Episode 14

FromUbuntu Security Podcast

Start listening View podcast show

Episode 14

FromUbuntu Security Podcast

ratings:

Length:

22 minutes

Released:

Dec 3, 2018

Format:

Podcast episode

Description

This week we look at some details of the 32 unique CVEs addressed across the supported Ubuntu releases and talk open source software supply chain integrity and how this relates to Ubuntu compared to the recent npm event-stream compromise.

Released:

Dec 3, 2018

Format:

Podcast episode

Titles in the series (100)

A weekly podcast talking about the latest developments and updates from the Ubuntu Security team, including a summary of the security vulnerabilities and fixes from the last week as well as a discussion on some of the goings on in the wider Ubuntu Security community.

Skip carousel

Episode 9: This week we look at some details of the 61 unique CVEs addressed across the supported Ubuntu releases, with a particular focus on the recent Xorg vulnerability ([CVE-2018-14665](https://ubuntu.com/security/CVE-2018-14665)), plus Cosmic is now... by Ubuntu Security Podcast
12 min listen
Episode 8: This week we look at some details of the 15 unique CVEs addressed across the supported Ubuntu releases and discuss some of the security relevant changes in Ubuntu 18.10, plus a refresh of the Ubuntu CVE tracker and more. by Ubuntu Security Podcast
9 min listen
Episode 2: L1TF kernel regressions, WPA2 key recovery, mirror fail and more! by Ubuntu Security Podcast
8 min listen
Episode 18: This week we look at some details of the 46 unique CVEs addressed across the supported Ubuntu releases and take a deep dive into the recent apt security bug. by Ubuntu Security Podcast
14 min listen
Episode 17: First episode of 2019! This week we look "System Down" in systemd, as well as updates for the Linux kernel, GnuPG, PolicyKit and more, and discuss a recent cache-side channel attack using the mincore() system call. by Ubuntu Security Podcast
22 min listen
Episode 5: This week we look at some details of the 43 unique CVEs addressed across the supported Ubuntu releases and talk about the recently announced Extended Security Maintenance support for Ubuntu 14.04 Trusty Tahr. by Ubuntu Security Podcast
16 min listen
Episode 1: Another week, another speculative execution vulnerablity... and more! by Ubuntu Security Podcast
11 min listen
Episode 25: Ghostscript is back to haunt us for another week, plus we look at vulnerabilities in ntfs-3g, snapd, firefox and more. by Ubuntu Security Podcast
15 min listen
Episode 3: This week we look at 29 unique CVEs addressed across the supported Ubuntu releases, a discussion of the Main Inclusion Review process and recent news around the bubblewrap package, and open positions within the team. by Ubuntu Security Podcast
10 min listen
Episode 16 by Ubuntu Security Podcast
11 min listen
Episode 23: This week we look at security updates for the Linux kernel, PHP and NVIDIA drivers, revealing recent research into GPU based side-channel attacks plus we call for suggestions on hardening features and more. by Ubuntu Security Podcast
13 min listen
Episode 15: Security updates for 29 CVEs including Perl, the kernel, OpenSSL (PortSmash) and more, plus in response to some listener questions, we discuss how to make sure you always have the latest security updates by using unattended-upgrades. by Ubuntu Security Podcast
17 min listen
Episode 4: A quieter week in package updates - this week we look at some details of the 9 unique CVEs addressed across the supported Ubuntu releases and talk about various hardening guides for Ubuntu. by Ubuntu Security Podcast
11 min listen
Episode 0: The first ever episode of the Ubuntu Security Podcast! by Ubuntu Security Podcast
13 min listen
Episode 27: Carpe Diem for Apache HTTP Server, plus updates for Dovecot, PolicyKit and the Linux kernel, and we talk to Joe McManus about the recent Asus ShadowHammer supply chain attack and more. by Ubuntu Security Podcast
