Sign up to save your podcasts
Or
Share Episode 98
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 98
Overview
This week we look at updates for c-ares, PulseAudio, phpMyAdmin and more,
plus we cover security news from the Ubuntu community including planning
for 16.04 LTS to transition to ESM, libgcrypt FIPS cerified for 18.04 LTS
and a proposal for making home directories more secure for upcoming Ubuntu
releases as well.
This week in Ubuntu Security Updates
48 unique CVEs addressed
[USN-4638-1] c-ares vulnerability [01:00]
of the ares library with additional support for IPv6, and 64-bit/cross
platform support
a remote attacker who could cause a Node.js application to perform a DNS
request to a chosen host where a large number of DNS records - internally
is a buffer-over-read - c-ares would return data of length N but with a
purported length of >N - only in more recent releases so only affected
groovy
[USN-4639-1] phpMyAdmin vulnerabilities [02:37]
XSS, SQL injection, CSRF, sensitive info leaks etc
[USN-4637-2] Firefox vulnerabilities [03:08]
in xenial vs newer things used in Firefox (ie rust etc)
[USN-4634-2] OpenLDAP vulnerabilities [03:57]
[USN-4640-1] PulseAudio vulnerability [04:13]
bypass snap pulseaudio restrictions - ie. could record audio when only
authorised to playback audio
[USN-4641-1] libextractor vulnerabilities [06:20]
audio, images, video, archives, packages etc)
overflows, heap buffer overflows etc
[USN-4642-1] PDFResurrect vulnerability [07:28]
[USN-4643-1] atftp vulnerabilities [07:56]
threads can race on the same data -> DoS
[USN-4644-1] igraph vulnerability [08:35]
Goings on in Ubuntu Security Community
Ubuntu 16.04 LTS moving to ESM webinar [08:52]
Security Certifications - libgcrypt on Ubuntu 18.04 is FIPS 140-2 certified [10:13]
Private home directories for Ubuntu 21.04 onwards? [10:45]
Get in contact
View all episodes
By Ubuntu Security Team
4.8
1010 ratings
Overview
This week we look at updates for c-ares, PulseAudio, phpMyAdmin and more,
plus we cover security news from the Ubuntu community including planning
for 16.04 LTS to transition to ESM, libgcrypt FIPS cerified for 18.04 LTS
and a proposal for making home directories more secure for upcoming Ubuntu
releases as well.
This week in Ubuntu Security Updates
48 unique CVEs addressed
[USN-4638-1] c-ares vulnerability [01:00]
of the ares library with additional support for IPv6, and 64-bit/cross
platform support
a remote attacker who could cause a Node.js application to perform a DNS
request to a chosen host where a large number of DNS records - internally
is a buffer-over-read - c-ares would return data of length N but with a
purported length of >N - only in more recent releases so only affected
groovy
[USN-4639-1] phpMyAdmin vulnerabilities [02:37]
XSS, SQL injection, CSRF, sensitive info leaks etc
[USN-4637-2] Firefox vulnerabilities [03:08]
in xenial vs newer things used in Firefox (ie rust etc)
[USN-4634-2] OpenLDAP vulnerabilities [03:57]
[USN-4640-1] PulseAudio vulnerability [04:13]
bypass snap pulseaudio restrictions - ie. could record audio when only
authorised to playback audio
[USN-4641-1] libextractor vulnerabilities [06:20]
audio, images, video, archives, packages etc)
overflows, heap buffer overflows etc
[USN-4642-1] PDFResurrect vulnerability [07:28]
[USN-4643-1] atftp vulnerabilities [07:56]
threads can race on the same data -> DoS
[USN-4644-1] igraph vulnerability [08:35]
Goings on in Ubuntu Security Community
Ubuntu 16.04 LTS moving to ESM webinar [08:52]
Security Certifications - libgcrypt on Ubuntu 18.04 is FIPS 140-2 certified [10:13]
Private home directories for Ubuntu 21.04 onwards? [10:45]
Get in contact