • 9 januari 2020

Overview

In the first episode for 2020, we look at security updates for Django and the Linux kernel, plus Alex and Joe discuss security and privacy aspects of smart assistant connected devices.

This week in Ubuntu Security Updates

34 unique CVEs addressed

[USN-4224-1] Django vulnerability [00:51]

  • 1 CVEs addressed in Xenial, Bionic, Disco, Eoan
  • Account takeover via password reset - when comparing email addresses, would not do a proper unicode comparison - and so could specify an email address which appears equal to an existing users email address (after unicode case and character transmformation) and would then get sent a token to reset their accounts password to your doppleganger email address. Fix includes doing both a proper unicode case comparison AND sending the password reset token to the email address to the one registered against the user account, not the one input to the password reset field.

[USN-4225-1] Linux kernel vulnerabilities [02:25]

[USN-4226-1] Linux kernel vulnerabilities [03:58]

[USN-4227-1, USN-4227-2] Linux kernel vulnerabilities [05:36]

[USN-4228-1, USN-4228-2] Linux kernel vulnerabilities [06:17]

[LSN-0061-1] Linux kernel vulnerability [06:38]

Goings on in Ubuntu Security Community

Alex and Joe discuss connected devices and smart assistants [07:25]

Get in contact

Kategorier
Förekommer på
00:00 -00:00