Overview
In the first episode for 2020, we look at security updates for Django and
the Linux kernel, plus Alex and Joe discuss security and privacy aspects of
smart assistant connected devices.
This week in Ubuntu Security Updates
34 unique CVEs addressed
[USN-4224-1] Django vulnerability [00:51]
- 1 CVEs addressed in Xenial, Bionic, Disco, Eoan
- Account takeover via password reset - when comparing email addresses,
would not do a proper unicode comparison - and so could specify an email
address which appears equal to an existing users email address (after
unicode case and character transmformation) and would then get sent a
token to reset their accounts password to your doppleganger email
address. Fix includes doing both a proper unicode case comparison AND
sending the password reset token to the email address to the one
registered against the user account, not the one input to the password
reset field.
[USN-4225-1] Linux kernel vulnerabilities [02:25]
- 5.3 kernel
- 18 CVEs addressed in Bionic (Azure and GCP edge), Eoan
[USN-4226-1] Linux kernel vulnerabilities [03:58]
- 5.0 kernel
- 28 CVEs addressed in Bionic (AWS & Oracle Edge, Azure, GKE), Disco
[USN-4227-1, USN-4227-2] Linux kernel vulnerabilities [05:36]
- 14 CVEs addressed in Xenial, Bionic, Trusty ESM (Azure)
[USN-4228-1, USN-4228-2] Linux kernel vulnerabilities [06:17]
- 8 CVEs addressed in Xenial, Trusty ESM (Xenial HWE)
[LSN-0061-1] Linux kernel vulnerability [06:38]
- 5 CVEs addressed in Bionic & Xenial
Goings on in Ubuntu Security Community
Alex and Joe discuss connected devices and smart assistants [07:25]
Get in contact