Episode 137

Chia sẻ

Manage episode 306950205 series 2423058
Thông tin tác giả Alex Murray and Ubuntu Security Team được phát hiện bởi Player FM và cộng đồng của chúng tôi - bản quyền thuộc sở hữu của nhà sản xuất (publisher), không thuộc về Player FM, và audio được phát trực tiếp từ máy chủ của họ. Bạn chỉ cần nhấn nút Theo dõi (Subscribe) để nhận thông tin cập nhật từ Player FM, hoặc dán URL feed vào các ứng dụng podcast khác.


This week we look at some details of the 29 unique CVEs addressed across the supported Ubuntu releases in the past 7 days and more.

This week in Ubuntu Security Updates

29 unique CVEs addressed

[USN-5131-1] Firefox vulnerabilities [00:42]

  • 6 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)
  • 94.0
    • Copy image link - copies final image URL after redirects - if a page were to then combine this with a content security policy which blocked a redirect, the image URL may then contain any authentication tokens - and so if a page could trick a user into copying and pasting that image URL into the page an attacker could steal their auth token
    • Various web framework issues

[USN-5132-1] Thunderbird vulnerabilities [01:56]

[USN-5133-1] ICU vulnerability [02:17]

  • 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
  • unicode handling library
  • UAF - could be triggered if was packaging the ICU data with malicious input -> crash / RCU

[USN-5135-1] Linux kernel vulnerability [02:43]

  • 1 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)
  • impish (5.13), hirsute (5.11), focal hwe (5.11)
  • IPC memory objects not properly accounted for in memcg - could allow to bypass limits and cause DoS

[USN-5130-1] Linux kernel vulnerabilities [03:24]

[USN-5136-1] Linux kernel vulnerabilities [04:06]

[USN-5137-1] Linux kernel vulnerabilities [04:48]

[USN-5134-1] Docker vulnerability [04:50]

  • 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)
  • If was using a private registry for docker login but also had configured credsStore and credsHelper in ~/.docker/config.json and these were not able to be executed (ie. execute bit not set or not in $PATH), then creds would get sent to the public docker registry rather than the configured private registry.

Goings on in Ubuntu Security Community

Hiring [06:00]

Security - Product Manager

  • HOME BASED - EMEA (Europe, Middle East, Africa)
  • Role includes:
    • guiding the evolution of security offerings from Canonical and Ubuntu
    • driving compliance and certification of Ubuntu
    • engaging with the open source security community
    • telling the story of Canonical’s work to deliver secure platforms
  • https://canonical.com/careers/2278145/security-product-manager-remote

Get in contact

179 tập