Daily update on current cyber security threats
…
continue reading
Conteúdo fornecido por Alex Murray and Ubuntu Security Team. Todo o conteúdo do podcast, incluindo episódios, gráficos e descrições de podcast, é carregado e fornecido diretamente por Alex Murray and Ubuntu Security Team ou por seu parceiro de plataforma de podcast. Se você acredita que alguém está usando seu trabalho protegido por direitos autorais sem sua permissão, siga o processo descrito aqui https://pt.player.fm/legal.
Parecido com Ubuntu Security Podcast
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
The Fragmented Podcast is the leading Android developer podcast started by Kaushik Gopal & Donn Felker. Our goal is to help you become a better Android Developer through conversation & to capture the zeitgeist of Android development. We chat about topics such as Testing, Dependency Injection, Patterns and Practices, useful libraries, and much more. We will also be interviewing some of the top developers out there. Subscribe now and join us on the journey of becoming a better Android Developer.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
Player FM - Aplicativo de podcast
Fique off-line com o app Player FM !
Fique off-line com o app Player FM !
))
Episode 229
Manage episode 421290257 series 2423058
Conteúdo fornecido por Alex Murray and Ubuntu Security Team. Todo o conteúdo do podcast, incluindo episódios, gráficos e descrições de podcast, é carregado e fornecido diretamente por Alex Murray and Ubuntu Security Team ou por seu parceiro de plataforma de podcast. Se você acredita que alguém está usando seu trabalho protegido por direitos autorais sem sua permissão, siga o processo descrito aqui https://pt.player.fm/legal.
Overview
As the podcast winds down for a break over the next month, this week we talk about RSA timing side-channel attacks and the recently announced DNSBomb vulnerability as we cover security updates in VLC, OpenSSL, Netatalk, WebKitGTK, amavisd-new, Unbound, Intel Microcode and more.
This week in Ubuntu Security Updates
152 unique CVEs addressed
[USN-6783-1] VLC vulnerabilities (00:54)
- 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10)
- integer underflow and a heap buffer overflow -> RCE
[USN-6663-3] OpenSSL update (01:40)
- Affecting Noble (24.04 LTS)
- [USN-6663-1] OpenSSL update from Episode 220 - hardening improvement to return deterministic random bytes instead of an error when an incorrect padding length is detected during PKCS#1 v1.5 RSA to avoid this being used for possible Bleichenbacher timing attacks
[USN-6673-3] python-cryptography vulnerability (02:32)
- 1 CVEs addressed in Noble (24.04 LTS)
- [USN-6673-1] python-cryptography vulnerabilities from Episode 220 - counterpart to the OpenSSL update mentioned earlier
[USN-6736-2] klibc vulnerabilities (02:43)
- 4 CVEs addressed in Noble (24.04 LTS)
- [USN-6736-1] klibc vulnerabilities from Episode 228
[USN-6784-1] cJSON vulnerabilities (02:58)
- 3 CVEs addressed in Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
- 2 different researchers fuzzing cJSON APIs
- all different NULL ptr deref - requires particular / “incorrect” or possible misuse use of the APIs (like passing in purposefully corrupted values) so unlikely to be an issue in practice
[USN-6785-1] GNOME Remote Desktop vulnerability (03:52)
- 1 CVEs addressed in Noble (24.04 LTS)
- Discovered by a member of the SUSE security team when reviewing g-r-d
- Exposed various DBus services that were able to be called by any unprivileged user which would then return the SSL private key used to encrypt the connection - so could allow a local user to possibly spy on the sessions of other users remotely connected to the system
[USN-6786-1] Netatalk vulnerabilities (04:45)
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- Apple file sharing implementation for Linux
- If the same path was shared via both AFP and SMB then a remote attacker could combine various operations through both file-systems (like creating a crafted symlink, which would then be followed during a second operation where a file is renamed) to allow them to overwrite arbirary files and hence achieve arbitrary code execution on the host
[USN-6788-1] WebKitGTK vulnerabilities (05:48)
- 1 CVEs addressed in Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
- Possible pointer authentication bypass - used on arm64 in particular - demonstrated at Pwn2Own earlier this year by Manfred Paul - $60k
[USN-6789-1] LibreOffice vulnerability (06:28)
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
- Unchecked script execution triggered when clicking on a graphic - allows to run arbitrary scripts without the usual prompt
[USN-6790-1] amavisd-new vulnerability (07:09)
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
