Episode 151

Posted on Friday, Mar 4, 2022
This week we do the usual round-up of security vulnerability fixes for the various Ubuntu releases, plus we discuss enabling PIE for Python and preview some upcoming content on Ubuntu system hardening as well.

Show Notes

Overview

This week we do the usual round-up of security vulnerability fixes for the various Ubuntu releases, plus we discuss enabling PIE for Python and preview some upcoming content on Ubuntu system hardening as well.

This week in Ubuntu Security Updates

44 unique CVEs addressed

[USN-5292-4] snapd regression [00:52]

[USN-5303-1] PHP vulnerability [01:20]

  • 1 CVEs addressed in Focal (20.04 LTS), Impish (21.10)
  • UAF - PoC exists which shows the ability to crash PHP interpreter via a crafted database query - possible RCE as well

[USN-5304-1] PolicyKit vulnerability [01:40]

  • 1 CVEs addressed in Focal (20.04 LTS), Impish (21.10)
  • fd exhaustion - send 2 requests and cause the first one to fail - leaks the fd - eventually polkit runs out of fds and crashes - will be restarted by systemd so impact is low

[USN-5305-1] MariaDB vulnerabilities [02:17]

[USN-5306-1] WebKitGTK vulnerabilities [02:44]

[USN-5307-1] QEMU vulnerabilities [02:58]

[USN-5309-1] virglrenderer vulnerabilities [03:28]

  • 2 CVEs addressed in Focal (20.04 LTS), Impish (21.10)
  • Virtual GPU for KVM
  • info leak and possible OOB write

[USN-5310-1] GNU C Library vulnerabilities [03:48]

Goings on in Ubuntu Security Community

Python + PIE? [04:45]

Security advice for running your own server [07:02]

Hiring [07:33]

Ubuntu Security Engineer

Get in contact