30 min listen
Episode 20: This week we look at Linux kernel updates for all releases, OpenSSH, dovecot, curl and more. Plus we answer some frequently asked questions for Ubuntu security, in particular the perennial favourite of why we choose to just backport security... by Ubuntu Security Podcast
17 min listen
Episode 22: This week we cover security updates including Firefox, Thunderbird, OpenSSL and another Ghostscript regression, plus we look at a recent report from Capsule8 comparing Linux hardening features across various distributions and we answer some... by Ubuntu Security Podcast
16 min listen
Episode 6: This week we look at some details of the 17 unique CVEs addressed across the supported Ubuntu releases and more. by Ubuntu Security Podcast
12 min listen
Episode 26: This week we look security updates for a heap of packages including Firefox &amp; Thunderbird, PHP &amp; QEMU, plus we discuss Facebook's recent password storage incident as well as some listener hardening tips and more. by Ubuntu Security Podcast
20 min listen
Episode 12: This week we look at some details of the 33 unique CVEs addressed across the supported Ubuntu releases, including some significant updates for systemd and the kernel, plus we talk about even more Intel side-channel vulnerabilities and more. by Ubuntu Security Podcast
20 min listen
Episode 39: A look at security updates for Django, Thunderbird, ZNC, Irssi and more, plus news on the CanonicalLtd GitHub account credentials compromise, SKS PGP keyservers under attack and Ubuntu 18.10 Cosmic Cuttlefish reaches EOL. by Ubuntu Security Podcast
12 min listen
Episode 13: This week we look at some details of the 16 unique CVEs addressed across the supported Ubuntu releases and more. by Ubuntu Security Podcast
9 min listen
Episode 44: This week Joe and Alex discuss a recently disclosed backdoor in Webmin, plus we cover security updates from the past week, including for Nova, KDE, LibreOffice, Docker, CUPS and more. by Ubuntu Security Podcast
22 min listen
Episode 19: This week we look at updates to the Linux kernel in preparation for the 18.04.2 release, plus updates for Open vSwitch, Firefox, Avahi, LibVNCServer and more. We also revisit and discuss upstream changes to the mincore() system call to thwart... by Ubuntu Security Podcast
15 min listen
Episode 29: This week we look at fixes from the past two weeks including BIND, NTFS-3G, Dovecot, Pacemaker and more, plus we follow up last episodes IoT security discussion with Joe McManus talking about Ubuntu Core. Finally we cover the release... by Ubuntu Security Podcast
21 min listen
Episode 40: Big roundup of security updates from the past 2 weeks including Docker, ZeroMQ, Squid, Redis and more, plus we talk with Joe McManus about some recent big fines for companies breaching their GDPR responsibilities and it's EOL for... by Ubuntu Security Podcast
27 min listen
Episode 10: This week we look at some details of the 17 unique CVEs addressed across the supported Ubuntu releases, have a brief look at some Canonical presentations from LSS-EU and more. by Ubuntu Security Podcast
9 min listen
Episode 24: A look at recent fixes for vulnerabilities in poppler, WALinuxAgent, the Linux kernel and more. We also talk about some listener feedback on Ubuntu hardening and the launch of Ubuntu 14.04 ESM. by Ubuntu Security Podcast
13 min listen
Episode 7: This week we look at some details of the 78 unique CVEs addressed across the supported Ubuntu releases including more GhostScript, ImageMagick, WebKitGTK, Linux kernel and more. by Ubuntu Security Podcast
11 min listen
Episode 14: This week we look at some details of the 32 unique CVEs addressed across the supported Ubuntu releases and talk open source software supply chain integrity and how this relates to Ubuntu compared to the recent npm event-stream compromise. by Ubuntu Security Podcast
22 min listen

