Ubuntu Security Podcast

Happy holidays! This week we bring you the first part of a special two-part holiday themed feature by Camila from the Ubuntu Security team discussing the top cyber threats faced during the holidays.

Just in time for the holidays, Log4Shell comes along to wreck everyone's weekend - so we take a deep dive into the vulnerability that has set the internet on fire, plus we cover security updates for BlueZ, Firefox, Flatpak and more.

A preview of some things to come for the Ubuntu Security Podcast plus we cover security updates for Samba, uriparser, libmodbus, MariaDB, Mailman and more.

A gnarly old bug in NSS is unearthed, plus we cover security updates for ICU, the Linux kernel and ImageMagick as well.

This week we put out a call for testing and feedback on proposed Samba updates for Ubuntu 18.04 LTS plus we look at security updates for Mailman, Thunderbird, LibreOffice, BlueZ and more.

This week we discuss some of the challenges and trade-offs encountered when providing security support for ageing software, plus we discuss security updates for the Linux kernel, Firejail, Samba, PostgreSQL and more.

This week we look at some details of the 29 unique CVEs addressed across the supported Ubuntu releases in the past 7 days and more.

The road to Ubuntu 22.04 LTS begins so we look at some of its planned features plus we cover security updates for the Linux kernel, Mailman, Apport, PHP, Bind and more.

Ubuntu 20.04 LTS targeted at Tianfu Cup 2021 plus we cover security updates for Linux kernel, nginx, Ardour and strongSwan.

It's release week! As Ubuntu 21.10 Impish Indri is released we take a look at some of the new security features it brings, plus we cover security updates for containerd, MongoDB, Mercurial, docker.io and more.

This week we look at a Wifi lookalike attack dubbed "SSID stripping" plus updates for ca-certificates, EDK II, Apache, the Linux kernel and even vim!

Extended Security Maintenance gets an extension, Linux disk encryption and authentication goes under the microscope and we cover security updates for libgcrypt, the Linux kernel, Python, and more.

OWASP Top 10 gets updated for 2021 and we look at security vulnerabilities in the Linux kernel, Ghostscript, Git, curl and more.

This week we discuss compiler warnings as build errors in the Linux kernel, plus we look at security updates for HAProxy, GNU cpio, PySAML2, mod-auth-mellon and more.

This week we look at a malware campaign associated with the popular Krita painting application, plus we cover security updates for MongoDB, libssh, Squashfs-Tools, Thunderbird and more.

This week we dive into Trend Micro's recent Linux Threat Report and the release of Ubuntu 20.04.3 LTS, plus we detail security updates for Inetutils telnetd, the Linux kernel and OpenSSL.

This week we look at security updates for Firefox, PostgreSQL, MariaDB, HAProxy, the Linux kernel and more, plus we cover some current openings on the team - come join us ☺

This week Ubuntu 20.04 LTS was FIPS 140-2 certified plus the AppArmor project made some point releases, and we released security updates for Docker, Perl, c-ares, GPSd and more.

This week we discuss new kernel memory hardening and security development proposals from Ubuntu Security Alumnus Kees Cook, plus we look at details of security updates for WebKitGTK, libsndfile, GnuTLS, exiv2 and more.

It's another week when too many security updates are never enough as we cover 240 CVE fixes across Avahi, QEMU, the Linux kernel, containerd, binutils and more, plus the Ubuntu 20.10 Groovy Gorilla end-of-life.

Is npm audit more harm than good? Plus this week we look at security updates for DjVuLibre, libuv, PHP and more.

This week we look at some new Linux kernel security features including the Landlock LSM and Core Scheduling plus we cover security updates for RabbitMQ, Ceph, Thunderbird and more.

Ubuntu One opens up two-factor authentication for all, plus we cover security updates for Nettle, libxml2, GRUB2, the Linux kernel and more.

In this week's episode we look at how to get media coverage for your shiny new vulnerability, plus we cover security updates for ExifTool, ImageMagick, BlueZ and more.

This week we cover security updates for the Linux kernel, PolicyKit, Intel Microcode and more, plus we look at a report of an apparent malicious snap in the Snap Store and some of the mechanics behind snap confinement.

This week we look at DMCA notices sent against Ubuntu ISOs plus security updates for nginx, DHCP, Lasso, Django, Dnsmasq and more.

This week we're talking about moving IRC networks plus security updates for Pillow, Babel, Apport, X11 and more.

With 60 CVEs fixed across MySQL, Django, Please and the Linux kernel this week we take a look at some of these details, plus look at the recent announcement of 1Password for Linux and some open positions on the team too.

