DiscoverUbuntu Security Podcast
Claim Ownership
Ubuntu Security Podcast
Author: Ubuntu Security Team
Subscribed: 188Played: 4,959Subscribe
Share
© Copyright 2018-2024 Canonical
Description
A weekly podcast talking about the latest developments and updates from the Ubuntu Security team, including a summary of the security vulnerabilities and fixes from the last week as well as a discussion on some of the goings on in the wider Ubuntu Security community.
227 Episodes
Reverse
This week we cover the recent reports of a new local privilege escalation
exploit against the Linux kernel, follow-up on the xz-utils backdoor from last
week and it's the beta release of Ubuntu 24.04 LTS - plus we talk security
vulnerabilities in the X Server, Django, util-linux and more.
It's been an absolutely manic week in the Linux security community as the news
and reaction to the recent announcement of a backdoor in the xz-utils project
was announced late last week, so we dive deep into this issue and discuss how it
impacts Ubuntu and give some insights for what this means for the open source
and Linux communities in the future.
This week we bring you a sneak peak of how Ubuntu 23.10 fared at Pwn2Own
Vancouver 2024, plus news of malicious themes in the KDE Store and we cover
security updates for the Linux kernel, X.Org X Server, TeX Live, Expat, Bash and
more.
We cover recent Linux malware from the Magnet Goblin threat actor, plus the news
of Ubuntu 23.10 as a target in Pwn2Own Vancouver 2024 and we detail
vulnerabilities in Puma, AccountsService, Open vSwitch, OVN, and more.
Andrei is back to discuss recent academic research into malware within the
Python/PyPI ecosystem and whether it is possible to effectively combat it with
open source tooling, plus we cover security updates for Unbound, libuv, node.js,
the Linux kernel, libgit2 and more.
The Linux kernel.org CNA has assigned their first CVEs so we revisit this topic
to assess the initial impact on Ubuntu and the CVE ecosystem, plus we cover
security updates for Roundcube Webmail, less, GNU binutils and the Linux kernel
itself.
This week the Linux kernel project announced they will be assigning their own
CVEs so we discuss the possible implications and fallout from such a shift, plus
we cover vulnerabilities in the kernel, Glance_store, WebKitGTK, Bind and more.
AppArmor unprivileged user namespace restrictions are back on the agenda this
week as we survey the latest improvements to this hardening feature in the
upcoming Ubuntu 24.04 LTS, plus we discuss SMTP smuggling in Postfix, runC
container escapes and Qualys' recent disclosure of a privilege escalation
exploit for GNU libc and more.
For the first episode of 2024 we take a look at the case of a raft of bogus FOSS
CVEs reported on full-disclosure as well as AppSec tools in Ubuntu and the EOL
announcement for 23.04, plus we cover vulnerabilities in the Linux kernel, Puma,
Paramiko and more.
For the final episode of 2023 we discuss creating PoCs for vulns in tar and the
looming EOL for Ubuntu 23.04, plus we look into security updates for curl,
BlueZ, Netatalk, GNOME Settings and a heap more.
Mark Esler is our special guest on the podcast this week to discuss the
OpenSSF's Compiler Options Hardening Guide for C/C++ plus we cover
vulnerabilities and updates for GIMP, FreeRDP, GStreamer, HAProxy and more.
This week we take a deep dive into the Reptar vuln in Intel processors plus we
look into some relic vulnerabilities in Squid and OpenZFS and finally we detail
new hardening measures in tracker-miners to keep your desktop safer.
As we ease back into regular programming, we cover the various activities the
team got up to over the past few weeks whilst away in Riga for the Ubuntu Summit
and Ubuntu Engineering Sprint.
With the Ubuntu Summit just around the corner, we preview a couple talks by the
Ubuntu Security team, plus we look at security updates for OpenSSL, Sofia-SIP,
AOM, ncurses, the Linux kernel and more.
After a well-deserved break, we're back looking at the recent Ubuntu 23.10
release and the significant security technologies it introduces along with a
call for testing of unprivileged user namespace restrictions, plus the details
of security updates for curl, Samba, iperf3, CUE and more.
It's the Linux Security Summit in Bilbao this week and we bring you some
highlights from our favourite talks, plus we cover the 25 most stubborn software
weaknesses, and we look at security updates for Open VM Tools, libwebp, Django,
binutils, Indent, the Linux kernel and more.
Andrei is back this week with a deep dive into recent research around CVSS
scoring inconsistencies, plus we look at a recent Ubuntu blog post on the
internals of package updates and the repositories, and we cover security updates
in Apache Shiro, GRUB2, CUPS, RedCloth, curl and more.
This week we detail the recently announced and long-awaited feature of
TPM-backed full-disk encryption for the upcoming Ubuntu 23.10 release, plus we
cover security updates for elfutils, GitPython, atftp, BusyBox, Docker Registry
and more.
This week we cover reports of "fake" CVEs and their impact on the FOSS security
ecosystem, plus we look at security updates for PHP, Fast DDS, JOSE for C/C++,
the Linux kernel, AMD Microcode and more.
This week we talk about HTTP Content-Length handling, intricacies of group
management in container environments and making sure you check your return codes
while covering vulns in HAProxy, Podman, Inetutils and more, plus we put a call
out for input on using open source tools to secure your SDLC.