Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Indhold leveret af Alex Murray and Ubuntu Security Team. Alt podcastindhold inklusive episoder, grafik og podcastbeskrivelser uploades og leveres direkte af Alex Murray and Ubuntu Security Team eller deres podcastplatformspartner. Hvis du mener, at nogen bruger dit ophavsretligt beskyttede værk uden din tilladelse, kan du følge processen beskrevet her https://da.player.fm/legal.
Minder om Ubuntu Security Podcast
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
The Fragmented Podcast is the leading Android developer podcast started by Kaushik Gopal & Donn Felker. Our goal is to help you become a better Android Developer through conversation & to capture the zeitgeist of Android development. We chat about topics such as Testing, Dependency Injection, Patterns and Practices, useful libraries, and much more. We will also be interviewing some of the top developers out there. Subscribe now and join us on the journey of becoming a better Android Developer.
…
continue reading
Daily update on current cyber security threats
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Player FM - Podcast-app
Gå offline med appen Player FM !
Gå offline med appen Player FM !
))
Episode 237
Manage episode 440825810 series 2423058
Indhold leveret af Alex Murray and Ubuntu Security Team. Alt podcastindhold inklusive episoder, grafik og podcastbeskrivelser uploades og leveres direkte af Alex Murray and Ubuntu Security Team eller deres podcastplatformspartner. Hvis du mener, at nogen bruger dit ophavsretligt beskyttede værk uden din tilladelse, kan du følge processen beskrevet her https://da.player.fm/legal.
Overview
John and Maximé have been talking about Ubuntu’s AppArmor user namespace restrictions at the the Linux Security Summit in Europe this past week, plus we cover some more details from the official announcement of permission prompting in Ubuntu 24.10, a new release of Intel TDX for Ubuntu 24.04 LTS and more.
This week in Ubuntu Security Updates (01:11)
613 unique CVEs addressed in the past fortnight
[USN-6989-1] OpenStack vulnerability
- 1 CVEs addressed in Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-6990-1] znc vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-6992-1] Firefox vulnerabilities
- 8 CVEs addressed in Focal (20.04 LTS)
[USN-6993-1] Vim vulnerabilities
- 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-6991-1] AIOHTTP vulnerability
- 1 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-6995-1] Thunderbird vulnerabilities
- 10 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
[USN-6996-1] WebKitGTK vulnerabilities
- 6 CVEs addressed in Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-6841-2] PHP vulnerability
- 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM)
[USN-6997-1, USN-6997-2] LibTIFF vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-6994-1] Netty vulnerabilities
- 2 CVEs addressed in Jammy (22.04 LTS)
- HTTP/2 DoS, seen exploited in the wild and listen on the CISA KEV
[USN-6998-1] Unbound vulnerabilities
- 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-6999-1] Linux kernel vulnerabilities
- 220 CVEs addressed in Noble (24.04 LTS)
- Full CVE list elided - see USN for details
[USN-7003-1, USN-7003-2, USN-7003-3] Linux kernel vulnerabilities
- 85 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS)
- Full CVE list elided - see USN for details
[USN-7004-1] Linux kernel vulnerabilities
- 221 CVEs addressed in Noble (24.04 LTS)
- Full CVE list elided - see USN for details
[USN-7005-1, USN-7005-2] Linux kernel vulnerabilities
- 219 CVEs addressed in Jammy (22.04 LTS), Noble (24.04 LTS)
- Full CVE list elided - see USN for details
[USN-7006-1] Linux kernel vulnerabilities
- 94 CVEs addressed in Focal (20.04 LTS)
- Full CVE list elided - see USN for details
[USN-7007-1] Linux kernel vulnerabilities
- 219 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- Full CVE list elided - see USN for details
[USN-7008-1] Linux kernel vulnerabilities
- 222 CVEs addressed in Jammy (22.04 LTS)
- Full CVE list elided - see USN for details
[USN-7009-1] Linux kernel vulnerabilities
- 219 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- Full CVE list elided - see USN for details
[USN-7019-1] Linux kernel vulnerabilities
- 429 CVEs addressed in Jammy (22.04 LTS)
- Full CVE list elided - see USN for details
[USN-7002-1] Setuptools vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-7000-1, USN-7000-2] Expat vulnerabilities
