This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
内容由Alex Murray and Ubuntu Security Team提供。所有播客内容(包括剧集、图形和播客描述)均由 Alex Murray and Ubuntu Security Team 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
类似 Ubuntu Security Podcast 的节目
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Player FM -播客应用
使用Player FM应用程序离线!
使用Player FM应用程序离线!
))
Episode 145
Manage episode 316751669 series 2423058
内容由Alex Murray and Ubuntu Security Team提供。所有播客内容(包括剧集、图形和播客描述)均由 Alex Murray and Ubuntu Security Team 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
Overview
The Ubuntu Security Podcast is back for 2022 and we’re starting off the year with a bang💥! This week we bring you a special interview with Kees Cook of Google and the Linux Kernel Self Protection Project discussing Linux kernel hardening upstream developments. Plus we look at security updates for Mumble, Apache Log4j2, OpenJDK and more.
This week in Ubuntu Security Updates
31 unique CVEs addressed
[USN-5195-1] Mumble vulnerability [01:02]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- Low-latency VoIP client - client / server model
- Client picks a server to connect to from public server list
- Malicious actor could register a server with a web URL that uses some other protocol - e.g.
smbto then refer to a.desktopfile - When user chose the option to ‘Open Webpage’ for that server, would automatically fetch and execute via underlying Qt framework libraries
QDesktopServices::openUrlfunction - Fixed to check URI scheme and only open if is http/https
- Wonder if this kind of vuln may be seen in other applications?
[USN-5192-2] Apache Log4j 2 vulnerability [02:13]
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
- Log4j2 update for 16.04 ESM - see Episode 142
[USN-5203-1] Apache Log4j 2 vulnerability
- 1 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)
- More Log4j2 vulns - possible to crash applications using log4j2 by specifying a crafted string that would get logged which would then cause infinite recursion when doing lookup evaluation
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Log4Shell
[USN-5202-1] OpenJDK vulnerabilities [03:13]
- 14 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)
- Mix of issues resolved with this latest point release update for openjdk-8 and openjdk-11
- Info leak via FTP client impl when connecting to malicious FTP server
- Mishandling of JARs with multiple manifests -> signature verification bypass
- Sandbox escape via crafted Java class
- Use of weak crypto ciphers by default -> info leak
- DoS via malicious RTF, BMP or class files
- and more…
[USN-5199-1, USN-5200-1, USN-5201-1] Python vulnerabilities [04:26]
- 1 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04) for Python 3.8/3.9
- 2 CVEs addressed in Bionic (18.04 LTS) for Python 3.6
- 3 CVEs addressed in Bionic (18.04 LTS) for Python 3.7/3.8
- 3 different DoS via urllib http client
- infinite loop when handling
100 Continueresponses - malicious HTTP server could cause a DoS against clients - affects all - ReDoS due to quadratic complexity regex in basic auth handling - only affects Python 3.6->3.8 in Ubuntu 18.04
- Similar but different ReDos in basic auth handling - only affects Python 3.7/3.8 in Ubuntu 18.04
- infinite loop when handling
[USN-5198-1] HTMLDOC vulnerability [05:37]
- 1 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04)
- Used to covert HTML/Markdown files to generate EPUB/HTML/PS/PDF with ToC etc
- Through fuzzing a NULL ptr deref was found if given crafted input HTML file -> crash -> DoS
[USN-5186-2] Firefox regressions [06:06]
- 10 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)
- 95.0.1
- WebRender crash on some X11 systems
- Failure to connect to microsoft.com domains
Goings on in Ubuntu Security Community
Seth and John talk Linux Kernel Security with Kees Cook [06:53]
- Seth Arnold and John Johansen from the Ubuntu Security team chat with Kees Cook from Google (KSPP) about Linux kernel hardening and self-protection, including KASLR and FGKASLR, delving into the finer points of linker scripts, kernel address pointer info leaks through debug logs, detecting possible integer overflows in C by relying on undefined behaviour of signed integer wraparound, hardware support for detecting memory corruption and more.
