Episode 112

Episode 112

Update: 2021-04-16
Share

Description

Overview


This week we look at a reboot of the DWF project, Rust in the Linux kernel,
an Ubuntu security webinar plus some details of the 45 CVEs addressed
across the Ubuntu releases this last week and more.


This week in Ubuntu Security Updates


45 unique CVEs addressed


[LSN-0075-1] Linux kernel vulnerability [01:01 ]



[USN-4903-1] curl vulnerability [02:02 ]



[USN-4896-2] lxml vulnerability



[USN-4899-2] SpamAssassin vulnerability



[USN-4905-1] X.Org X Server vulnerability [02:26 ]



  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)


  • Local user (X client) could crash the server via Xinput extension and
    ChangeFeedbackControl request - integer underflow -> heap buffer overflow


[USN-4906-1] Nettle vulnerability [03:31 ]



  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)


  • Low level crypto library used by lots of packages - chrony, dnsmasq,
    lighttpd, qemu, squid, supertuxkart

  • Could en up calling EC multiply with out-of-range scalers - as a result
    would get incorrect results during EC signature verification and so could
    allow an attacker to trigger an assertion failure -> DoS OR force an
    invalid signature - bypass verification


[USN-4904-1] Linux kernel vulnerabilities [04:27 ]



[USN-4907-1] Linux kernel vulnerabilities



[USN-4909-1] Linux kernel vulnerabilities



[USN-4910-1] Linux kernel vulnerabilities



[USN-4911-1] Linux kernel (OEM) vulnerabilities



[USN-4912-1] Linux kernel (OEM) vulnerabilities



Goings on in Ubuntu Security Community


DWF v2 [07:25 ]



Rust support for Linux kernel [10:12 ]



Securing open source from cloud to edge webinar [12:19 ]



  • https://www.brighttalk.com/webcast/6793/440517

  • Ubuntu is built with security in mind from the ground up, and how we keep
    you protected against major vulnerabilities

  • How you can ensure performant open source in production environments

  • Specific security services that can help you achieve maximum availability
    by reducing downtime and providing access to high and critical CVE fixes

  • Ubuntu helps organisations remain compliant with government and industry
    standards and regulations, including Common Criteria EAL2 with FIPS 140-2
    Level 1 certified crypto modules


Hiring [13:13 ]


AppArmor Security Engineer



Linux Cryptography and Security Engineer



Security Engineer - Ubuntu



Get in contact


Comments 
loading
In Channel
Episode 115

Episode 115

2021-05-1412:44

Episode 114

Episode 114

2021-05-0612:44

Episode 113

Episode 113

2021-04-3016:28

Episode 112

Episode 112

2021-04-1614:37

Episode 111

Episode 111

2021-04-0812:10

Episode 110

Episode 110

2021-04-0113:57

Episode 109

Episode 109

2021-03-2608:16

Episode 108

Episode 108

2021-03-1911:48

Episode 107

Episode 107

2021-03-1212:04

Episode 106

Episode 106

2021-03-0414:00

Episode 105

Episode 105

2021-02-2517:03

Episode 104

Episode 104

2021-02-1914:18

Episode 103

Episode 103

2021-02-1213:14

Episode 102

Episode 102

2021-02-0512:26

Episode 101

Episode 101

2021-01-2827:25

Episode 100

Episode 100

2020-12-1117:46

Episode 99

Episode 99

2020-12-0418:35

Episode 98

Episode 98

2020-11-2713:54

Episode 97

Episode 97

2020-11-2115:11

Episode 96

Episode 96

2020-11-1307:41

loading
Download from Google Play
Download from App Store
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Episode 112

Episode 112

Ubuntu Security Team