- 3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-7001-1, USN-7001-2] xmltok library vulnerabilities
- 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-6560-3] OpenSSH vulnerability
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-7011-1, USN-7011-2] ClamAV vulnerabilities
- 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-7012-1] curl vulnerability
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-7013-1] Dovecot vulnerabilities
- 2 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
[USN-7014-1] nginx vulnerability
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-7015-1] Python vulnerabilities
- 5 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-7010-1] DCMTK vulnerabilities
- 9 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-7016-1] FRR vulnerability
- 1 CVEs addressed in Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-7017-1] Quagga vulnerability
- 1 CVEs addressed in Focal (20.04 LTS)
[USN-7018-1] OpenSSL vulnerabilities
- 6 CVEs addressed in Trusty ESM (14.04 ESM)
Goings on in Ubuntu Security Community
Linux Security Summit Europe 2024 (03:44)
- https://events.linuxfoundation.org/linux-security-summit-europe/program/schedule/
- Sep 16-17 - Vienna, Austria
- John Johansen and Maxime Bélair from AppArmor team presented “Restricting Unprivileged User Namespaces in Ubuntu”
- Other talks
- Deep-dive into xz-utils supply chain attack
- Internals of the SLUB memory allocator for exploit developers
- Landlock update - including details of new IOCTL restrictions etc
- systemd and TPM2 update
Official announcement of Permissions Prompting in Ubuntu 24.10 (09:00)
- https://discourse.ubuntu.com/t/ubuntu-desktop-s-24-10-dev-cycle-part-5-introducing-permissions-prompting/47963
- Ubuntu Security Center with snapd-based AppArmor home file access prompting preview in episode 236
- Even works for command-line applications etc - not just graphical
- Covers future developments as well:
- Better default response suggestions based on user feedback.
- Shell integration of the prompting pop-ups (eg full screen takeovers)
- Improved rule management summaries and better messaging of overlapping or redundant prompts.
- Expansion of the prompting system to cover additional snap interfaces such as camera and microphone access.
- Smarter client side analysis of prompts, recommending additional options if multiple similar prompts are detected.
Version 2.1 of IntelⓇ TDX on Ubuntu 24.04 LTS Released (11:46)
- https://discourse.ubuntu.com/t/version-2-1-of-intel-tdx-on-ubuntu-24-04-lts-released/47918/1
- Confidential computing - using TDX to run VMs in confidential mode - runs workloads (VMs) in hardware-backed isolated execution environments (Trust Domains). VM memory isolation via encryption in hardware so can’t be accessed by the hypervisor, remote attestation etc (Confidential Computing with Ijlal Loutfi and Karen Horovitz from Episode 230)
- https://discourse.ubuntu.com/t/intel-tdx-1-0-technology-preview-available-on-ubuntu-23-10/40698
- Scripting to setup the required elements to use TDX on Ubuntu 24.04 host and then setup guest VMs to run in confidential mode
- Install server image, run scripts, enable TDX in BIOS, create VM images etc
- Can also configure remote attestation of VM too
- See full changes at https://github.com/canonical/tdx/releases/tag/2.1
Ubuntu 22.04.5 LTS released (13:45)
- https://discourse.ubuntu.com/t/jammy-jellyfish-point-release-changes/29835/8
- Only covers changes in main and restricted, doesn’t list security updates either
- https://discourse.ubuntu.com/t/jammy-jellyfish-release-notes/24668
AppArmor security update for CVE-2016-1585 published (14:23)
- Upcoming AppArmor Security update for CVE-2016-1585 from Episode 226
- https://discourse.ubuntu.com/t/upcoming-apparmor-security-update-for-cve-2016-1585/44268/3
- Now published to -updates pocket for 20.04 LTS and 22.04 LTS
- Will be published to -security pocket next week
Get in contact
245 episoder
Del
Manage episode 440825810 series 2423058
Indhold leveret af Alex Murray and Ubuntu Security Team. Alt podcastindhold inklusive episoder, grafik og podcastbeskrivelser uploades og leveres direkte af Alex Murray and Ubuntu Security Team eller deres podcastplatformspartner. Hvis du mener, at nogen bruger dit ophavsretligt beskyttede værk uden din tilladelse, kan du følge processen beskrevet her https://da.player.fm/legal.
