Bra podcast
Sveriges mest populära poddar
Overview
This week we welcome back Vineetha Kamath, Ubuntu Security Certifications Manager, to discuss the recent release of FIPS modules for Ubuntu 18.04 LTS and we look at security updates for Bind, ClamAV, QEMU, the Linux kernel and more.
This week in Ubuntu Security Updates
24 unique CVEs addressed
[USN-4365-2] Bind vulnerabilities [00:37]
- 2 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM)
- Episode 75 - https://nxnsattack.com
[USN-4369-1] Linux kernel vulnerabilities [01:11]
- 8 CVEs addressed in Bionic (18.04 LTS), Eoan (19.10)
- 5.3 (19.10, 18.04 LTS HWE)
- Episode 75 for details
[USN-4370-1, USN-4370-2] ClamAV vulnerabilities [01:35]
- 2 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- Stack and heap buffer over-reads in the PDF and ARJ (Archived by Rober Jung) file parsers -> crash -> DoS
[USN-4371-1] libvirt vulnerabilities [02:36]
- 2 CVEs addressed in Bionic (18.04 LTS), Eoan (19.10)
- Memory leak able to be triggered by local users with read-only qemu access when retrieving domain stats -> DoS
[USN-4372-1] QEMU vulnerabilities [03:08]
- 5 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- UAF in libslirp
- Integer overflow in handling of ATI VGA emulation -> guest to host crash
[USN-4373-1] Thunderbird vulnerabilities [03:44]
- 5 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- 68.8.0
Goings on in Ubuntu Security Community
Joe McManus and Vineetha Kamath discuss FIPS certification for Ubuntu 18.04 LTS [04:10]
Get in contact
00:00
-00:00