After a longer-than-expected break, the Ubuntu Security Podcast is back, covering some highlights of the various security items planned during the 23.04 development cycle, our entrance into the fediverse of Mastodon, some open positions on the team and some of the details of the various security updates from the past week.
67 unique CVEs addressed
io_uring-> UAF (from Pwn2Own 2022)
CAP_NET_ADMINbut this can be obtained from within an unprivileged user namespace
/dev/shmand the other around the handling of UNIX domain sockets - could be combined together with another unspecified vulnerability in a different component installed by default on Ubuntu Server 22.04 to achieve privilege escalation to root - will be interesting to find out what this other vulnerability is in the future