This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
コンテンツは Alex Murray and Ubuntu Security Team によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Alex Murray and Ubuntu Security Team またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作権で保護された作品をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal。
Ubuntu Security Podcastに似ているもの
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Player FM -ポッドキャストアプリ
Player FMアプリでオフラインにしPlayer FMう!
Player FMアプリでオフラインにしPlayer FMう!
))
Episode 112
Manage episode 290119972 series 2423058
コンテンツは Alex Murray and Ubuntu Security Team によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Alex Murray and Ubuntu Security Team またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作権で保護された作品をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal。
Overview
This week we look at a reboot of the DWF project, Rust in the Linux kernel, an Ubuntu security webinar plus some details of the 45 CVEs addressed across the Ubuntu releases this last week and more.
This week in Ubuntu Security Updates
45 unique CVEs addressed
[LSN-0075-1] Linux kernel vulnerability [01:01]
- 8 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- madvise issue reported by Jann Horn -
- BPF spectre mitigations fixes (Episode 109)
[USN-4903-1] curl vulnerability [02:02]
- 1 CVEs addressed in Trusty ESM (14.04 ESM)
- Episode 110 - leaking credentials via HTTP Referer header
[USN-4896-2] lxml vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM)
- Episode 110
[USN-4899-2] SpamAssassin vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM)
- Episode 110
[USN-4905-1] X.Org X Server vulnerability [02:26]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Local user (X client) could crash the server via Xinput extension and ChangeFeedbackControl request - integer underflow -> heap buffer overflow
[USN-4906-1] Nettle vulnerability [03:31]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Low level crypto library used by lots of packages - chrony, dnsmasq, lighttpd, qemu, squid, supertuxkart
- Could en up calling EC multiply with out-of-range scalers - as a result would get incorrect results during EC signature verification and so could allow an attacker to trigger an assertion failure -> DoS OR force an invalid signature - bypass verification
[USN-4904-1] Linux kernel vulnerabilities [04:27]
- 11 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS)
[USN-4907-1] Linux kernel vulnerabilities
- 3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS)
[USN-4909-1] Linux kernel vulnerabilities
- 4 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-4910-1] Linux kernel vulnerabilities
- 5 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)
[USN-4911-1] Linux kernel (OEM) vulnerabilities
- 4 CVEs addressed in Focal (20.04 LTS)
[USN-4912-1] Linux kernel (OEM) vulnerabilities
- 14 CVEs addressed in Focal (20.04 LTS)
- Piotr Krysiuk - BPF JIT - invalid branch displacement - could allow OOB memory read/write -> code exec or at least crash - unpriv in Ubuntu so could then allow an unprivileged user to get kernel code exec
- Thanks to kernel team for handling these issues - lots of kernel security issues at the moment so thanks for their hard work
Goings on in Ubuntu Security Community
DWF v2 [07:25]
- https://lwn.net/Articles/851849/
- https://iwantacve.org/
- https://twitter.com/CVEannounce/status/1368992488464203777
Rust support for Linux kernel [10:12]
- https://lore.kernel.org/lkml/20210414184604.23473-1-ojeda@kernel.org/
- https://security.googleblog.com/2021/04/rust-in-linux-kernel.html
Securing open source from cloud to edge webinar [12:19]
- https://www.brighttalk.com/webcast/6793/440517
- Ubuntu is built with security in mind from the ground up, and how we keep you protected against major vulnerabilities
- How you can ensure performant open source in production environments
- Specific security services that can help you achieve maximum availability by reducing downtime and providing access to high and critical CVE fixes
- Ubuntu helps organisations remain compliant with government and industry standards and regulations, including Common Criteria EAL2 with FIPS 140-2 Level 1 certified crypto modules
Hiring [13:13]
AppArmor Security Engineer
Linux Cryptography and Security Engineer
Security Engineer - Ubuntu
Get in contact
230 つのエピソード
シェア
Manage episode 290119972 series 2423058
コンテンツは Alex Murray and Ubuntu Security Team によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Alex Murray and Ubuntu Security Team またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作権で保護された作品をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal。
Overview
This week we look at a reboot of the DWF project, Rust in the Linux kernel, an Ubuntu security webinar plus some details of the 45 CVEs addressed across the Ubuntu releases this last week and more.
