Sign up to save your podcasts
Or
Share Episode 89
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 89
Overview
This week we farewell Joe McManus plus we look at security updates for
Firefox, Chrony, Squid, Django, the Linux kernel and more.
This week in Ubuntu Security Updates
59 unique CVEs addressed
[USN-4473-1] libmysofa vulnerabilities [01:01]
[USN-4474-1] Firefox vulnerabilities [01:30]
URL bar, leak sensitive info across origins, RCE etc
[USN-4446-2] Squid regression [02:31]
ecap protocols to do content adaptation
[USN-4475-1] Chrony vulnerability [02:51]
to a symlink attack -> could be used to overwrite arbitrary files on the
system
[USN-4476-1] NSS vulnerability [03:45]
[USN-4477-1] Squid vulnerabilities
[USN-4478-1] Python-RSA vulnerability [04:15]
check length matches block size
[USN-4479-1] Django vulnerabilities [04:40]
behavioural change in python 3.7 - so only affects Python Django when
used with python 3.7 and hence say bionic (which uses python 3.6) is not
affected
[USN-4480-1] OpenStack Keystone vulnerabilities [05:25]
attacker to create EC2 credentials with elevated permissions
more role assignments than intended
authorisation headers
[USN-4471-2] Net-SNMP regression [05:51]
settable as MIB attribute - instead add cacheTime feature flag to set
this
[USN-4481-1] FreeRDP vulnerabilities [06:23]
etc -> crash / RCE
[USN-4482-1] Ark vulnerability [06:54]
creation of arbitrary files (zipslip but for tar - tarslip?)
[USN-4483-1] Linux kernel vulnerabilities [07:22]
bionic
Store Bypass Disable (SSBD), Indirect Branch Predictor Barrier (IBPB) &
Indirect Branch Speculation mitigation bypasses, crafted XFS metadata
DoS, cgroupv2 reference count -> NULL ptr deref etc
[USN-4484-1] Linux kernel vulnerability
[USN-4485-1] Linux kernel vulnerabilities
[USN-4486-1] Linux kernel vulnerability
Goings on in Ubuntu Security Community
Farewell Joe McManus [09:04]
Get in contact
View all episodes
By Ubuntu Security Team
4.8
1010 ratings
Overview
This week we farewell Joe McManus plus we look at security updates for
Firefox, Chrony, Squid, Django, the Linux kernel and more.
This week in Ubuntu Security Updates
59 unique CVEs addressed
[USN-4473-1] libmysofa vulnerabilities [01:01]
[USN-4474-1] Firefox vulnerabilities [01:30]
URL bar, leak sensitive info across origins, RCE etc
[USN-4446-2] Squid regression [02:31]
ecap protocols to do content adaptation
[USN-4475-1] Chrony vulnerability [02:51]
to a symlink attack -> could be used to overwrite arbitrary files on the
system
[USN-4476-1] NSS vulnerability [03:45]
[USN-4477-1] Squid vulnerabilities
[USN-4478-1] Python-RSA vulnerability [04:15]
check length matches block size
[USN-4479-1] Django vulnerabilities [04:40]
behavioural change in python 3.7 - so only affects Python Django when
used with python 3.7 and hence say bionic (which uses python 3.6) is not
affected
[USN-4480-1] OpenStack Keystone vulnerabilities [05:25]
attacker to create EC2 credentials with elevated permissions
more role assignments than intended
authorisation headers
[USN-4471-2] Net-SNMP regression [05:51]
settable as MIB attribute - instead add cacheTime feature flag to set
this
[USN-4481-1] FreeRDP vulnerabilities [06:23]
etc -> crash / RCE
[USN-4482-1] Ark vulnerability [06:54]
creation of arbitrary files (zipslip but for tar - tarslip?)
[USN-4483-1] Linux kernel vulnerabilities [07:22]
bionic
Store Bypass Disable (SSBD), Indirect Branch Predictor Barrier (IBPB) &
Indirect Branch Speculation mitigation bypasses, crafted XFS metadata
DoS, cgroupv2 reference count -> NULL ptr deref etc
[USN-4484-1] Linux kernel vulnerability
[USN-4485-1] Linux kernel vulnerabilities
[USN-4486-1] Linux kernel vulnerability
Goings on in Ubuntu Security Community
Farewell Joe McManus [09:04]
Get in contact