Sveriges mest populära poddar

Ubuntu Security Podcast

Episode 110

14 min • 1 april 2021

Overview

This week we look at 2 years of 14.04 ESM, a kernel Livepatch issue, DNS-over-HTTPS for Google Chrome plus security updates for ldb, OpenSSL, Squid, curl and more.

This week in Ubuntu Security Updates

38 unique CVEs addressed

[USN-4888-1, USN-4888-2] ldb vulnerabilities [01:06]

  • 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • In the ldb package but was reported by Samba - libldb provides an LDAP-like database - is used internally by Samba etc - and whilst the Samba package contains a copy of ldb internally we don’t compile this in Ubuntu, instead we link it against the ldb package in the repo so we only have to patch a CVE in one place
  • Heap buffer overflow when parsing a DN string with lots of trailing whitespace - allows to place a single NUL byte at a chosen offset before an allocated buffer
  • Heap buffer overflow when parsing an LDAP attribute string with multiple consecutive leading spaces - memmove() to a location beyond the end of the buffer
  • Crash -> DoS, can’t rule out RCE due to nature of heap buffer overflows

[USN-4889-1] Linux kernel vulnerabilities [02:49]

[USN-4890-1] Linux kernel vulnerabilities [03:09]

[USN-4891-1] OpenSSL vulnerability [03:26]

  • 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • NULL ptr deref when processing signature algorithms - could allow a remote client to crash a server during renegotiation

[USN-3685-2] Ruby regression

[USN-4893-1] Firefox vulnerabilities [03:47]

  • 8 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • 87.0 - various web issues (malicious website -> XSS, DoS, RCE etc) plus some specific fixes for issues which could allow extensions to either spoof website pop-ups or to read the response of various cross-origin requests, plus a silent enabling of the DevTools remote debugging feature (so a local attacker could modify the browser config to turn this on without any hint to the user, and then a remote attacker could use this to snoop on the browser session)

[USN-4894-1] WebKitGTK vulnerabilities [04:49]

[USN-4895-1] Squid vulnerabilities [05:19]

  • 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • 2 different HTTP request smuggling attack issues - one could result in possible cache poisoning and the other in the ability to bypass security controls and access forbidden services

[USN-4896-1] lxml vulnerability [05:39]

  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • Mishandled HTML attributes which could allow a remote attacker to perform XSS - depends on how lxml is used in application context

[USN-4897-1] Pygments vulnerability [06:03]

  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • Another pygments vuln (Episode 109) - this one due to the use of regex in various lexers, these have exponential or cubic complexity so could allow an attacker to DoS via CPU

[USN-4898-1] curl vulnerabilities [06:38]

  • 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • Failed to strip credentials from referrer headers - could then be leaked
  • Incorrect handling of session tickets when using an HTTPS proxy - attacker who controlled the proxy could cause curl to bypass cert checks and intercept comms as a result - only affected later Ubuntu releases (20.04 LTS, 20.10)

Goings on in Ubuntu Security Community

Livepatch incident for CVE-2020-29372 [07:26]

Summary of 14.04 ESM so far [09:39]

DoH coming for Google Chrome on Linux [11:01]

Get in contact

Kategorier
Förekommer på
00:00 -00:00