Ubuntu Security Podcast Ubuntu Security Team

This week we deep-dive into one of the best vulnerabilities we've seen in a long
time _regreSSHion_ - an unauthenticated, remote, root code-execution vulnerability
in OpenSSH. Plus we cover updates for Plasma Workspace, Ruby, Netplan,
FontForge, OpenVPN and a whole lot more.

A look into CISA's Known Exploited Vulnerability Catalogue is on our minds this
week, plus we look at vulnerability updates for gdb, Ansible, CUPS, libheif,
Roundcube, the Linux kernel and more.

This week we bring you a special edition of the podcast, featuring an interview
between Ijlal Loutfi and Karen Horovitz who deep-dive into Confidential
Computing. Ranging from a high-level discussion of the need for and the features
provided by confidential computing, through to the specifics of how this is
implemented in Ubuntu and a look at similar future security technologies that
are on the horizon.

As the podcast winds down for a break over the next month, this week we talk
about RSA timing side-channel attacks and the recently announced DNSBomb
vulnerability as we cover security updates in VLC, OpenSSL, Netatalk, WebKitGTK,
amavisd-new, Unbound, Intel Microcode and more.

The team is back from Madrid and this week we bring you some of our plans for
the upcoming Ubuntu 24.10 release, plus we talk about Google's kernelCTF project
and Mozilla's PDF.js sandbox when covering security updates for the Linux
kernel, Firefox, Spreadsheet::ParseExcel, idna and more.

Ubuntu 24.04 LTS is finally released and we cover all the new security features
it brings, plus we look at security vulnerabilities in, and updates for,
FreeRDP, Zabbix, CryptoJS, cpio, less, JSON5 and a heap more.