Sign up to save your podcasts
Or
Share Episode 139
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 139
Overview
This week we put out a call for testing and feedback on proposed Samba
updates for Ubuntu 18.04 LTS plus we look at security updates for Mailman,
Thunderbird, LibreOffice, BlueZ and more.
This week in Ubuntu Security Updates
15 unique CVEs addressed
[USN-5150-1] OpenEXR vulnerability [00:39]
[USN-5151-1] Mailman vulnerabilities [00:58]
[USN-5152-1] Thunderbird vulnerabilities [01:27]
around the ability to force TB into full-screen via web content
navigation - could then spoof usual chrome which is hidden in fullscreen
and get user input unexpectedly
[USN-5153-1] LibreOffice vulnerabilities [02:23]
documents - could inject a new timestamp and get this shown as the time
the document was signed, or could cause to show incorrect details for a
signed document by adding details from another certificate
[USN-5154-1] FreeRDP vulnerabilities [03:28]
malicious gateway could then corrupt client memory -> crash / code-exec
[USN-5155-1] BlueZ vulnerabilities [04:07]
if powered down when discoverable would power up as discoverable
dbus - so would likely need bad luck or cooperation between a local
application / user and the device to trigger
Goings on in Ubuntu Security Community
Samba updates available for testing for Ubuntu 18.04 LTS [05:24]
ageing software
version, possibly breaking things in the process due to new features /
changes in behaviour etc (plus incompatibilities with other software in
Ubuntu archive)
Samba (USN-5142-1) - CVE-2016-2124, CVE-2020-25717, CVE-2020-25722,
CVE-2021-3671
Get in contact
View all episodes
By Ubuntu Security Team
4.8
1010 ratings
Overview
This week we put out a call for testing and feedback on proposed Samba
updates for Ubuntu 18.04 LTS plus we look at security updates for Mailman,
Thunderbird, LibreOffice, BlueZ and more.
This week in Ubuntu Security Updates
15 unique CVEs addressed
[USN-5150-1] OpenEXR vulnerability [00:39]
[USN-5151-1] Mailman vulnerabilities [00:58]
[USN-5152-1] Thunderbird vulnerabilities [01:27]
around the ability to force TB into full-screen via web content
navigation - could then spoof usual chrome which is hidden in fullscreen
and get user input unexpectedly
[USN-5153-1] LibreOffice vulnerabilities [02:23]
documents - could inject a new timestamp and get this shown as the time
the document was signed, or could cause to show incorrect details for a
signed document by adding details from another certificate
[USN-5154-1] FreeRDP vulnerabilities [03:28]
malicious gateway could then corrupt client memory -> crash / code-exec
[USN-5155-1] BlueZ vulnerabilities [04:07]
if powered down when discoverable would power up as discoverable
dbus - so would likely need bad luck or cooperation between a local
application / user and the device to trigger
Goings on in Ubuntu Security Community
Samba updates available for testing for Ubuntu 18.04 LTS [05:24]
ageing software
version, possibly breaking things in the process due to new features /
changes in behaviour etc (plus incompatibilities with other software in
Ubuntu archive)
Samba (USN-5142-1) - CVE-2016-2124, CVE-2020-25717, CVE-2020-25722,
CVE-2021-3671
Get in contact