Ubuntu Security Podcast

Episode 76

Listen Later
Overview

This week we welcome back Vineetha Kamath, Ubuntu Security Certifications

Manager, to discuss the recent release of FIPS modules for Ubuntu 18.04 LTS
and we look at security updates for Bind, ClamAV, QEMU, the Linux kernel
and more.

This week in Ubuntu Security Updates

24 unique CVEs addressed

[USN-4365-2] Bind vulnerabilities [00:37]
  • 2 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM)
    • CVE-2020-8617
    • CVE-2020-8616
    • Episode 75 - https://nxnsattack.com
      • [USN-4369-1] Linux kernel vulnerabilities [01:11]
      • 8 CVEs addressed in Bionic (18.04 LTS), Eoan (19.10)
        • CVE-2020-12657
        • CVE-2020-11668
        • CVE-2020-11609
        • CVE-2020-11608
        • CVE-2020-11565
        • CVE-2020-11494
        • CVE-2019-19769
        • CVE-2019-19377
        • 5.3 (19.10, 18.04 LTS HWE)
        • Episode 75 for details
          • [USN-4370-1, USN-4370-2] ClamAV vulnerabilities [01:35]
          • 2 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
            • CVE-2020-3341
            • CVE-2020-3327
            • Stack and heap buffer over-reads in the PDF and ARJ (Archived by Rober
              • Jung) file parsers -> crash -> DoS
              [USN-4371-1] libvirt vulnerabilities [02:36]
              • 2 CVEs addressed in Bionic (18.04 LTS), Eoan (19.10)
                • CVE-2020-12430
                • CVE-2020-10703
                • Memory leak able to be triggered by local users with read-only qemu
                  • access when retrieving domain stats -> DoS
                  [USN-4372-1] QEMU vulnerabilities [03:08]
                  • 5 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
                    • CVE-2020-1983
                    • CVE-2020-11869
                    • CVE-2020-10702
                    • CVE-2019-20382
                    • CVE-2019-15034
                    • UAF in libslirp
                    • Integer overflow in handling of ATI VGA emulation -> guest to host crash
                      • [USN-4373-1] Thunderbird vulnerabilities [03:44]
                      • 5 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
                        • CVE-2020-12397
                        • CVE-2020-12392
                        • CVE-2020-12395
                        • CVE-2020-12387
                        • CVE-2020-6831
                        • 68.8.0
                          • Goings on in Ubuntu Security Community
                          Joe McManus and Vineetha Kamath discuss FIPS certification for Ubuntu 18.04 LTS [04:10]
                          Get in contact
                          • [email protected]
                          • #ubuntu-security on the Libera.Chat IRC network
                          • ubuntu-hardened mailing list
                          • Security section on discourse.ubuntu.com
                          • @ubuntu_sec on twitter
                            • ...more
                            View all episodesView all episodes
                            Download on the App Store
                            Ubuntu Security PodcastBy Ubuntu Security Team
                            • 4.8
                            • 4.8
                            • 4.8
                            • 4.8
                            • 4.8

                            4.8

                            10 ratings