Episodes
Ubuntu 24.04 LTS is finally released and we cover all the new security features
it brings, plus we look at security vulnerabilities in, and updates for,
FreeRDP, Zabbix, CryptoJS, cpio, less, JSON5 and a heap more.
Published 05/03/24
John and Georgia are at the Linux Security Summit presenting on some long
awaited developments in AppArmor and we give you all the details in a sneak peek
preview as well as some of the other talks to look out for, plus we cover
security updates for NSS, Squid, Apache, libvirt and more and we put out a call
for testing of a pending AppArmor security fix too.
Published 04/19/24
This week we cover the recent reports of a new local privilege escalation
exploit against the Linux kernel, follow-up on the xz-utils backdoor from last
week and it's the beta release of Ubuntu 24.04 LTS - plus we talk security
vulnerabilities in the X Server, Django, util-linux and more.
Published 04/12/24
It's been an absolutely manic week in the Linux security community as the news
and reaction to the recent announcement of a backdoor in the xz-utils project
was announced late last week, so we dive deep into this issue and discuss how it
impacts Ubuntu and give some insights for what this means for the open source
and Linux communities in the future.
Published 04/05/24
This week we bring you a sneak peak of how Ubuntu 23.10 fared at Pwn2Own
Vancouver 2024, plus news of malicious themes in the KDE Store and we cover
security updates for the Linux kernel, X.Org X Server, TeX Live, Expat, Bash and
more.
Published 03/22/24
We cover recent Linux malware from the Magnet Goblin threat actor, plus the news
of Ubuntu 23.10 as a target in Pwn2Own Vancouver 2024 and we detail
vulnerabilities in Puma, AccountsService, Open vSwitch, OVN, and more.
Published 03/18/24
Andrei is back to discuss recent academic research into malware within the
Python/PyPI ecosystem and whether it is possible to effectively combat it with
open source tooling, plus we cover security updates for Unbound, libuv, node.js,
the Linux kernel, libgit2 and more.
Published 03/08/24
The Linux kernel.org CNA has assigned their first CVEs so we revisit this topic
to assess the initial impact on Ubuntu and the CVE ecosystem, plus we cover
security updates for Roundcube Webmail, less, GNU binutils and the Linux kernel
itself.
Published 03/01/24
This week the Linux kernel project announced they will be assigning their own
CVEs so we discuss the possible implications and fallout from such a shift, plus
we cover vulnerabilities in the kernel, Glance_store, WebKitGTK, Bind and more.
Published 02/16/24
AppArmor unprivileged user namespace restrictions are back on the agenda this
week as we survey the latest improvements to this hardening feature in the
upcoming Ubuntu 24.04 LTS, plus we discuss SMTP smuggling in Postfix, runC
container escapes and Qualys' recent disclosure of a privilege escalation
exploit for GNU libc and more.
Published 02/09/24
For the first episode of 2024 we take a look at the case of a raft of bogus FOSS
CVEs reported on full-disclosure as well as AppSec tools in Ubuntu and the EOL
announcement for 23.04, plus we cover vulnerabilities in the Linux kernel, Puma,
Paramiko and more.
Published 02/02/24
For the final episode of 2023 we discuss creating PoCs for vulns in tar and the
looming EOL for Ubuntu 23.04, plus we look into security updates for curl,
BlueZ, Netatalk, GNOME Settings and a heap more.
Published 12/15/23
Mark Esler is our special guest on the podcast this week to discuss the
OpenSSF's Compiler Options Hardening Guide for C/C++ plus we cover
vulnerabilities and updates for GIMP, FreeRDP, GStreamer, HAProxy and more.
Published 12/08/23
This week we take a deep dive into the Reptar vuln in Intel processors plus we
look into some relic vulnerabilities in Squid and OpenZFS and finally we detail
new hardening measures in tracker-miners to keep your desktop safer.
Published 12/01/23
As we ease back into regular programming, we cover the various activities the
team got up to over the past few weeks whilst away in Riga for the Ubuntu Summit
and Ubuntu Engineering Sprint.
Published 11/17/23
With the Ubuntu Summit just around the corner, we preview a couple talks by the
Ubuntu Security team, plus we look at security updates for OpenSSL, Sofia-SIP,
AOM, ncurses, the Linux kernel and more.
Published 10/27/23
After a well-deserved break, we're back looking at the recent Ubuntu 23.10
release and the significant security technologies it introduces along with a
call for testing of unprivileged user namespace restrictions, plus the details
of security updates for curl, Samba, iperf3, CUE and more.
Published 10/20/23
It's the Linux Security Summit in Bilbao this week and we bring you some
highlights from our favourite talks, plus we cover the 25 most stubborn software
weaknesses, and we look at security updates for Open VM Tools, libwebp, Django,
binutils, Indent, the Linux kernel and more.
Published 09/22/23
Andrei is back this week with a deep dive into recent research around CVSS
scoring inconsistencies, plus we look at a recent Ubuntu blog post on the
internals of package updates and the repositories, and we cover security updates
in Apache Shiro, GRUB2, CUPS, RedCloth, curl and more.
Published 09/15/23
This week we detail the recently announced and long-awaited feature of
TPM-backed full-disk encryption for the upcoming Ubuntu 23.10 release, plus we
cover security updates for elfutils, GitPython, atftp, BusyBox, Docker Registry
and more.
Published 09/08/23
This week we cover reports of "fake" CVEs and their impact on the FOSS security
ecosystem, plus we look at security updates for PHP, Fast DDS, JOSE for C/C++,
the Linux kernel, AMD Microcode and more.
Published 09/01/23
This week we talk about HTTP Content-Length handling, intricacies of group
management in container environments and making sure you check your return codes
while covering vulns in HAProxy, Podman, Inetutils and more, plus we put a call
out for input on using open source tools to secure your SDLC.
Published 08/25/23
We're back after unexpectedly going AWOL last week to bring you the latest in
Ubuntu Security including the recently announced Downfall and GameOver(lay)
vulnerabilities, plus we look at security updates for OpenSSH and GStreamer **and**
we detail plans for using AppArmor to restrict the use of unprivileged user
namespaces as an attack vector in future Ubuntu releases.
Published 08/18/23
This week we look at the recent Zenbleed vulnerability affecting some AMD
processors, plus we cover security updates for the Linux kernel, a high
profile OpenSSH vulnerability and finally Andrei is back with a deep dive into
recent academic research around how to safeguard machine learning systems when
used across distributed deployments.
Published 08/04/23