More Episodes from Ubuntu Security Podcast

Skip carousel

Episode 227: Ubuntu 24.04 LTS is finally released and we cover all the new security features it brings, plus we look at security vulnerabilities in, and updates for, FreeRDP, Zabbix, CryptoJS, cpio, less, JSON5 and a heap more. by Ubuntu Security Podcast
25 min listen
Episode 226: John and Georgia are at the Linux Security Summit presenting on some long awaited developments in AppArmor and we give you all the details in a sneak peek preview as well as some of the other talks to look out for, plus we cover... by Ubuntu Security Podcast
24 min listen
Episode 225: This week we cover the recent reports of a new local privilege escalation exploit against the Linux kernel, follow-up on the xz-utils backdoor from last week and it's the beta release of Ubuntu 24.04 LTS - plus we talk security... by Ubuntu Security Podcast
20 min listen
Episode 224: It's been an absolutely manic week in the Linux security community as the news and reaction to the recent announcement of a backdoor in the xz-utils project was announced late last week, so we dive deep into this issue and discuss how it... by Ubuntu Security Podcast
29 min listen
Episode 223: This week we bring you a sneak peak of how Ubuntu 23.10 fared at Pwn2Own Vancouver 2024, plus news of malicious themes in the KDE Store and we cover security updates for the Linux kernel, X.Org X Server, TeX Live, Expat, Bash and more.... by Ubuntu Security Podcast
17 min listen
Episode 222: We cover recent Linux malware from the Magnet Goblin threat actor, plus the news of Ubuntu 23.10 as a target in Pwn2Own Vancouver 2024 and we detail vulnerabilities in Puma, AccountsService, Open vSwitch, OVN, and more. by Ubuntu Security Podcast
24 min listen
Episode 221: Andrei is back to discuss recent academic research into malware within the Python/PyPI ecosystem and whether it is possible to effectively combat it with open source tooling, plus we cover security updates for Unbound, libuv, node.js,... by Ubuntu Security Podcast
23 min listen
Episode 220: The Linux kernel.org CNA has assigned their first CVEs so we revisit this topic to assess the initial impact on Ubuntu and the CVE ecosystem, plus we cover security updates for Roundcube Webmail, less, GNU binutils and the Linux kernel... by Ubuntu Security Podcast
19 min listen
Episode 219: This week the Linux kernel project announced they will be assigning their own CVEs so we discuss the possible implications and fallout from such a shift, plus we cover vulnerabilities in the kernel, Glance_store, WebKitGTK, Bind and... by Ubuntu Security Podcast
21 min listen
Episode 218: AppArmor unprivileged user namespace restrictions are back on the agenda this week as we survey the latest improvements to this hardening feature in the upcoming Ubuntu 24.04 LTS, plus we discuss SMTP smuggling in Postfix, runC... by Ubuntu Security Podcast
18 min listen
Episode 217: For the first episode of 2024 we take a look at the case of a raft of bogus FOSS CVEs reported on full-disclosure as well as AppSec tools in Ubuntu and the EOL announcement for 23.04, plus we cover vulnerabilities in the Linux kernel,... by Ubuntu Security Podcast
15 min listen
Episode 216: For the final episode of 2023 we discuss creating PoCs for vulns in tar and the looming EOL for Ubuntu 23.04, plus we look into security updates for curl, BlueZ, Netatalk, GNOME Settings and a heap more. by Ubuntu Security Podcast
21 min listen
Episode 215: Mark Esler is our special guest on the podcast this week to discuss the OpenSSF's Compiler Options Hardening Guide for C/C++ plus we cover vulnerabilities and updates for GIMP, FreeRDP, GStreamer, HAProxy and more. by Ubuntu Security Podcast
31 min listen
Episode 214: This week we take a deep dive into the Reptar vuln in Intel processors plus we look into some relic vulnerabilities in Squid and OpenZFS and finally we detail new hardening measures in tracker-miners to keep your desktop safer. by Ubuntu Security Podcast
20 min listen
Episode 213: As we ease back into regular programming, we cover the various activities the team got up to over the past few weeks whilst away in Riga for the Ubuntu Summit and Ubuntu Engineering Sprint. by Ubuntu Security Podcast
9 min listen
