Ubuntu Security Podcast - podcast cover

Ubuntu Security Podcast

Ubuntu Security Teamubuntusecuritypodcast.org
Technology
A fortnightly podcast talking about the latest developments and updates from the Ubuntu Security team, including a summary of recent security vulnerabilities and fixes as well as a discussion on some of the goings on in the wider Ubuntu Security community.
Last refreshed:
Follow this podcast in the Metacast mobile app to refresh it and see new episodes.
Follow on
Apple Podcasts
Spotify
RSS
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Podcasts are better in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episodes

Episode 243

It's the end of the year for official duties for the Ubuntu Security team so we take a look back on the security highlights of 2024 for Ubuntu and predict what is coming in 2025.

Dec 20, 202424 min

Episode 242

This week we dive into the details of a number of local privilege escalation vulnerablities discovered by Qualys in the needrestart package, covering topics from confused deputies to the inner workings of the /proc filesystem and responsible disclosure as well.

Nov 29, 202420 min

Episode 241

This week we take a deep dive into the latest Linux malware, GoblinRAT to look at how malware is evolving to stay stealthy and evade detection and how malware authors are learning from modern software development along the way.

Nov 14, 202418 min

Episode 240

For the third and final part in our series for Cybersecurity Awareness Month, Alex is again joined by Luci as well as Diogo Sousa to discuss future trends in cybersecurity and the likely threats of the future.

Oct 31, 202436 min

Episode 239

In the second part of our series for Cybersecurity Awareness Month, Luci is back with Alex, along with Eduardo Barretto to discuss our top cybersecurity best practices.

Oct 18, 202439 min

Episode 238

For the first in a 3-part series for Cybersecurity Awareness month, Luci Stanescu joins Alex to discuss the recent CUPS vulnerabilities as well as the evolution of cybersecurity since the origin of the internet.

Oct 04, 202432 min

Episode 237

John and Maximé have been talking about Ubuntu's AppArmor user namespace restrictions at the the Linux Security Summit in Europe this past week, plus we cover some more details from the official announcement of permission prompting in Ubuntu 24.10, a new release of Intel TDX for Ubuntu 24.04 LTS and more.

Sep 20, 202416 min

Episode 236

The long awaited preview of snapd-based AppArmor file prompting is finally seeing the light of day, plus we cover the recent 24.04.1 LTS release and the podcast officially moves to a fortnightly cycle.

Sep 06, 202418 min

Episode 235

A recent Microsoft Windows update breaks Linux dual-boot - or does it? This week we look into reports of the recent Windows patch-Tuesday update breaking dual-boot, including a deep-dive into the technical details of Secure Boot, SBAT, grub, shim and more, plus we look at a vulnerability in GNOME Shell and the handling of captive portals as well.

Aug 23, 202418 min

Episode 234

This week we take a deep dive behind-the-scenes look into how the team handled a recent report from Snyk's Security Lab of a local privilege escalation vulnerability in `wpa_supplicant` plus we cover security updates in Prometheus Alertmanager, OpenSSL, Exim, snapd, Gross, curl and more.

Aug 09, 202429 min

Episode 233

This week we take a look at the recent Crowdstrike outage and what we can learn from it compared to the testing and release process for security updates in Ubuntu, plus we cover details of vulnerabilities in poppler, phpCAS, EDK II, Python, OpenJDK and one package with over 300 CVE fixes in a single update.

Aug 02, 202424 min

Episode 232

This week we deep-dive into one of the best vulnerabilities we've seen in a long time _regreSSHion_ - an unauthenticated, remote, root code-execution vulnerability in OpenSSH. Plus we cover updates for Plasma Workspace, Ruby, Netplan, FontForge, OpenVPN and a whole lot more.

Jul 05, 202429 min

Episode 231

A look into CISA's Known Exploited Vulnerability Catalogue is on our minds this week, plus we look at vulnerability updates for gdb, Ansible, CUPS, libheif, Roundcube, the Linux kernel and more.

Jun 28, 202419 min

Episode 230

This week we bring you a special edition of the podcast, featuring an interview between Ijlal Loutfi and Karen Horovitz who deep-dive into Confidential Computing. Ranging from a high-level discussion of the need for and the features provided by confidential computing, through to the specifics of how this is implemented in Ubuntu and a look at similar future security technologies that are on the horizon.

Jun 20, 202421 min

Episode 229

As the podcast winds down for a break over the next month, this week we talk about RSA timing side-channel attacks and the recently announced DNSBomb vulnerability as we cover security updates in VLC, OpenSSL, Netatalk, WebKitGTK, amavisd-new, Unbound, Intel Microcode and more.

