Sign up to save your podcasts
Or
Share Episode 74
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 74
Overview
Special guest, Tim McNamara, author of Rust In Action talks all things Rust
plus we look at security updates for Linux bluetooth firmware, OpenLDAP,
PulseAudio, Squid and more.
This week in Ubuntu Security Updates
17 unique CVEs addressed
[USN-4351-1] Linux firmware vulnerability [01:03]
used in key exchange - remote attacker could possibly force a weak key to
be used and hence obtain the encryption key. Required changes to both the
kernel and firmware blobs - kernel was updated previously (Episode 43) -
this is the corresponding update for firmware
[USN-4352-1, USN-4352-2] OpenLDAP vulnerability [02:05]
Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
cause slapd daemon to crash via deep stack recursion - add a hard coded
limit to resolve this
[USN-4353-1] Firefox vulnerabilities [02:46]
bypass etc
[USN-4353-2] Firefox regression [03:34]
functionality
[USN-4354-1] Mailman vulnerability [03:51]
1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)
email address looking invalid it would be echo’d back to the user - and
so anything supplied as the email address would be displayed
[USN-4355-1] PulseAudio vulnerability [04:23]
to allow snapd to mediate access to pulseaudio for snaps - so if plug
pulseaudio (or audio-playback / record) interface(s) can talk to
pulseaudio but then should only be able to do certain actions - however
the policy did not restrict unloading the policy module itself so any
snap with access could unload the policy and then have unrestricted
access to pulseaudio - so could say record audio when only audio-playback
interface was connected.
[USN-4357-1] IPRoute vulnerability [05:39]
[USN-4356-1] Squid vulnerabilities [05:59]
Edge Side Includes
browsers -> HTML injection
nonce values
[USN-3911-2] file regression [06:40]
name of the interpreter parsed by file would be truncated and so the
output would be incorrect - used sizeof(var) - but var is a char * and so
sizeof() is size of a pointer - should instead be the length of the
string - updated to use strlen(var) +1
Goings on in Ubuntu Security Community
Alex talks Rust with Tim McNamara [08:14]
on Rust in Ubuntu to win a copy
Get in contact
View all episodes
By Ubuntu Security Team
4.8
1010 ratings
Overview
Special guest, Tim McNamara, author of Rust In Action talks all things Rust
plus we look at security updates for Linux bluetooth firmware, OpenLDAP,
PulseAudio, Squid and more.
This week in Ubuntu Security Updates
17 unique CVEs addressed
[USN-4351-1] Linux firmware vulnerability [01:03]
used in key exchange - remote attacker could possibly force a weak key to
be used and hence obtain the encryption key. Required changes to both the
kernel and firmware blobs - kernel was updated previously (Episode 43) -
this is the corresponding update for firmware
[USN-4352-1, USN-4352-2] OpenLDAP vulnerability [02:05]
Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
cause slapd daemon to crash via deep stack recursion - add a hard coded
limit to resolve this
[USN-4353-1] Firefox vulnerabilities [02:46]
bypass etc
[USN-4353-2] Firefox regression [03:34]
functionality
[USN-4354-1] Mailman vulnerability [03:51]
1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)
email address looking invalid it would be echo’d back to the user - and
so anything supplied as the email address would be displayed
[USN-4355-1] PulseAudio vulnerability [04:23]
to allow snapd to mediate access to pulseaudio for snaps - so if plug
pulseaudio (or audio-playback / record) interface(s) can talk to
pulseaudio but then should only be able to do certain actions - however
the policy did not restrict unloading the policy module itself so any
snap with access could unload the policy and then have unrestricted
access to pulseaudio - so could say record audio when only audio-playback
interface was connected.
[USN-4357-1] IPRoute vulnerability [05:39]
[USN-4356-1] Squid vulnerabilities [05:59]
Edge Side Includes
browsers -> HTML injection
nonce values
[USN-3911-2] file regression [06:40]
name of the interpreter parsed by file would be truncated and so the
output would be incorrect - used sizeof(var) - but var is a char * and so
sizeof() is size of a pointer - should instead be the length of the
string - updated to use strlen(var) +1
Goings on in Ubuntu Security Community
Alex talks Rust with Tim McNamara [08:14]
on Rust in Ubuntu to win a copy
Get in contact