Sign up to save your podcasts
Or
Share Episode 101
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 101
Overview
In the first episode for 2021 we bring back Joe McManus to discuss the
SolarWinds hack plus we look at vulnerabilities in sudo, NVIDIA graphics
drivers and mutt. We also cover some open positions in the team and say
farewell to long-time Ubuntu Security superstar Jamie Strandboge.
This week in Ubuntu Security Updates
22 unique CVEs addressed
[USN-4689-3] NVIDIA graphics drivers vulnerabilities [01:09]
unprivileged users to DoS / info leak or possible priv esc
[USN-4689-4] Linux kernel update [01:42]
[USN-4697-2] Pillow vulnerabilities [02:00]
[USN-4702-1] Pound vulnerabilities
[USN-4703-1] Mutt vulnerability [02:18]
mutt to allocate a very large amount of memory when processing the email
and cause it to crash as a result of exhausting available memory
for each - so for a 1 byte ; mutt allocates 40 bytes - and so a 25MB
email can cause mutt to allocate 1GB
[USN-4704-1] libsndfile vulnerabilities [03:52]
[USN-4705-1] Sudo vulnerabilities [04:06]
parsing in sudo that has existed since July 2011
as root - so if a user can exploit a vuln in sudo to get code execution,
can get code execution as root as so escalate privileges to root
mode is automatically set so that the vulnerability is active
Linux distros (Ubuntu 20.04, Debian 10, Fedora 33 etc)
location of the environment variables in memory etc but assuming an
unprivileged user can run the exploit multiple times they can eventually
exploit it
Goings on in Ubuntu Security Community
Alex discusses the SolarWinds hack with special guest Joe McManus [07:03]
Private home directories for Ubuntu 21.04
Hiring
Engineering Director - Ubuntu Security
Engineering Manager - Ubuntu Security
AppArmor Security Engineer
Ubuntu Security Engineer
Farewells
Get in contact
View all episodes
By Ubuntu Security Team
4.8
1010 ratings
Overview
In the first episode for 2021 we bring back Joe McManus to discuss the
SolarWinds hack plus we look at vulnerabilities in sudo, NVIDIA graphics
drivers and mutt. We also cover some open positions in the team and say
farewell to long-time Ubuntu Security superstar Jamie Strandboge.
This week in Ubuntu Security Updates
22 unique CVEs addressed
[USN-4689-3] NVIDIA graphics drivers vulnerabilities [01:09]
unprivileged users to DoS / info leak or possible priv esc
[USN-4689-4] Linux kernel update [01:42]
[USN-4697-2] Pillow vulnerabilities [02:00]
[USN-4702-1] Pound vulnerabilities
[USN-4703-1] Mutt vulnerability [02:18]
mutt to allocate a very large amount of memory when processing the email
and cause it to crash as a result of exhausting available memory
for each - so for a 1 byte ; mutt allocates 40 bytes - and so a 25MB
email can cause mutt to allocate 1GB
[USN-4704-1] libsndfile vulnerabilities [03:52]
[USN-4705-1] Sudo vulnerabilities [04:06]
parsing in sudo that has existed since July 2011
as root - so if a user can exploit a vuln in sudo to get code execution,
can get code execution as root as so escalate privileges to root
mode is automatically set so that the vulnerability is active
Linux distros (Ubuntu 20.04, Debian 10, Fedora 33 etc)
location of the environment variables in memory etc but assuming an
unprivileged user can run the exploit multiple times they can eventually
exploit it
Goings on in Ubuntu Security Community
Alex discusses the SolarWinds hack with special guest Joe McManus [07:03]
Private home directories for Ubuntu 21.04
Hiring
Engineering Director - Ubuntu Security
Engineering Manager - Ubuntu Security
AppArmor Security Engineer
Ubuntu Security Engineer
Farewells
Get in contact