Episode 112

14:37
 
シェア
 

Manage episode 290119972 series 2423058
著作 Alex Murray and Ubuntu Security Team の情報はPlayer FM及びコミュニティによって発見されました。著作権は出版社によって所持されます。そして、番組のオーディオは、その出版社のサーバから直接にストリーミングされます。Player FMで購読ボタンをタップし、更新できて、または他のポッドキャストアプリにフィードのURLを貼り付けます。

Overview

This week we look at a reboot of the DWF project, Rust in the Linux kernel, an Ubuntu security webinar plus some details of the 45 CVEs addressed across the Ubuntu releases this last week and more.

This week in Ubuntu Security Updates

45 unique CVEs addressed

[LSN-0075-1] Linux kernel vulnerability [01:01]

[USN-4903-1] curl vulnerability [02:02]

[USN-4896-2] lxml vulnerability

[USN-4899-2] SpamAssassin vulnerability

[USN-4905-1] X.Org X Server vulnerability [02:26]

  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • Local user (X client) could crash the server via Xinput extension and ChangeFeedbackControl request - integer underflow -> heap buffer overflow

[USN-4906-1] Nettle vulnerability [03:31]

  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • Low level crypto library used by lots of packages - chrony, dnsmasq, lighttpd, qemu, squid, supertuxkart
  • Could en up calling EC multiply with out-of-range scalers - as a result would get incorrect results during EC signature verification and so could allow an attacker to trigger an assertion failure -> DoS OR force an invalid signature - bypass verification

[USN-4904-1] Linux kernel vulnerabilities [04:27]

[USN-4907-1] Linux kernel vulnerabilities

[USN-4909-1] Linux kernel vulnerabilities

[USN-4910-1] Linux kernel vulnerabilities

[USN-4911-1] Linux kernel (OEM) vulnerabilities

[USN-4912-1] Linux kernel (OEM) vulnerabilities

Goings on in Ubuntu Security Community

DWF v2 [07:25]

Rust support for Linux kernel [10:12]

Securing open source from cloud to edge webinar [12:19]

  • https://www.brighttalk.com/webcast/6793/440517
  • Ubuntu is built with security in mind from the ground up, and how we keep you protected against major vulnerabilities
  • How you can ensure performant open source in production environments
  • Specific security services that can help you achieve maximum availability by reducing downtime and providing access to high and critical CVE fixes
  • Ubuntu helps organisations remain compliant with government and industry standards and regulations, including Common Criteria EAL2 with FIPS 140-2 Level 1 certified crypto modules

Hiring [13:13]

AppArmor Security Engineer

Linux Cryptography and Security Engineer

Security Engineer - Ubuntu

Get in contact

127 つのエピソード