Overview
This week we talk about more BootHole-like vulnerabilities in GRUB2, a
Spectre exploit found in-the-wild, security updates for xterm, screen,
Python, wpa_supplicant and more.
This week in Ubuntu Security Updates
52 unique CVEs addressed
[USN-4698-2] Dnsmasq regression [00:44]
- 8 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Relates to a dnsmasq update done back in January - upstream fixes results
in regressions in some network environments - backported the resulting
additional fixes from upstream to resolve these
[USN-4746-1] xterm vulnerability [01:14]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- taviso - crafted UTF-8 could cause a crash - related to very similar bug
in screen
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Crash in screen from crafted UTF-8 - found by users crashing a minecraft
server with this crafted content - ? - server was running under screen so
would log this crafted content - screen dies, minecraft server dies -
lots of tutorials for running a minecraft server mention to run it under
screen so this is a common thing apparently
[USN-4748-1] Linux kernel vulnerabilities [02:54]
- 5 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS)
[USN-4749-1] Linux kernel vulnerabilities
- 9 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS)
[USN-4750-1] Linux kernel vulnerabilities
- 10 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-4751-1] Linux kernel vulnerabilities
- 18 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)
[USN-4752-1] Linux kernel (OEM) vulnerabilities
- 20 CVEs addressed in Focal (20.04 LTS)
[USN-4753-1] Linux kernel (OEM) vulnerability
- 2 CVEs addressed in Focal (20.04 LTS)
[USN-4754-1] Python vulnerabilities [03:07]
- 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- unsafe sprintf() call to format doubles - heap buffer overflow - BUT on
Ubuntu Python (like the vast majority of the archive) is compiled with
FORTIFY_SOURCE - just one of various hardening features - so can detect
some buffer overflows at runtime - turns this into a DoS
- test code calls eval on content received via HTTP - so if ran the tests
and someone could interpose on connection, could get RCE
- 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS)
[USN-4754-4] Python 2.7 vulnerability
- 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)
[USN-4755-1] LibTIFF vulnerabilities [04:21]
- 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Heap buffer overflow in tiff2pdf tool and integer overflow -> buffer
overflow from crafted tiff file input
[USN-4737-2] Bind vulnerability [04:39]
- 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM)
- Episode 105
[USN-4757-1] wpa_supplicant and hostapd vulnerability [04:53]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- When using P2P could result in a UAF -> crash or possible RCE from a
remote user within local radio range
Goings on in Ubuntu Security Community
GRUB2 Secure Boot Bypass 2021 [05:31]
First Spectre Exploit discovered in the wild [09:47]
- https://dustri.org/b/spectre-exploits-in-the-wild.html
- Uploaded to VT last month - not the first artefacts the use Spectre to be
uploaded - back in 2018 the original PoCs and various variants thereof
were uploaded to VT but these were all benign.
- This one is a real exploit with versions targeting Windows and Linux -
the Linux variant reads /etc/shadow by default - it does this by spawning
a call to su to get the file paged into memory, then by walking in-kernel
file-system structures through their spec exec read gadget to eventually
read and dump out the file
- Was developed by Immunity as part of their CANVAS tool
(https://vimeo.com/271127615)
Linux Mint to more forcefully encourage security updates be installed [12:02]
- https://blog.linuxmint.com/?p=4037
- Update manager will track metrics, can then detect cases where updates
are overlooked, remind or even insist to apply updates
- Focus on not getting in the way, here to help, employ smart patters and
usages, will be configurable etc
- Still forming strategies but space to watch
Get in contact