Sign up to save your podcasts
Or
Share Episode 109
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 109
Overview
This week we look at security updates for containerd, Ruby, the Linux
kernel, Pygments and more, plus we cover some open positions within the
team as well.
This week in Ubuntu Security Updates
28 unique CVEs addressed
[USN-4881-1] containerd vulnerability [00:38]
runtime interface) - would share environment variables etc between
containers that shared the same image - so could allow an inadvertent
info leak from one container to another - race condition so would be less
likely to occur if not launching containers in rapid succession which
share the same image
[USN-4882-1] Ruby vulnerabilities [01:27]
the interpreter
heap info leak so could expose sensitive data from the interpreter
so be vulnerable to HTTP request smuggling attacks
[USN-4883-1] Linux kernel vulnerabilities [02:32]
by a local attacker -> code-exec as root
and a OOB read -> crash or possible infoleak
[USN-4884-1] Linux kernel (OEM) vulnerabilities [03:13]
crash/codexec
[USN-4885-1] Pygments vulnerability [03:36]
input file containing just ’exception’ would be enough to trigger this
[USN-4886-1] Privoxy vulnerabilities [04:18]
[USN-4887-1] Linux kernel vulnerabilities [05:03]
truncation when source register was known to be 0 -> could be turned into
an arbitrary memory read -> info-leak - and can’t rule out arbitrary
memory write -> RCE
an attacker to read entirety of kernel memory via speculative execution
attack through BPF
Goings on in Ubuntu Security Community
Hiring [07:04]
AppArmor Security Engineer
Ubuntu Security Engineer
Security Engineer - Ubuntu
Get in contact
View all episodes
By Ubuntu Security Team
4.8
1010 ratings
Overview
This week we look at security updates for containerd, Ruby, the Linux
kernel, Pygments and more, plus we cover some open positions within the
team as well.
This week in Ubuntu Security Updates
28 unique CVEs addressed
[USN-4881-1] containerd vulnerability [00:38]
runtime interface) - would share environment variables etc between
containers that shared the same image - so could allow an inadvertent
info leak from one container to another - race condition so would be less
likely to occur if not launching containers in rapid succession which
share the same image
[USN-4882-1] Ruby vulnerabilities [01:27]
the interpreter
heap info leak so could expose sensitive data from the interpreter
so be vulnerable to HTTP request smuggling attacks
[USN-4883-1] Linux kernel vulnerabilities [02:32]
by a local attacker -> code-exec as root
and a OOB read -> crash or possible infoleak
[USN-4884-1] Linux kernel (OEM) vulnerabilities [03:13]
crash/codexec
[USN-4885-1] Pygments vulnerability [03:36]
input file containing just ’exception’ would be enough to trigger this
[USN-4886-1] Privoxy vulnerabilities [04:18]
[USN-4887-1] Linux kernel vulnerabilities [05:03]
truncation when source register was known to be 0 -> could be turned into
an arbitrary memory read -> info-leak - and can’t rule out arbitrary
memory write -> RCE
an attacker to read entirety of kernel memory via speculative execution
attack through BPF
Goings on in Ubuntu Security Community
Hiring [07:04]
AppArmor Security Engineer
Ubuntu Security Engineer
Security Engineer - Ubuntu
Get in contact