Sveriges mest populära poddar

Ubuntu Security Podcast

Episode 68

17 min • 26 mars 2020

Overview

This week we cover security updates for Apache, Twisted, Vim a kernel livepatch and more, plus Alex and Joe discuss OVAL data feeds and the cvescan snap for vulnerability awareness.

This week in Ubuntu Security Updates

16 unique CVEs addressed

[USN-4307-1] Apache HTTP Server update [00:24]

[LSN-0064-1] Linux kernel vulnerability [01:03]

  • 1 CVEs addressed in Xenial, Bionic
  • KVM nested virtualisation issue (L2 guest could access resources of L1 parent) - Episode 67

[USN-4308-1] Twisted vulnerabilities [02:07]

[USN-4309-1] Vim vulnerabilities [03:53]

[USN-4134-3] IBus vulnerability [04:49]

  • 1 CVEs addressed in Xenial, Bionic, Eoan
  • Episode 47 - implements it’s own private DBus server which clients connect to - original vuln allowed any user who knew address of this bus to connect to it - update fixed this by checking the connecting user was the same as the owning user - but caused a regression in Qt clients - would fail to be able to properly connect to ibus - was reverted - this has seen been fixed by fixing the GDBusServer implementation in libglib2 since it was actually incorrect - and so now we have re-fixed in ibus

Goings on in Ubuntu Security Community

Alex and Joe discuss Ubuntu Security OVAL feeds and cvescan [06:47]

Securing open source through CVE prioritisation [15:56]

Get in contact

Kategorier
Förekommer på
00:00 -00:00