For the first episode of 2024 we take a look at the case of a raft of bogus FOSS CVEs reported on full-disclosure as well as AppSec tools in Ubuntu and the EOL announcement for 23.04, plus we cover vulnerabilities in the Linux kernel, Puma, Paramiko and more.

For the final episode of 2023 we discuss creating PoCs for vulns in tar and the looming EOL for Ubuntu 23.04, plus we look into security updates for curl, BlueZ, Netatalk, GNOME Settings and a heap more.

Mark Esler is our special guest on the podcast this week to discuss the OpenSSF's Compiler Options Hardening Guide for C/C++ plus we cover vulnerabilities and updates for GIMP, FreeRDP, GStreamer, HAProxy and more.

This week we take a deep dive into the Reptar vuln in Intel processors plus we look into some relic vulnerabilities in Squid and OpenZFS and finally we detail new hardening measures in tracker-miners to keep your desktop safer.

As we ease back into regular programming, we cover the various activities the team got up to over the past few weeks whilst away in Riga for the Ubuntu Summit and Ubuntu Engineering Sprint.

With the Ubuntu Summit just around the corner, we preview a couple talks by the Ubuntu Security team, plus we look at security updates for OpenSSL, Sofia-SIP, AOM, ncurses, the Linux kernel and more.

After a well-deserved break, we're back looking at the recent Ubuntu 23.10 release and the significant security technologies it introduces along with a call for testing of unprivileged user namespace restrictions, plus the details of security updates for curl, Samba, iperf3, CUE and more.

It's the Linux Security Summit in Bilbao this week and we bring you some highlights from our favourite talks, plus we cover the 25 most stubborn software weaknesses, and we look at security updates for Open VM Tools, libwebp, Django, binutils, Indent, the Linux kernel and more.

Andrei is back this week with a deep dive into recent research around CVSS scoring inconsistencies, plus we look at a recent Ubuntu blog post on the internals of package updates and the repositories, and we cover security updates in Apache Shiro, GRUB2, CUPS, RedCloth, curl and more.

This week we detail the recently announced and long-awaited feature of TPM-backed full-disk encryption for the upcoming Ubuntu 23.10 release, plus we cover security updates for elfutils, GitPython, atftp, BusyBox, Docker Registry and more.

This week we cover reports of "fake" CVEs and their impact on the FOSS security ecosystem, plus we look at security updates for PHP, Fast DDS, JOSE for C/C++, the Linux kernel, AMD Microcode and more.

This week we talk about HTTP Content-Length handling, intricacies of group management in container environments and making sure you check your return codes while covering vulns in HAProxy, Podman, Inetutils and more, plus we put a call out for input on using open source tools to secure your SDLC.

We're back after unexpectedly going AWOL last week to bring you the latest in Ubuntu Security including the recently announced Downfall and GameOver(lay) vulnerabilities, plus we look at security updates for OpenSSH and GStreamer **and** we detail plans for using AppArmor to restrict the use of unprivileged user namespaces as an attack vector in future Ubuntu releases.

This week we look at the recent Zenbleed vulnerability affecting some AMD processors, plus we cover security updates for the Linux kernel, a high profile OpenSSH vulnerability and finally Andrei is back with a deep dive into recent academic research around how to safeguard machine learning systems when used across distributed deployments.

This week we talk about the dual use purposes of eBPF - both for security and for exploitation, and how you can keep your systems safe, plus we cover security updates for the Linux kernel, Ruby, SciPy, YAJL, ConnMan, curl and more.

We take a sneak peek at the upcoming AppArmor 4.0 release, plus we cover vulnerabilities in AccountsService, the Linux Kernel, ReportLab, GNU Screen, containerd and more.

This week we look at the top 25 most dangerous vulnerability types, as well as the announcement of the program for LSS EU, and we cover security updates for Bind, the Linux kernel, CUPS, etcd and more.

For our 200th episode, we discuss the impact of Red Hat's decision to stop publicly releasing the RHEL source code, plus we cover security updates for libX11, GNU SASL, QEMU, VLC, pngcheck, the Linux kernel and a whole lot more.

For our 199th episode Andrei looks at Fuzzing Configurations of Program Options plus we discuss Google's findings on the `io_uring` kernel subsystem and we look at vulnerability fixes for Netatalk, Jupyter Core, Vim, SSSD, GNU binutils, GLib and more.

This week we investigate the mystery of failing GPG signatures for the 16.04 ISO images, plus we look at security updates for CUPS, Avahi, the Linux kernel, FRR, Go and more.

The venerable Ubuntu 18.04 LTS release has transitioned into ESM, plus we look at Till Kamppeter's excellent guide on how to set up your GitHub projects to receive private vulnerability reports, and we cover the week in security updates including PostgreSQL, Jhead, the Linux kernel, Linux PTP, snapd and a whole lot more.

This week we look at some recent security developments from PyPI, the Linux Security Summit North America and the pending transition of Ubuntu 18.04 to ESM, plus we cover security updates for cups-filter, the Linux kernel, Git, runC, ncurses, cloud-init and more.

Alex and Camila discuss security update management strategies after a recent outage at Datadog was attributed to a security update for systemd on Ubuntu, plus we look at security vulnerabilities in the Linux kernel, OpenStack, Synapse, OpenJDK and more.

The team are back from Prague and bring with them a new segment, drilling into recent academic research in the cybersecurity space - for this inaugural segment new team member Andrei looks at modelling of attacks against network intrusion detections systems, plus we cover the week in security updates looking at vulnerabilities in Django, Ruby, Linux kernel, Erlang, OpenStack and more.

The release of Ubuntu 23.04 Lunar Lobster is nigh so we take a look at some of the things the security team has been doing along the way, plus it's our 6000th USN so we look back at the last 19 years of USNs whilst covering security updates for the Linux kernel, Emacs, Irssi, Sudo, Firefox and more.