May 31, 202413 min

Episode 228

The team is back from Madrid and this week we bring you some of our plans for the upcoming Ubuntu 24.10 release, plus we talk about Google's kernelCTF project and Mozilla's PDF.js sandbox when covering security updates for the Linux kernel, Firefox, Spreadsheet::ParseExcel, idna and more.

May 24, 202416 min

Episode 227

Ubuntu 24.04 LTS is finally released and we cover all the new security features it brings, plus we look at security vulnerabilities in, and updates for, FreeRDP, Zabbix, CryptoJS, cpio, less, JSON5 and a heap more.

May 03, 202425 min

Episode 226

John and Georgia are at the Linux Security Summit presenting on some long awaited developments in AppArmor and we give you all the details in a sneak peek preview as well as some of the other talks to look out for, plus we cover security updates for NSS, Squid, Apache, libvirt and more and we put out a call for testing of a pending AppArmor security fix too.

Apr 19, 202424 min

Episode 225

This week we cover the recent reports of a new local privilege escalation exploit against the Linux kernel, follow-up on the xz-utils backdoor from last week and it's the beta release of Ubuntu 24.04 LTS - plus we talk security vulnerabilities in the X Server, Django, util-linux and more.

Apr 12, 202420 min

Episode 224

It's been an absolutely manic week in the Linux security community as the news and reaction to the recent announcement of a backdoor in the xz-utils project was announced late last week, so we dive deep into this issue and discuss how it impacts Ubuntu and give some insights for what this means for the open source and Linux communities in the future.

Apr 05, 202429 min

Episode 223

This week we bring you a sneak peak of how Ubuntu 23.10 fared at Pwn2Own Vancouver 2024, plus news of malicious themes in the KDE Store and we cover security updates for the Linux kernel, X.Org X Server, TeX Live, Expat, Bash and more.

Mar 22, 202417 min

Episode 222

We cover recent Linux malware from the Magnet Goblin threat actor, plus the news of Ubuntu 23.10 as a target in Pwn2Own Vancouver 2024 and we detail vulnerabilities in Puma, AccountsService, Open vSwitch, OVN, and more.

Mar 18, 202424 min

Episode 221

Andrei is back to discuss recent academic research into malware within the Python/PyPI ecosystem and whether it is possible to effectively combat it with open source tooling, plus we cover security updates for Unbound, libuv, node.js, the Linux kernel, libgit2 and more.

Mar 08, 202423 min

Episode 220

The Linux kernel.org CNA has assigned their first CVEs so we revisit this topic to assess the initial impact on Ubuntu and the CVE ecosystem, plus we cover security updates for Roundcube Webmail, less, GNU binutils and the Linux kernel itself.

Mar 01, 202419 min

Episode 219

This week the Linux kernel project announced they will be assigning their own CVEs so we discuss the possible implications and fallout from such a shift, plus we cover vulnerabilities in the kernel, Glance_store, WebKitGTK, Bind and more.

Feb 16, 202421 min

Episode 218

AppArmor unprivileged user namespace restrictions are back on the agenda this week as we survey the latest improvements to this hardening feature in the upcoming Ubuntu 24.04 LTS, plus we discuss SMTP smuggling in Postfix, runC container escapes and Qualys' recent disclosure of a privilege escalation exploit for GNU libc and more.

Feb 09, 202418 min

Episode 217

For the first episode of 2024 we take a look at the case of a raft of bogus FOSS CVEs reported on full-disclosure as well as AppSec tools in Ubuntu and the EOL announcement for 23.04, plus we cover vulnerabilities in the Linux kernel, Puma, Paramiko and more.

Feb 02, 202415 min

Episode 216

For the final episode of 2023 we discuss creating PoCs for vulns in tar and the looming EOL for Ubuntu 23.04, plus we look into security updates for curl, BlueZ, Netatalk, GNOME Settings and a heap more.

Dec 15, 202321 min

Episode 215

Mark Esler is our special guest on the podcast this week to discuss the OpenSSF's Compiler Options Hardening Guide for C/C++ plus we cover vulnerabilities and updates for GIMP, FreeRDP, GStreamer, HAProxy and more.

Dec 08, 202331 min

Episode 214

This week we take a deep dive into the Reptar vuln in Intel processors plus we look into some relic vulnerabilities in Squid and OpenZFS and finally we detail new hardening measures in tracker-miners to keep your desktop safer.

Dec 01, 202320 min
Next →
For the best experience, listen in Metacast app for iOS or Android