Overview
John and Maximé have been talking about Ubuntu’s AppArmor user namespace restrictions at the the Linux Security Summit in Europe this past week, plus we cover some more details from the official announcement of permission prompting in Ubuntu 24.10, a new release of Intel TDX for Ubuntu 24.04 LTS and more.
This week in Ubuntu Security Updates (01:11)
613 unique CVEs addressed in the past fortnight
[USN-6989-1] OpenStack vulnerability
- 1 CVEs addressed in Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-6990-1] znc vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-6992-1] Firefox vulnerabilities
- 8 CVEs addressed in Focal (20.04 LTS)
[USN-6993-1] Vim vulnerabilities
- 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-6991-1] AIOHTTP vulnerability
- 1 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-6995-1] Thunderbird vulnerabilities
- 10 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
[USN-6996-1] WebKitGTK vulnerabilities
- 6 CVEs addressed in Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-6841-2] PHP vulnerability
- 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM)
[USN-6997-1, USN-6997-2] LibTIFF vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-6994-1] Netty vulnerabilities
- 2 CVEs addressed in Jammy (22.04 LTS)
- HTTP/2 DoS, seen exploited in the wild and listen on the CISA KEV
[USN-6998-1] Unbound vulnerabilities
- 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-6999-1] Linux kernel vulnerabilities
- 220 CVEs addressed in Noble (24.04 LTS)
- Full CVE list elided - see USN for details
[USN-7003-1, USN-7003-2, USN-7003-3] Linux kernel vulnerabilities
- 85 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS)
- Full CVE list elided - see USN for details
[USN-7004-1] Linux kernel vulnerabilities
- 221 CVEs addressed in Noble (24.04 LTS)
- Full CVE list elided - see USN for details
[USN-7005-1, USN-7005-2] Linux kernel vulnerabilities
- 219 CVEs addressed in Jammy (22.04 LTS), Noble (24.04 LTS)
- Full CVE list elided - see USN for details
[USN-7006-1] Linux kernel vulnerabilities
- 94 CVEs addressed in Focal (20.04 LTS)
- Full CVE list elided - see USN for details
[USN-7007-1] Linux kernel vulnerabilities
- 219 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- Full CVE list elided - see USN for details
[USN-7008-1] Linux kernel vulnerabilities
- 222 CVEs addressed in Jammy (22.04 LTS)
- Full CVE list elided - see USN for details
[USN-7009-1] Linux kernel vulnerabilities
- 219 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- Full CVE list elided - see USN for details
[USN-7019-1] Linux kernel vulnerabilities
- 429 CVEs addressed in Jammy (22.04 LTS)
- Full CVE list elided - see USN for details
[USN-7002-1] Setuptools vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-7000-1, USN-7000-2] Expat vulnerabilities
- 3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-7001-1, USN-7001-2] xmltok library vulnerabilities
- 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-6560-3] OpenSSH vulnerability
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-7011-1, USN-7011-2] ClamAV vulnerabilities
- 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-7012-1] curl vulnerability
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-7013-1] Dovecot vulnerabilities
- 2 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
[USN-7014-1] nginx vulnerability
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-7015-1] Python vulnerabilities
- 5 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-7010-1] DCMTK vulnerabilities
- 9 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-7016-1] FRR vulnerability
- 1 CVEs addressed in Jammy (22.04 LTS), Noble (24.04 LTS)
[USN-7017-1] Quagga vulnerability
- 1 CVEs addressed in Focal (20.04 LTS)
[USN-7018-1] OpenSSL vulnerabilities
- 6 CVEs addressed in Trusty ESM (14.04 ESM)
