Sveriges mest populära poddar

Ubuntu Security Podcast

Episode 103

13 min • 12 februari 2021

Overview

This week we take a deep dive look at 2 recent vulnerabilities in the popular application containerisation frameworks, snapd and flatpak, plus we cover security updates for MiniDLNA, PHP-PEAR, the Linux kernel and more.

This week in Ubuntu Security Updates

26 unique CVEs addressed

[USN-4720-2] Apport vulnerabilities [00:53]

[USN-4721-1] Flatpak vulnerability [01:06]

  • 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • Flatpak sandbox escape - Flatpak isolates applications inside their own mount / user / etc namespaces - allows sandboxed applications to communicate with the host via various portals - ie. open a file via a file chooser portal (aka powerbox)
  • Portal D-Bus service provides the ability to launch other subprocesses in a new sandbox instance, following a NNP model (ie same or less privileges as caller) (eg. used by sandboxed webbrowers to process untrusted content inside less privileged subprocesses)
  • Would previous allow a confined process to specify various environment variables which would then get passed to the `flatpak run` command to launch the new subprocess in its own sandbox - so fix is to sanitize environment variables

[USN-4722-1] ReadyMedia (MiniDLNA) vulnerabilities [01:11]

  • 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • Possible RCE via malicious UPnP requests - could send with chunked encoding, this would exploit a signdness bug leading to a heap buffer overflow
  • Episode 91 - “CallStranger” - UPnP spec didn’t forbid subscription requests with a URL on a different network segment - could allow an attacker to cause a miniDLNA server to DoS a different endpoint

[USN-4723-1] PEAR vulnerability [02:30]

  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • Improper handling of symlinks in archives could result in arbitrary file overwrite via directory traversal - since PHP PEAR runs installer as root, could then overwrite arbitrary files as root and priv esc / code execution etc

[USN-4724-1] OpenLDAP vulnerabilities [03:14]

[USN-4725-1] QEMU vulnerabilities [03:20]

[USN-4717-2] Firefox regression [03:55]

  • Affecting Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • Upstream Firefox regression - 85.0.1

[USN-4726-1] OpenJDK vulnerability [04:04]

  • Affecting Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • Not much info from upstream on this one - “incorrectly handled direct buffering of characters” -> DoS or other unspecified impact

[USN-4713-2] Linux kernel vulnerability [04:22]

[USN-4727-1] Linux kernel vulnerability [04:36]

  • 1 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)
  • AF_VSOCK race conditions - local user could get code execution as root via memory corruption

[USN-4728-1] snapd vulnerability [05:11]

  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • Gilad Reti & Nimrod Stoler from CyberArk
  • Thanks to Ian Johnson from snapd team for working on the fix

Get in contact

Kategorier
Förekommer på
00:00 -00:00