Overview
This week we welcome back Vineetha Kamath, Ubuntu Security Certifications
Manager, to discuss the recent release of FIPS modules for Ubuntu 18.04 LTS
and we look at security updates for Bind, ClamAV, QEMU, the Linux kernel
and more.
This week in Ubuntu Security Updates
24 unique CVEs addressed
[USN-4365-2] Bind vulnerabilities [00:37]
[USN-4369-1] Linux kernel vulnerabilities [01:11]
- 8 CVEs addressed in Bionic (18.04 LTS), Eoan (19.10)
- 5.3 (19.10, 18.04 LTS HWE)
- Episode 75 for details
- 2 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- Stack and heap buffer over-reads in the PDF and ARJ (Archived by Rober
Jung) file parsers -> crash -> DoS
[USN-4371-1] libvirt vulnerabilities [02:36]
- 2 CVEs addressed in Bionic (18.04 LTS), Eoan (19.10)
- Memory leak able to be triggered by local users with read-only qemu
access when retrieving domain stats -> DoS
[USN-4372-1] QEMU vulnerabilities [03:08]
- 5 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- UAF in libslirp
- Integer overflow in handling of ATI VGA emulation -> guest to host crash
[USN-4373-1] Thunderbird vulnerabilities [03:44]
- 5 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- 68.8.0
Goings on in Ubuntu Security Community
Joe McManus and Vineetha Kamath discuss FIPS certification for Ubuntu 18.04 LTS [04:10]
Get in contact