Goings on in Ubuntu Security Community
Linux Security Summit Europe 2024 (03:44)
- https://events.linuxfoundation.org/linux-security-summit-europe/program/schedule/
- Sep 16-17 - Vienna, Austria
- John Johansen and Maxime Bélair from AppArmor team presented “Restricting Unprivileged User Namespaces in Ubuntu”
- Other talks
- Deep-dive into xz-utils supply chain attack
- Internals of the SLUB memory allocator for exploit developers
- Landlock update - including details of new IOCTL restrictions etc
- systemd and TPM2 update
Official announcement of Permissions Prompting in Ubuntu 24.10 (09:00)
- https://discourse.ubuntu.com/t/ubuntu-desktop-s-24-10-dev-cycle-part-5-introducing-permissions-prompting/47963
- Ubuntu Security Center with snapd-based AppArmor home file access prompting preview in episode 236
- Even works for command-line applications etc - not just graphical
- Covers future developments as well:
- Better default response suggestions based on user feedback.
- Shell integration of the prompting pop-ups (eg full screen takeovers)
- Improved rule management summaries and better messaging of overlapping or redundant prompts.
- Expansion of the prompting system to cover additional snap interfaces such as camera and microphone access.
- Smarter client side analysis of prompts, recommending additional options if multiple similar prompts are detected.
Version 2.1 of IntelⓇ TDX on Ubuntu 24.04 LTS Released (11:46)
- https://discourse.ubuntu.com/t/version-2-1-of-intel-tdx-on-ubuntu-24-04-lts-released/47918/1
- Confidential computing - using TDX to run VMs in confidential mode - runs workloads (VMs) in hardware-backed isolated execution environments (Trust Domains). VM memory isolation via encryption in hardware so can’t be accessed by the hypervisor, remote attestation etc (Confidential Computing with Ijlal Loutfi and Karen Horovitz from Episode 230)
- https://discourse.ubuntu.com/t/intel-tdx-1-0-technology-preview-available-on-ubuntu-23-10/40698
- Scripting to setup the required elements to use TDX on Ubuntu 24.04 host and then setup guest VMs to run in confidential mode
- Install server image, run scripts, enable TDX in BIOS, create VM images etc
- Can also configure remote attestation of VM too
- See full changes at https://github.com/canonical/tdx/releases/tag/2.1
Ubuntu 22.04.5 LTS released (13:45)
- https://discourse.ubuntu.com/t/jammy-jellyfish-point-release-changes/29835/8
- Only covers changes in main and restricted, doesn’t list security updates either
- https://discourse.ubuntu.com/t/jammy-jellyfish-release-notes/24668
AppArmor security update for CVE-2016-1585 published (14:23)
- Upcoming AppArmor Security update for CVE-2016-1585 from Episode 226
- https://discourse.ubuntu.com/t/upcoming-apparmor-security-update-for-cve-2016-1585/44268/3
- Now published to -updates pocket for 20.04 LTS and 22.04 LTS
- Will be published to -security pocket next week
Get in contact
245 episoder
Alle episoder
×
Velkommen til Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Minder om Ubuntu Security Podcast
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
The Fragmented Podcast is the leading Android developer podcast started by Kaushik Gopal & Donn Felker. Our goal is to help you become a better Android Developer through conversation & to capture the zeitgeist of Android development. We chat about topics such as Testing, Dependency Injection, Patterns and Practices, useful libraries, and much more. We will also be interviewing some of the top developers out there. Subscribe now and join us on the journey of becoming a better Android Developer.
…
continue reading
Daily update on current cyber security threats
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Player FM - Podcast-app
Gå offline med appen Player FM !
Gå offline med appen Player FM !
