Episode 76
Posted on Thursday, May 28, 2020
This week we welcome back Vineetha Kamath, Ubuntu Security Certifications
Manager, to discuss the recent release of FIPS modules for Ubuntu 18.04 LTS
and we look at security updates for Bind, ClamAV, QEMU, the Linux kernel
and more.
Show Notes
Overview
This week we welcome back Vineetha Kamath, Ubuntu Security Certifications Manager, to discuss the recent release of FIPS modules for Ubuntu 18.04 LTS and we look at security updates for Bind, ClamAV, QEMU, the Linux kernel and more.
This week in Ubuntu Security Updates
24 unique CVEs addressed
[USN-4365-2] Bind vulnerabilities [00:37]
- 2 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM)
- Episode 75 - https://nxnsattack.com
[USN-4369-1] Linux kernel vulnerabilities [01:11]
- 8 CVEs addressed in Bionic (18.04 LTS), Eoan (19.10)
- 5.3 (19.10, 18.04 LTS HWE)
- Episode 75 for details
[USN-4370-1, USN-4370-2] ClamAV vulnerabilities [01:35]
- 2 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- Stack and heap buffer over-reads in the PDF and ARJ (Archived by Rober Jung) file parsers -> crash -> DoS
[USN-4371-1] libvirt vulnerabilities [02:36]
- 2 CVEs addressed in Bionic (18.04 LTS), Eoan (19.10)
- Memory leak able to be triggered by local users with read-only qemu access when retrieving domain stats -> DoS
[USN-4372-1] QEMU vulnerabilities [03:08]
- 5 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- UAF in libslirp
- Integer overflow in handling of ATI VGA emulation -> guest to host crash
[USN-4373-1] Thunderbird vulnerabilities [03:44]
- 5 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- 68.8.0