- MTA / AV interface - often used in conjunction with Postfix, not just for AV but also can be used to do DKIM verification and integration with spamassassin etc
- Misinterpreted MIME message boundaries in emails, allowing email parts to possibly bypass usual checks
[USN-6791-1] Unbound vulnerability (07:46)
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
- DNSBomb attack announced recently at IEEE S&P - affecting multiple different DNS implementations including BIND, Unbound, PowerDNS, Knot, DNSMasq and others
- Unbound itself was not necessarily vulnerable to such an attack specifically, but could be used to generate such an attack against others - in particular Unbound had the highest amplification factor of ~22k times - next highest was DNSMasq at ~3k times
- Fix involves introducing a number of timeout parameters for various operations and discarding operations if they take longer than this to avoid the ability to “store up” responses to be released at a later time
[USN-6793-1] Git vulnerabilities (09:31)
- 5 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
[USN-6792-1] Flask-Security vulnerability
- 1 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS)
[USN-6794-1] FRR vulnerabilities
- 4 CVEs addressed in Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
[USN-6777-4] Linux kernel (HWE) vulnerabilities (09:40)
- 17 CVEs addressed in Xenial ESM (16.04 ESM)
- [USN-6777-1] Linux kernel vulnerabilities from Episode 228
- AWS HWE kernel (4.15)
[USN-6795-1] Linux kernel (Intel IoTG) vulnerabilities (10:00)
- 95 CVEs addressed in Jammy (22.04 LTS)
- CVE-2023-52588
- CVE-2023-52622
- CVE-2024-26920
- CVE-2023-52607
- CVE-2023-52530
- CVE-2023-52435
- CVE-2023-52615
- CVE-2024-26684
- CVE-2024-26829
- CVE-2024-26614
- CVE-2023-52489
- CVE-2023-52642
- CVE-2023-52583
- CVE-2024-26696
- CVE-2024-26627
- CVE-2024-26636
- CVE-2024-26663
- CVE-2024-26702
- CVE-2024-26685
- CVE-2024-26715
- CVE-2024-26668
- CVE-2023-52492
- CVE-2023-52498
- CVE-2024-26825
- CVE-2023-52587
- CVE-2024-26615
- CVE-2023-52608
- CVE-2024-26660
- CVE-2023-52601
- CVE-2024-26910
- CVE-2024-26676
- CVE-2023-52493
- CVE-2024-26673
- CVE-2024-26707
- CVE-2024-26698
- CVE-2024-26641
- CVE-2023-52494
- CVE-2023-52595
- CVE-2024-26697
- CVE-2023-52617
- CVE-2024-26675
- CVE-2024-26610
- CVE-2024-26606
- CVE-2023-52614
- CVE-2024-26712
- CVE-2023-52635
- CVE-2024-26689
- CVE-2024-26916
- CVE-2024-26665
- CVE-2023-52623
- CVE-2024-26635
- CVE-2024-26602
- CVE-2023-52597
- CVE-2023-52619
- CVE-2024-26808
- CVE-2024-26600
- CVE-2024-26826
- CVE-2024-26644
- CVE-2024-26695
- CVE-2023-52604
- CVE-2024-26625
- CVE-2023-52618
- CVE-2024-26664
- CVE-2024-26593
- CVE-2023-52633
- CVE-2023-52606
- CVE-2024-26640
- CVE-2023-52486
- CVE-2023-52631
- CVE-2024-26720
- CVE-2023-52599
- CVE-2024-26671
- CVE-2024-26722
- CVE-2023-52602
- CVE-2024-26645
- CVE-2023-52637
- CVE-2024-26704
- CVE-2023-52638
- CVE-2024-26717
- CVE-2024-26592
- CVE-2023-52491
- CVE-2023-52627
- CVE-2023-52598
- CVE-2024-26594
- CVE-2023-52643
- CVE-2024-26622
- CVE-2023-52594
- CVE-2024-26608
- CVE-2024-26679
- CVE-2023-52616
- CVE-2024-23849
- CVE-2024-2201
- CVE-2022-0001
- CVE-2024-1151
- CVE-2023-47233
- Very similar to [USN-6766-2] Linux kernel vulnerabilities from Episode 228
- 5.15 Intel IOTG - optimisations for various Intel IOT platforms like NUCs and Atom-based devices - low power x86
[USN-6779-2] Firefox regressions (10:30)
- 14 CVEs addressed in Focal (20.04 LTS)
- 126.0.1 - drag-and-drop was broken in 126.0
[USN-6787-1] Jinja2 vulnerability (10:48)
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
- Incorrect handling of various HTML attributes - attacker could then possibly inject arbitrary HTML attrs/values and hence inject JS code to peform XSS attacks etc
[USN-6797-1] Intel Microcode vulnerabilities (11:22)
- 9 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
- Latest release from upstream - mitigates against various hardware vulns
- A couple issues in SGX/TDX on different Intel Xeon processors:
- Invalid restrictions -> local root -> super-privesc
- Invalid input on TDX -> local root -> super-privesc
- Invalid SGX base key calculation -> info leak
- Transient execution attacks to read privileged information
- DoS through bus lock mishandling or through invalid instruction sequences
- A couple issues in SGX/TDX on different Intel Xeon processors:
Get in contact
248 episódios
Compartilhar
Manage episode 421290257 series 2423058
Conteúdo fornecido por Alex Murray and Ubuntu Security Team. Todo o conteúdo do podcast, incluindo episódios, gráficos e descrições de podcast, é carregado e fornecido diretamente por Alex Murray and Ubuntu Security Team ou por seu parceiro de plataforma de podcast. Se você acredita que alguém está usando seu trabalho protegido por direitos autorais sem sua permissão, siga o processo descrito aqui https://pt.player.fm/legal.