This week in Ubuntu Security Updates
45 unique CVEs addressed
[LSN-0075-1] Linux kernel vulnerability [01:01]
- 8 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- madvise issue reported by Jann Horn -
- BPF spectre mitigations fixes (Episode 109)
[USN-4903-1] curl vulnerability [02:02]
- 1 CVEs addressed in Trusty ESM (14.04 ESM)
- Episode 110 - leaking credentials via HTTP Referer header
[USN-4896-2] lxml vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM)
- Episode 110
[USN-4899-2] SpamAssassin vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM)
- Episode 110
[USN-4905-1] X.Org X Server vulnerability [02:26]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Local user (X client) could crash the server via Xinput extension and ChangeFeedbackControl request - integer underflow -> heap buffer overflow
[USN-4906-1] Nettle vulnerability [03:31]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Low level crypto library used by lots of packages - chrony, dnsmasq, lighttpd, qemu, squid, supertuxkart
- Could en up calling EC multiply with out-of-range scalers - as a result would get incorrect results during EC signature verification and so could allow an attacker to trigger an assertion failure -> DoS OR force an invalid signature - bypass verification
[USN-4904-1] Linux kernel vulnerabilities [04:27]
- 11 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS)
[USN-4907-1] Linux kernel vulnerabilities
- 3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS)
[USN-4909-1] Linux kernel vulnerabilities
- 4 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-4910-1] Linux kernel vulnerabilities
- 5 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)
[USN-4911-1] Linux kernel (OEM) vulnerabilities
- 4 CVEs addressed in Focal (20.04 LTS)
[USN-4912-1] Linux kernel (OEM) vulnerabilities
- 14 CVEs addressed in Focal (20.04 LTS)
- Piotr Krysiuk - BPF JIT - invalid branch displacement - could allow OOB memory read/write -> code exec or at least crash - unpriv in Ubuntu so could then allow an unprivileged user to get kernel code exec
- Thanks to kernel team for handling these issues - lots of kernel security issues at the moment so thanks for their hard work
Goings on in Ubuntu Security Community
DWF v2 [07:25]
- https://lwn.net/Articles/851849/
- https://iwantacve.org/
- https://twitter.com/CVEannounce/status/1368992488464203777
Rust support for Linux kernel [10:12]
- https://lore.kernel.org/lkml/20210414184604.23473-1-ojeda@kernel.org/
- https://security.googleblog.com/2021/04/rust-in-linux-kernel.html
Securing open source from cloud to edge webinar [12:19]
- https://www.brighttalk.com/webcast/6793/440517
- Ubuntu is built with security in mind from the ground up, and how we keep you protected against major vulnerabilities
- How you can ensure performant open source in production environments
- Specific security services that can help you achieve maximum availability by reducing downtime and providing access to high and critical CVE fixes
- Ubuntu helps organisations remain compliant with government and industry standards and regulations, including Common Criteria EAL2 with FIPS 140-2 Level 1 certified crypto modules
Hiring [13:13]
AppArmor Security Engineer
Linux Cryptography and Security Engineer
Security Engineer - Ubuntu
Get in contact
230 つのエピソード
すべてのエピソード
×
プレーヤーFMへようこそ!
Player FMは今からすぐに楽しめるために高品質のポッドキャストをウェブでスキャンしています。 これは最高のポッドキャストアプリで、Android、iPhone、そしてWebで動作します。 全ての端末で購読を同期するためにサインアップしてください。
Ubuntu Security Podcastに似ているもの
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Player FM -ポッドキャストアプリ
Player FMアプリでオフラインにしPlayer FMう!
Player FMアプリでオフラインにしPlayer FMう!