This week we look at some details of the 90 unique CVEs addressed across the supported Ubuntu releases and more.

This week we look at the response from the Linux Technical Advisory Board to the UMN Linux kernel incident, plus we cover the 21Nails Exim vulnerabilities as well as updates for Bind, Samba, OpenVPN and more.

With 21 CVEs fixed this week we look at updates for Dnsmasq, Firefox, OpenJDK and more, plus we discuss the recent release of Ubuntu 21.04 and malicious commits in the upstream Linux kernel.

This week we look at a reboot of the DWF project, Rust in the Linux kernel, an Ubuntu security webinar plus some details of the 45 CVEs addressed across the Ubuntu releases this last week and more.

This week we look at how Ubuntu is faring at Pwn2Own 2021 (which still has 1 day and 2 more attempts at pwning Ubuntu 20.10 to go) plus we look at security updates for SpamAssassin, the Linux kernel, Rack and Django, and we cover some open positions on the Ubuntu Security team too.

This week we look at 2 years of 14.04 ESM, a kernel Livepatch issue, DNS-over-HTTPS for Google Chrome plus security updates for ldb, OpenSSL, Squid, curl and more.

This week we look at security updates for containerd, Ruby, the Linux kernel, Pygments and more, plus we cover some open positions within the team as well.

This week we start preparing for 16.04 LTS to transition to Extended Security Maintenance, plus we look at security updates for OpenSSH, Python, the Linux kernel and more, as well as some currently open positions on our team.

This week we check on the status of the pending GRUB2 Secure Boot updates and detail some open positions within the team, plus we look at security updates for GLib, zstd, Go, Git and more.

This week we talk about more BootHole-like vulnerabilities in GRUB2, a Spectre exploit found in-the-wild, security updates for xterm, screen, Python, wpa_supplicant and more.

This week we discuss security updates in Linux Mint, Google funding Linux kernel security development and details for security updates in BIND, OpenSSL, Jackson, OpenLDAP and more.

This week we take a look at a long-awaited update of Thunderbird in Ubuntu 20.04LTS, plus security updates for Open vSwitch, JUnit 4, PostSRSd, GNOME Autoar and more.

This week we take a deep dive look at 2 recent vulnerabilities in the popular application containerisation frameworks, snapd and flatpak, plus we cover security updates for MiniDLNA, PHP-PEAR, the Linux kernel and more.

This week we discuss the recent high profile vulnerability found in libcrypt 1.9.0, plus we look at updates for the Linux kernel, XStream, Django, Apport and more.

In the first episode for 2021 we bring back Joe McManus to discuss the SolarWinds hack plus we look at vulnerabilities in sudo, NVIDIA graphics drivers and mutt. We also cover some open positions in the team and say farewell to long-time Ubuntu Security superstar Jamie Strandboge.

For the last episode of 2020, we look back at the most "popular" packages on this podcast for this year as well as the biggest vulnerabilities from 2020, plus a BootHole presentation at Ubuntu Masters as well as vulnerability fixes from the past week too.

This week we look at security updates for Mutt, Thunderbird, Poppler, QEMU, containerd, Linux kernel & more, plus we discuss the 2020 State of the Octoverse Security Report from Github, Launchpad GPG keyserver migration, a new AppArmor release & some open positions on the team.

This week we look at updates for c-ares, PulseAudio, phpMyAdmin and more, plus we cover security news from the Ubuntu community including planning for 16.04 LTS to transition to ESM, libgcrypt FIPS cerified for 18.04 LTS and a proposal for making home directories more secure for upcoming Ubuntu releases as well.

This week we look at vulnerabilities in MoinMoin, OpenLDAP, Kerberos, Raptor (including a discussion of CVE workflows and the oss-security mailing list) and more, whilst in community news we talk about the upcoming AppArmor webinar, migration of Ubuntu CVE information to ubuntu.com and reverse engineering of malware by the Canonical Sustaining Engineering team.

This week we look at results from the Tianfu Cup 2020, the PLATYPUS attack against Intel CPUs, a detailed writeup of the GDM/accountsservice vulnerabilities covered in [Episode 95](https://ubuntusecuritypodcast.org/episode-95/) and more.

This week we look at vulnerabilities in Samba, GDM, AccountsService, GOsa and more, plus we cover some AppArmor related Ubuntu Security community updates as well.

This week we cover news of the CITL drop of 7000 "vulnerabilities", the Ubuntu Security disclosure and embargo policy plus we look at security updates for pip, blueman, the Linux kernel and more.