Overview
As the podcast winds down for a break over the next month, this week we talk about RSA timing side-channel attacks and the recently announced DNSBomb vulnerability as we cover security updates in VLC, OpenSSL, Netatalk, WebKitGTK, amavisd-new, Unbound, Intel Microcode and more.
This week in Ubuntu Security Updates
152 unique CVEs addressed
[USN-6783-1] VLC vulnerabilities (00:54)
- 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10)
- integer underflow and a heap buffer overflow -> RCE
[USN-6663-3] OpenSSL update (01:40)
- Affecting Noble (24.04 LTS)
- [USN-6663-1] OpenSSL update from Episode 220 - hardening improvement to return deterministic random bytes instead of an error when an incorrect padding length is detected during PKCS#1 v1.5 RSA to avoid this being used for possible Bleichenbacher timing attacks
[USN-6673-3] python-cryptography vulnerability (02:32)
- 1 CVEs addressed in Noble (24.04 LTS)
- [USN-6673-1] python-cryptography vulnerabilities from Episode 220 - counterpart to the OpenSSL update mentioned earlier
[USN-6736-2] klibc vulnerabilities (02:43)
- 4 CVEs addressed in Noble (24.04 LTS)
- [USN-6736-1] klibc vulnerabilities from Episode 228
[USN-6784-1] cJSON vulnerabilities (02:58)
- 3 CVEs addressed in Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
- 2 different researchers fuzzing cJSON APIs
- all different NULL ptr deref - requires particular / “incorrect” or possible misuse use of the APIs (like passing in purposefully corrupted values) so unlikely to be an issue in practice
[USN-6785-1] GNOME Remote Desktop vulnerability (03:52)
- 1 CVEs addressed in Noble (24.04 LTS)
- Discovered by a member of the SUSE security team when reviewing g-r-d
- Exposed various DBus services that were able to be called by any unprivileged user which would then return the SSL private key used to encrypt the connection - so could allow a local user to possibly spy on the sessions of other users remotely connected to the system
[USN-6786-1] Netatalk vulnerabilities (04:45)
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- Apple file sharing implementation for Linux
- If the same path was shared via both AFP and SMB then a remote attacker could combine various operations through both file-systems (like creating a crafted symlink, which would then be followed during a second operation where a file is renamed) to allow them to overwrite arbirary files and hence achieve arbitrary code execution on the host
[USN-6788-1] WebKitGTK vulnerabilities (05:48)
- 1 CVEs addressed in Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
- Possible pointer authentication bypass - used on arm64 in particular - demonstrated at Pwn2Own earlier this year by Manfred Paul - $60k
[USN-6789-1] LibreOffice vulnerability (06:28)
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
- Unchecked script execution triggered when clicking on a graphic - allows to run arbitrary scripts without the usual prompt
[USN-6790-1] amavisd-new vulnerability (07:09)
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
- MTA / AV interface - often used in conjunction with Postfix, not just for AV but also can be used to do DKIM verification and integration with spamassassin etc
- Misinterpreted MIME message boundaries in emails, allowing email parts to possibly bypass usual checks
[USN-6791-1] Unbound vulnerability (07:46)
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
- DNSBomb attack announced recently at IEEE S&P - affecting multiple different DNS implementations including BIND, Unbound, PowerDNS, Knot, DNSMasq and others
- Unbound itself was not necessarily vulnerable to such an attack specifically, but could be used to generate such an attack against others - in particular Unbound had the highest amplification factor of ~22k times - next highest was DNSMasq at ~3k times
- Fix involves introducing a number of timeout parameters for various operations and discarding operations if they take longer than this to avoid the ability to “store up” responses to be released at a later time
[USN-6793-1] Git vulnerabilities (09:31)
- 5 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
[USN-6792-1] Flask-Security vulnerability
- 1 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS)
[USN-6794-1] FRR vulnerabilities
