Episode 76
This week we welcome back Vineetha Kamath, Ubuntu Security Certifications Manager, to discuss the recent release of FIPS modules for Ubuntu 18.04 LTS and we look at security updates for Bind, ClamAV, QEMU, the Linux kernel and more.
Ubuntu Security Podcast · Ubuntu Security Team
May 28, 202012m 56s
Audio is streamed directly from the publisher (people.canonical.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Overview
This week we welcome back Vineetha Kamath, Ubuntu Security Certifications Manager, to discuss the recent release of FIPS modules for Ubuntu 18.04 LTS and we look at security updates for Bind, ClamAV, QEMU, the Linux kernel and more.
This week in Ubuntu Security Updates
24 unique CVEs addressed
[USN-4365-2] Bind vulnerabilities [00:37]
- 2 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM)
- Episode 75 - https://nxnsattack.com
[USN-4369-1] Linux kernel vulnerabilities [01:11]
- 8 CVEs addressed in Bionic (18.04 LTS), Eoan (19.10)
- 5.3 (19.10, 18.04 LTS HWE)
- Episode 75 for details
[USN-4370-1, USN-4370-2] ClamAV vulnerabilities [01:35]
- 2 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- Stack and heap buffer over-reads in the PDF and ARJ (Archived by Rober Jung) file parsers -> crash -> DoS
[USN-4371-1] libvirt vulnerabilities [02:36]
- 2 CVEs addressed in Bionic (18.04 LTS), Eoan (19.10)
- Memory leak able to be triggered by local users with read-only qemu access when retrieving domain stats -> DoS
[USN-4372-1] QEMU vulnerabilities [03:08]
- 5 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- UAF in libslirp
- Integer overflow in handling of ATI VGA emulation -> guest to host crash
[USN-4373-1] Thunderbird vulnerabilities [03:44]
- 5 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- 68.8.0