Sveriges mest populära poddar

Ubuntu Security Podcast

Episode 114

13 min • 6 maj 2021

Overview

This week we look at the response from the Linux Technical Advisory Board to the UMN Linux kernel incident, plus we cover the 21Nails Exim vulnerabilities as well as updates for Bind, Samba, OpenVPN and more.

This week in Ubuntu Security Updates

40 unique CVEs addressed

[USN-4928-1] GStreamer Good Plugins vulnerabilities [00:40]

  • 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • UAF or heap corruption when handling crafted Matroska files - crash / RCE

[USN-4929-1] Bind vulnerabilities [01:18]

  • 3 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
  • 2 possible crasher bugs (failed assertions) -> DoS, 1 buffer over-read or possible overflow -> crash / RCE

[USN-4930-1] Samba vulnerability [02:08]

  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
  • Failed to properly handle negative idmap cache entries - could then end up with incorrect group entries and as such could possibly allow a user to access / modify files they should not have access to

[USN-4931-1] Samba vulnerabilities [02:51]

[LSN-0076-1] Linux kernel vulnerability [03:03]

  • 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
  • 2 local user privesc vulns fixed:
    • BPF JIT branch displacement issue (Episode 112)
    • Overlayfs / file system capabilities interaction

[USN-4918-3] ClamAV regression [03:52]

  • 3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
  • Previous clamav update (back in April ) introduced a regression where clamdscan would crash if called with –multiscan and –fdpass AND you had an ExcludePath configured in the configuration - backported the upstream commit from the development branch to fix this

[USN-4932-1] Django vulnerability [04:30]

  • 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
  • Directory traversal via uploaded files with crafted names

[USN-4933-1] OpenVPN vulnerabilities [04:47]

  • 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
  • Race condition in handling of data packets could allow an attacker to inject a packet using a victim’s peer-id before the crypto channel is properly initialised - could cause the victim’s connection to be dropped (DoS) but doesn’t appear to expose any sensitive info etc
  • Attackers could possibly bypass auth on control channel and hence leak info

[USN-4934-1] Exim vulnerabilities [05:39]

[USN-4935-1] NVIDIA graphics drivers vulnerabilities [07:58]

  • 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
  • Not much detail from NVIDIA
    • improper access control -> DoS, infoleak or data corruption -> privesc etc
    • incorrect use of reference counting -> DoS (crash?) (UAF?)

Goings on in Ubuntu Security Community

Linux Technical Advisory Board response to UMN incident [08:56]

  • Covered in Episode 113
  • https://lore.kernel.org/lkml/202105051005.49BFABCE@keescook/
  • Kees Cook (previously inaugural Tech Lead of Ubuntu Security Team) posted to LKML the Tab’s report (various folks from across the Linux Kernel community, including from Red Hat, Google, Canonical and others)
  • Detailed timeline of events, identification of the “hypocrite” commits in question
  • Recommendations going forward
    • UMN must improve quality of their submissions since even for a lot of what were good-faith patches, they actually had issues and either didn’t fix the purported issue or tried to fix a non-issue
    • TAB will create a best-practices document for all research groups when working with the kernel or other open source projects

Hiring [11:36]

AppArmor Security Engineer

Linux Cryptography and Security Engineer

Security Engineer - Ubuntu

Get in contact

Kategorier
Förekommer på
00:00 -00:00