Episode 212: With the Ubuntu Summit just around the corner, we preview a couple talks by the Ubuntu Security team, plus we look at security updates for OpenSSL, Sofia-SIP, AOM, ncurses, the Linux kernel and more. by Ubuntu Security Podcast
23 min listen
Episode 211: After a well-deserved break, Alex is back looking at the recent Ubuntu 23.10 release and the significant security technologies it introduces along with a call for testing of unprivileged user namespace restrictions, plus the details of... by Ubuntu Security Podcast
20 min listen
Episode 210: It's the Linux Security Summit in Bilbao this week and we bring you some highlights from our favourite talks, plus we cover the 25 most stubborn software weaknesses, and we look at security updates for Open VM Tools, libwebp, Django,... by Ubuntu Security Podcast
21 min listen
Episode 209: Andrei is back this week with a deep dive into recent research around CVSS scoring inconsistencies, plus we look at a recent Ubuntu blog post on the internals of package updates and the repositories, and we cover security updates in... by Ubuntu Security Podcast
25 min listen
Episode 208: This week we detail the recently announced and long-awaited feature of TPM-backed full-disk encryption for the upcoming Ubuntu 23.10 release, plus we cover security updates for elfutils, GitPython, atftp, BusyBox, Docker Registry and... by Ubuntu Security Podcast
25 min listen
Episode 207: This week we cover reports of "fake" CVEs and their impact on the FOSS security ecosystem, plus we look at security updates for PHP, Fast DDS, JOSE for C/C++, the Linux kernel, AMD Microcode and more. by Ubuntu Security Podcast
22 min listen
Episode 206: This week we talk about HTTP Content-Length handling, intricacies of group management in container environments and making sure you check your return codes while covering vulns in HAProxy, Podman, Inetutils and more, plus we put a call... by Ubuntu Security Podcast
16 min listen
Episode 205: We're back after unexpectedly going AWOL last week to bring you the latest in Ubuntu Security including the recently announced Downfall and GameOver(lay) vulnerabilities, plus we look at security updates for OpenSSH and GStreamer **and**... by Ubuntu Security Podcast
20 min listen
Episode 204: This week we look at the recent Zenbleed vulnerability affecting some AMD processors, plus we cover security updates for the Linux kernel, a high profile OpenSSH vulnerability and finally Andrei is back with a deep dive into recent... by Ubuntu Security Podcast
28 min listen
Episode 203: This week we talk about the dual use purposes of eBPF - both for security and for exploitation, and how you can keep your systems safe, plus we cover security updates for the Linux kernel, Ruby, SciPy, YAJL, ConnMan, curl and more. by Ubuntu Security Podcast
17 min listen
Episode 202: We take a sneak peek at the upcoming AppArmor 4.0 release, plus we cover vulnerabilities in AccountsService, the Linux Kernel, ReportLab, GNU Screen, containerd and more. by Ubuntu Security Podcast
22 min listen
Episode 201: This week we look at the top 25 most dangerous vulnerability types, as well as the announcement of the program for LSS EU, and we cover security updates for Bind, the Linux kernel, CUPS, etcd and more. by Ubuntu Security Podcast
20 min listen
Episode 200: For our 200th episode, we discuss the impact of Red Hat's decision to stop publicly releasing the RHEL source code, plus we cover security updates for libX11, GNU SASL, QEMU, VLC, pngcheck, the Linux kernel and a whole lot more. by Ubuntu Security Podcast
20 min listen
Episode 199: For our 199th episode Andrei looks at Fuzzing Configurations of Program Options plus we discuss Google's findings on the `io_uring` kernel subsystem and we look at vulnerability fixes for Netatalk, Jupyter Core, Vim, SSSD, GNU binutils,... by Ubuntu Security Podcast
27 min listen
Episode 198: This week we investigate the mystery of failing GPG signatures for the 16.04 ISO images, plus we look at security updates for CUPS, Avahi, the Linux kernel, FRR, Go and more. by Ubuntu Security Podcast
18 min listen

Discover this podcast and so much more

Episode 14

Episode 14

Description

Titles in the series (100)

More Episodes from Ubuntu Security Podcast