This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Alex Murray and Ubuntu Security Team에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Alex Murray and Ubuntu Security Team 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Ubuntu Security Podcast와 비슷한 콘텐츠
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Player FM -팟 캐스트 앱
Player FM 앱으로 오프라인으로 전환하세요!
Player FM 앱으로 오프라인으로 전환하세요!
))
Episode 137
Manage episode 306950205 series 2423058
Alex Murray and Ubuntu Security Team에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Alex Murray and Ubuntu Security Team 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Overview
This week we look at some details of the 29 unique CVEs addressed across the supported Ubuntu releases in the past 7 days and more.
This week in Ubuntu Security Updates
29 unique CVEs addressed
[USN-5131-1] Firefox vulnerabilities [00:42]
- 6 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)
- 94.0
- Copy image link - copies final image URL after redirects - if a page were to then combine this with a content security policy which blocked a redirect, the image URL may then contain any authentication tokens - and so if a page could trick a user into copying and pasting that image URL into the page an attacker could steal their auth token
- Various web framework issues
[USN-5132-1] Thunderbird vulnerabilities [01:56]
- 6 CVEs addressed in Impish (21.10)
- 91.2.1
- Usual web framework issues
[USN-5133-1] ICU vulnerability [02:17]
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
- unicode handling library
- UAF - could be triggered if was packaging the ICU data with malicious input -> crash / RCU
[USN-5135-1] Linux kernel vulnerability [02:43]
- 1 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)
- impish (5.13), hirsute (5.11), focal hwe (5.11)
- IPC memory objects not properly accounted for in memcg - could allow to bypass limits and cause DoS
[USN-5130-1] Linux kernel vulnerabilities [03:24]
- 2 CVEs addressed in Trusty ESM (14.04 ESM)
- 3.13
- 2 vulns courtesy of Jann Horn (GPZ) - in tty subsystem - lock order issues - UAF - DoS/privesc (Episode 106)
[USN-5136-1] Linux kernel vulnerabilities [04:06]
- 9 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
- 4.15 (bionic, xenial hwe, trusty azure)
- IPC memory object leak plus various other vulns from Episode 136
[USN-5137-1] Linux kernel vulnerabilities [04:48]
- 10 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- 5.4 (focal, bionic hwe)
[USN-5134-1] Docker vulnerability [04:50]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)
- If was using a private registry for
docker loginbut also had configuredcredsStoreandcredsHelperin~/.docker/config.jsonand these were not able to be executed (ie. execute bit not set or not in$PATH), then creds would get sent to the public docker registry rather than the configured private registry.
Goings on in Ubuntu Security Community
Hiring [06:00]
Security - Product Manager
- HOME BASED - EMEA (Europe, Middle East, Africa)
- Role includes:
- guiding the evolution of security offerings from Canonical and Ubuntu
- driving compliance and certification of Ubuntu
- engaging with the open source security community
- telling the story of Canonical’s work to deliver secure platforms
- https://canonical.com/careers/2278145/security-product-manager-remote
Get in contact
231 에피소드
공유
Manage episode 306950205 series 2423058
Alex Murray and Ubuntu Security Team에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Alex Murray and Ubuntu Security Team 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Overview
This week we look at some details of the 29 unique CVEs addressed across the supported Ubuntu releases in the past 7 days and more.
This week in Ubuntu Security Updates
29 unique CVEs addressed
[USN-5131-1] Firefox vulnerabilities [00:42]
- 6 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)
- 94.0
- Copy image link - copies final image URL after redirects - if a page were to then combine this with a content security policy which blocked a redirect, the image URL may then contain any authentication tokens - and so if a page could trick a user into copying and pasting that image URL into the page an attacker could steal their auth token
- Various web framework issues
[USN-5132-1] Thunderbird vulnerabilities [01:56]
- 6 CVEs addressed in Impish (21.10)
- 91.2.1
- Usual web framework issues
[USN-5133-1] ICU vulnerability [02:17]
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
- unicode handling library
- UAF - could be triggered if was packaging the ICU data with malicious input -> crash / RCU
[USN-5135-1] Linux kernel vulnerability [02:43]
- 1 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)
- impish (5.13), hirsute (5.11), focal hwe (5.11)
- IPC memory objects not properly accounted for in memcg - could allow to bypass limits and cause DoS
[USN-5130-1] Linux kernel vulnerabilities [03:24]
- 2 CVEs addressed in Trusty ESM (14.04 ESM)
- 3.13
- 2 vulns courtesy of Jann Horn (GPZ) - in tty subsystem - lock order issues - UAF - DoS/privesc (Episode 106)
[USN-5136-1] Linux kernel vulnerabilities [04:06]
- 9 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
- 4.15 (bionic, xenial hwe, trusty azure)
- IPC memory object leak plus various other vulns from Episode 136
[USN-5137-1] Linux kernel vulnerabilities [04:48]
- 10 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- 5.4 (focal, bionic hwe)
[USN-5134-1] Docker vulnerability [04:50]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)
- If was using a private registry for
docker loginbut also had configuredcredsStoreandcredsHelperin~/.docker/config.jsonand these were not able to be executed (ie. execute bit not set or not in$PATH), then creds would get sent to the public docker registry rather than the configured private registry.
Goings on in Ubuntu Security Community
Hiring [06:00]
Security - Product Manager
- HOME BASED - EMEA (Europe, Middle East, Africa)
- Role includes:
- guiding the evolution of security offerings from Canonical and Ubuntu
- driving compliance and certification of Ubuntu
- engaging with the open source security community
- telling the story of Canonical’s work to deliver secure platforms
- https://canonical.com/careers/2278145/security-product-manager-remote
Get in contact
231 에피소드
Усі епізоди
×
플레이어 FM에 오신것을 환영합니다!
플레이어 FM은 웹에서 고품질 팟캐스트를 검색하여 지금 바로 즐길 수 있도록 합니다. 최고의 팟캐스트 앱이며 Android, iPhone 및 웹에서도 작동합니다. 장치 간 구독 동기화를 위해 가입하세요.
Ubuntu Security Podcast와 비슷한 콘텐츠
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Player FM -팟 캐스트 앱
Player FM 앱으로 오프라인으로 전환하세요!
Player FM 앱으로 오프라인으로 전환하세요!
