Ubuntu 24.04 LTS is finally released and we cover all the new security featuresit brings, plus we look at security vulnerabilities in, and updates for,FreeRDP, Zabbix, CryptoJS, cpio, less, JSON5 and a heap more.

Episode 226

Apr 19th, 2024 23m 59s

John and Georgia are at the Linux Security Summit presenting on some longawaited developments in AppArmor and we give you all the details in a sneak peekpreview as well as some of the other talks to look out for, plus we coversecurit

Episode 225

Apr 12th, 2024 19m 42s

This week we cover the recent reports of a new local privilege escalationexploit against the Linux kernel, follow-up on the xz-utils backdoor from lastweek and it's the beta release of Ubuntu 24.04 LTS - plus we talk securityvulnerab

Episode 224

Apr 5th, 2024 28m 49s

It's been an absolutely manic week in the Linux security community as the newsand reaction to the recent announcement of a backdoor in the xz-utils projectwas announced late last week, so we dive deep into this issue and discuss how it

Episode 223

Mar 22nd, 2024 17m 14s

This week we bring you a sneak peak of how Ubuntu 23.10 fared at Pwn2OwnVancouver 2024, plus news of malicious themes in the KDE Store and we coversecurity updates for the Linux kernel, X.Org X Server, TeX Live, Expat, Bash andmore.

Episode 222

Mar 18th, 2024 24m 6s

We cover recent Linux malware from the Magnet Goblin threat actor, plus the newsof Ubuntu 23.10 as a target in Pwn2Own Vancouver 2024 and we detailvulnerabilities in Puma, AccountsService, Open vSwitch, OVN, and more.

Episode 221

Mar 8th, 2024 23m 14s

Andrei is back to discuss recent academic research into malware within thePython/PyPI ecosystem and whether it is possible to effectively combat it withopen source tooling, plus we cover security updates for Unbound, libuv, node.js,t

Episode 220

Mar 1st, 2024 18m 47s

The Linux kernel.org CNA has assigned their first CVEs so we revisit this topicto assess the initial impact on Ubuntu and the CVE ecosystem, plus we coversecurity updates for Roundcube Webmail, less, GNU binutils and the Linux kernel

Episode 219

Feb 16th, 2024 20m 52s

This week the Linux kernel project announced they will be assigning their ownCVEs so we discuss the possible implications and fallout from such a shift, pluswe cover vulnerabilities in the kernel, Glance_store, WebKitGTK, Bind and more.

Episode 218

Feb 9th, 2024 18m 8s

AppArmor unprivileged user namespace restrictions are back on the agenda thisweek as we survey the latest improvements to this hardening feature in theupcoming Ubuntu 24.04 LTS, plus we discuss SMTP smuggling in Postfix, runCcontaine

Episode 217

Feb 2nd, 2024 15m 6s

For the first episode of 2024 we take a look at the case of a raft of bogus FOSSCVEs reported on full-disclosure as well as AppSec tools in Ubuntu and the EOLannouncement for 23.04, plus we cover vulnerabilities in the Linux kernel, Pum

Episode 216

Dec 15th, 2023 21m 16s

For the final episode of 2023 we discuss creating PoCs for vulns in tar and thelooming EOL for Ubuntu 23.04, plus we look into security updates for curl,BlueZ, Netatalk, GNOME Settings and a heap more.

Episode 215

Dec 8th, 2023 30m 46s

Mark Esler is our special guest on the podcast this week to discuss theOpenSSF's Compiler Options Hardening Guide for C/C++ plus we covervulnerabilities and updates for GIMP, FreeRDP, GStreamer, HAProxy and more.

Episode 214

Dec 1st, 2023 20m 10s

This week we take a deep dive into the Reptar vuln in Intel processors plus welook into some relic vulnerabilities in Squid and OpenZFS and finally we detailnew hardening measures in tracker-miners to keep your desktop safer.

Episode 213

Nov 17th, 2023 9m 9s

As we ease back into regular programming, we cover the various activities theteam got up to over the past few weeks whilst away in Riga for the Ubuntu Summitand Ubuntu Engineering Sprint.

Episode 212

Oct 27th, 2023 23m 6s

With the Ubuntu Summit just around the corner, we preview a couple talks by theUbuntu Security team, plus we look at security updates for OpenSSL, Sofia-SIP,AOM, ncurses, the Linux kernel and more.

Episode 211

Oct 20th, 2023 19m 59s

After a well-deserved break, we're back looking at the recent Ubuntu 23.10release and the significant security technologies it introduces along with acall for testing of unprivileged user namespace restrictions, plus the detailsof se

Episode 210

Sep 22nd, 2023 21m 20s

It's the Linux Security Summit in Bilbao this week and we bring you somehighlights from our favourite talks, plus we cover the 25 most stubborn softwareweaknesses, and we look at security updates for Open VM Tools, libwebp, Django,bi

Episode 209

Sep 15th, 2023 24m 49s

Andrei is back this week with a deep dive into recent research around CVSSscoring inconsistencies, plus we look at a recent Ubuntu blog post on theinternals of package updates and the repositories, and we cover security updatesin Apa

Episode 208

Sep 8th, 2023 24m 49s

This week we detail the recently announced and long-awaited feature ofTPM-backed full-disk encryption for the upcoming Ubuntu 23.10 release, plus wecover security updates for elfutils, GitPython, atftp, BusyBox, Docker Registryand mo

Episode 207

Sep 1st, 2023 22m 18s

This week we cover reports of "fake" CVEs and their impact on the FOSS securityecosystem, plus we look at security updates for PHP, Fast DDS, JOSE for C/C++,the Linux kernel, AMD Microcode and more.

Episode 206

Aug 25th, 2023 15m 58s

This week we talk about HTTP Content-Length handling, intricacies of groupmanagement in container environments and making sure you check your return codeswhile covering vulns in HAProxy, Podman, Inetutils and more, plus we put a call

Episode 205

Aug 18th, 2023 20m 14s

We're back after unexpectedly going AWOL last week to bring you the latest inUbuntu Security including the recently announced Downfall and GameOver(lay)vulnerabilities, plus we look at security updates for OpenSSH and GStreamer **and**

Episode 204

Aug 4th, 2023 28m 11s

This week we look at the recent Zenbleed vulnerability affecting some AMDprocessors, plus we cover security updates for the Linux kernel, a highprofile OpenSSH vulnerability and finally Andrei is back with a deep dive intorecent acad

Episode 203

Jul 21st, 2023 17m 21s

This week we talk about the dual use purposes of eBPF - both for security andfor exploitation, and how you can keep your systems safe, plus we cover securityupdates for the Linux kernel, Ruby, SciPy, YAJL, ConnMan, curl and more.