Sign up to save your podcasts
Or
Share Episode 141
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 141
Overview
A preview of some things to come for the Ubuntu Security Podcast plus we
cover security updates for Samba, uriparser, libmodbus, MariaDB, Mailman
and more.
This week in Ubuntu Security Updates
38 unique CVEs addressed
[USN-5174-1] Samba vulnerabilities [00:58]
Episode 139 the difficulties involved in patching older Samba versions
like 4.7.6 as used in Ubuntu 18.04 - backports of patches for the more
severe vulnerabilities including the ability for authenticated attackers
to escalate privileges to root on domain machines and others
[USN-5142-2] Samba regressions [02:06]
subsequently fixed these, we then updated our backports to include those
regression fixes
[USN-5171-1] Long Range ZIP vulnerabilities [03:22]
[USN-5172-1] uriparser vulnerabilities [03:56]
[USN-5173-1] libmodbus vulnerabilities [04:36]
contained a typo which then introduced a second vuln on a subset of the
original input - second CVE assigned for that - both now fixed
[USN-5170-1] MariaDB vulnerability [05:13]
by Oracle who don’t provide a lot of specific details in their
vulnerability reports)
[USN-5178-1] Django vulnerability [06:04]
cause the URL to not match the existing URL path-based access controls so
could bypass those
[USN-5179-1] BusyBox vulnerabilities [06:33]
[USN-5180-1] Mailman vulnerability [07:37]
issued for that context - so a regular list user could take their own
CSRF token, craft a URL for the admin user with this token and if the
admin user visited that then they could evade the inteded CSRF
protections - so could say change the admindb password etc
[USN-5168-4] NSS regression [08:47]
and cause an SSL session to fail (DoS)
Goings on in Ubuntu Security Community
Preview of some upcoming content and changes [09:26]
Get in contact
View all episodes
By Ubuntu Security Team
4.8
1010 ratings
Overview
A preview of some things to come for the Ubuntu Security Podcast plus we
cover security updates for Samba, uriparser, libmodbus, MariaDB, Mailman
and more.
This week in Ubuntu Security Updates
38 unique CVEs addressed
[USN-5174-1] Samba vulnerabilities [00:58]
Episode 139 the difficulties involved in patching older Samba versions
like 4.7.6 as used in Ubuntu 18.04 - backports of patches for the more
severe vulnerabilities including the ability for authenticated attackers
to escalate privileges to root on domain machines and others
[USN-5142-2] Samba regressions [02:06]
subsequently fixed these, we then updated our backports to include those
regression fixes
[USN-5171-1] Long Range ZIP vulnerabilities [03:22]
[USN-5172-1] uriparser vulnerabilities [03:56]
[USN-5173-1] libmodbus vulnerabilities [04:36]
contained a typo which then introduced a second vuln on a subset of the
original input - second CVE assigned for that - both now fixed
[USN-5170-1] MariaDB vulnerability [05:13]
by Oracle who don’t provide a lot of specific details in their
vulnerability reports)
[USN-5178-1] Django vulnerability [06:04]
cause the URL to not match the existing URL path-based access controls so
could bypass those
[USN-5179-1] BusyBox vulnerabilities [06:33]
[USN-5180-1] Mailman vulnerability [07:37]
issued for that context - so a regular list user could take their own
CSRF token, craft a URL for the admin user with this token and if the
admin user visited that then they could evade the inteded CSRF
protections - so could say change the admindb password etc
[USN-5168-4] NSS regression [08:47]
and cause an SSL session to fail (DoS)
Goings on in Ubuntu Security Community
Preview of some upcoming content and changes [09:26]
Get in contact