- 4 CVEs addressed in Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
[USN-6777-4] Linux kernel (HWE) vulnerabilities (09:40)
- 17 CVEs addressed in Xenial ESM (16.04 ESM)
- [USN-6777-1] Linux kernel vulnerabilities from Episode 228
- AWS HWE kernel (4.15)
[USN-6795-1] Linux kernel (Intel IoTG) vulnerabilities (10:00)
- 95 CVEs addressed in Jammy (22.04 LTS)
- CVE-2023-52588
- CVE-2023-52622
- CVE-2024-26920
- CVE-2023-52607
- CVE-2023-52530
- CVE-2023-52435
- CVE-2023-52615
- CVE-2024-26684
- CVE-2024-26829
- CVE-2024-26614
- CVE-2023-52489
- CVE-2023-52642
- CVE-2023-52583
- CVE-2024-26696
- CVE-2024-26627
- CVE-2024-26636
- CVE-2024-26663
- CVE-2024-26702
- CVE-2024-26685
- CVE-2024-26715
- CVE-2024-26668
- CVE-2023-52492
- CVE-2023-52498
- CVE-2024-26825
- CVE-2023-52587
- CVE-2024-26615
- CVE-2023-52608
- CVE-2024-26660
- CVE-2023-52601
- CVE-2024-26910
- CVE-2024-26676
- CVE-2023-52493
- CVE-2024-26673
- CVE-2024-26707
- CVE-2024-26698
- CVE-2024-26641
- CVE-2023-52494
- CVE-2023-52595
- CVE-2024-26697
- CVE-2023-52617
- CVE-2024-26675
- CVE-2024-26610
- CVE-2024-26606
- CVE-2023-52614
- CVE-2024-26712
- CVE-2023-52635
- CVE-2024-26689
- CVE-2024-26916
- CVE-2024-26665
- CVE-2023-52623
- CVE-2024-26635
- CVE-2024-26602
- CVE-2023-52597
- CVE-2023-52619
- CVE-2024-26808
- CVE-2024-26600
- CVE-2024-26826
- CVE-2024-26644
- CVE-2024-26695
- CVE-2023-52604
- CVE-2024-26625
- CVE-2023-52618
- CVE-2024-26664
- CVE-2024-26593
- CVE-2023-52633
- CVE-2023-52606
- CVE-2024-26640
- CVE-2023-52486
- CVE-2023-52631
- CVE-2024-26720
- CVE-2023-52599
- CVE-2024-26671
- CVE-2024-26722
- CVE-2023-52602
- CVE-2024-26645
- CVE-2023-52637
- CVE-2024-26704
- CVE-2023-52638
- CVE-2024-26717
- CVE-2024-26592
- CVE-2023-52491
- CVE-2023-52627
- CVE-2023-52598
- CVE-2024-26594
- CVE-2023-52643
- CVE-2024-26622
- CVE-2023-52594
- CVE-2024-26608
- CVE-2024-26679
- CVE-2023-52616
- CVE-2024-23849
- CVE-2024-2201
- CVE-2022-0001
- CVE-2024-1151
- CVE-2023-47233
- Very similar to [USN-6766-2] Linux kernel vulnerabilities from Episode 228
- 5.15 Intel IOTG - optimisations for various Intel IOT platforms like NUCs and Atom-based devices - low power x86
[USN-6779-2] Firefox regressions (10:30)
- 14 CVEs addressed in Focal (20.04 LTS)
- 126.0.1 - drag-and-drop was broken in 126.0
[USN-6787-1] Jinja2 vulnerability (10:48)
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
- Incorrect handling of various HTML attributes - attacker could then possibly inject arbitrary HTML attrs/values and hence inject JS code to peform XSS attacks etc
[USN-6797-1] Intel Microcode vulnerabilities (11:22)
- 9 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
- Latest release from upstream - mitigates against various hardware vulns
- A couple issues in SGX/TDX on different Intel Xeon processors:
- Invalid restrictions -> local root -> super-privesc
- Invalid input on TDX -> local root -> super-privesc
- Invalid SGX base key calculation -> info leak
- Transient execution attacks to read privileged information
- DoS through bus lock mishandling or through invalid instruction sequences
- A couple issues in SGX/TDX on different Intel Xeon processors:
Get in contact
248 episódios
همه قسمت ها
×
Bem vindo ao Player FM!
O Player FM procura na web por podcasts de alta qualidade para você curtir agora mesmo. É o melhor app de podcast e funciona no Android, iPhone e web. Inscreva-se para sincronizar as assinaturas entre os dispositivos.
Parecido com Ubuntu Security Podcast
Daily update on current cyber security threats
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
The Fragmented Podcast is the leading Android developer podcast started by Kaushik Gopal & Donn Felker. Our goal is to help you become a better Android Developer through conversation & to capture the zeitgeist of Android development. We chat about topics such as Testing, Dependency Injection, Patterns and Practices, useful libraries, and much more. We will also be interviewing some of the top developers out there. Subscribe now and join us on the journey of becoming a better Android Developer.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
Player FM - Aplicativo de podcast
Fique off-line com o app Player FM !
Fique off-line com o app Player FM !