Get in contact
231集单集
分享
Manage episode 316751669 series 2423058
内容由Alex Murray and Ubuntu Security Team提供。所有播客内容(包括剧集、图形和播客描述)均由 Alex Murray and Ubuntu Security Team 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
Overview
The Ubuntu Security Podcast is back for 2022 and we’re starting off the year with a bang💥! This week we bring you a special interview with Kees Cook of Google and the Linux Kernel Self Protection Project discussing Linux kernel hardening upstream developments. Plus we look at security updates for Mumble, Apache Log4j2, OpenJDK and more.
This week in Ubuntu Security Updates
31 unique CVEs addressed
[USN-5195-1] Mumble vulnerability [01:02]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- Low-latency VoIP client - client / server model
- Client picks a server to connect to from public server list
- Malicious actor could register a server with a web URL that uses some other protocol - e.g.
smbto then refer to a.desktopfile - When user chose the option to ‘Open Webpage’ for that server, would automatically fetch and execute via underlying Qt framework libraries
QDesktopServices::openUrlfunction - Fixed to check URI scheme and only open if is http/https
- Wonder if this kind of vuln may be seen in other applications?
[USN-5192-2] Apache Log4j 2 vulnerability [02:13]
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
- Log4j2 update for 16.04 ESM - see Episode 142
[USN-5203-1] Apache Log4j 2 vulnerability
- 1 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)
- More Log4j2 vulns - possible to crash applications using log4j2 by specifying a crafted string that would get logged which would then cause infinite recursion when doing lookup evaluation
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Log4Shell
[USN-5202-1] OpenJDK vulnerabilities [03:13]
- 14 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)
- Mix of issues resolved with this latest point release update for openjdk-8 and openjdk-11
- Info leak via FTP client impl when connecting to malicious FTP server
- Mishandling of JARs with multiple manifests -> signature verification bypass
- Sandbox escape via crafted Java class
- Use of weak crypto ciphers by default -> info leak
- DoS via malicious RTF, BMP or class files
- and more…
[USN-5199-1, USN-5200-1, USN-5201-1] Python vulnerabilities [04:26]
- 1 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04) for Python 3.8/3.9
- 2 CVEs addressed in Bionic (18.04 LTS) for Python 3.6
- 3 CVEs addressed in Bionic (18.04 LTS) for Python 3.7/3.8
- 3 different DoS via urllib http client
- infinite loop when handling
100 Continueresponses - malicious HTTP server could cause a DoS against clients - affects all - ReDoS due to quadratic complexity regex in basic auth handling - only affects Python 3.6->3.8 in Ubuntu 18.04
- Similar but different ReDos in basic auth handling - only affects Python 3.7/3.8 in Ubuntu 18.04
- infinite loop when handling
[USN-5198-1] HTMLDOC vulnerability [05:37]
- 1 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04)
- Used to covert HTML/Markdown files to generate EPUB/HTML/PS/PDF with ToC etc
- Through fuzzing a NULL ptr deref was found if given crafted input HTML file -> crash -> DoS
[USN-5186-2] Firefox regressions [06:06]
- 10 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)
- 95.0.1
- WebRender crash on some X11 systems
- Failure to connect to microsoft.com domains
Goings on in Ubuntu Security Community
Seth and John talk Linux Kernel Security with Kees Cook [06:53]
- Seth Arnold and John Johansen from the Ubuntu Security team chat with Kees Cook from Google (KSPP) about Linux kernel hardening and self-protection, including KASLR and FGKASLR, delving into the finer points of linker scripts, kernel address pointer info leaks through debug logs, detecting possible integer overflows in C by relying on undefined behaviour of signed integer wraparound, hardware support for detecting memory corruption and more.
Get in contact
231集单集
所有剧集
×
欢迎使用Player FM
Player FM正在网上搜索高质量的播客,以便您现在享受。它是最好的播客应用程序,适用于安卓、iPhone和网络。注册以跨设备同步订阅。
类似 Ubuntu Security Podcast 的节目
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Player FM -播客应用
使用Player FM应用程序离线!
使用Player FM应用程序离线!
