Sveriges mest populära poddar

Ubuntu Security Podcast

Episode 67

24 min • 19 mars 2020

Overview

A big week in security updates, including the Linux kernel, Ceph, ICU, Firefox, Dino and more, plus Joe and Alex discuss tips for securely working from home in light of Coronavirus.

This week in Ubuntu Security Updates

38 unique CVEs addressed

[USN-4299-1] Firefox vulnerabilities [00:41]

[USN-4300-1] Linux kernel vulnerabilities [02:02]

[USN-4301-1] Linux kernel vulnerabilities [03:53]

[USN-4302-1] Linux kernel vulnerabilities [04:31]

[USN-4303-1, USN-4303-2] Linux kernel vulnerability [05:26]

  • 1 CVEs addressed in Xenial and Trusty ESM (HWE)
  • Nested KVM virt issue

[USN-4304-1] Ceph vulnerability [05:48]

  • 1 CVEs addressed in Bionic, Eoan
  • DoS able to be triggered by an authenticated user causing an unexpected disconnect to radosgw - sockets pile up and eventually exhaust resources -> DoS

[USN-4305-1] ICU vulnerability [06:26]

  • 1 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Eoan
  • C/C++ library for unicode handling - integer overflow -> heap buffer overflow - DoS/RCE?

[USN-4306-1] Dino vulnerabilities [07:05]

  • 3 CVEs addressed in Bionic
  • Thanks to Julian Andres Klode from Foundations
  • Fixes for multiple failures to validate inputs - remote attacker could use to obtain, inject or remove info
  • Also includes a change to accept IV of 12 bytes as well as 16 bytes since this is what a lo t of other OMEMO clients are using
    • OMEMO (OMEMO Multi-End Message and Object Encryption) - XMPP extension for multiclient E2E - so allows messages to be synchronised across multiple clients, even if some are offline

[USN-4171-5] Apport regression [08:14]

Goings on in Ubuntu Security Community

Joe and Alex discuss securely working from home whilst avoiding Coronavirus [09:21]

Get in contact

Kategorier
Förekommer på
00:00 -00:00