Overview
This week we look at the response from the Linux Technical Advisory Board
to the UMN Linux kernel incident, plus we cover the 21Nails Exim
vulnerabilities as well as updates for Bind, Samba, OpenVPN and more.
This week in Ubuntu Security Updates
40 unique CVEs addressed
[USN-4928-1] GStreamer Good Plugins vulnerabilities [00:40]
- 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- UAF or heap corruption when handling crafted Matroska files - crash / RCE
[USN-4929-1] Bind vulnerabilities [01:18]
- 3 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- 2 possible crasher bugs (failed assertions) -> DoS, 1 buffer over-read or
possible overflow -> crash / RCE
[USN-4930-1] Samba vulnerability [02:08]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Failed to properly handle negative idmap cache entries - could then end
up with incorrect group entries and as such could possibly allow a user
to access / modify files they should not have access to
[USN-4931-1] Samba vulnerabilities [02:51]
- 4 CVEs addressed in Trusty ESM (14.04 ESM)
- negative idmap cache entries issue plus some older vulns (Episode 95)
[LSN-0076-1] Linux kernel vulnerability [03:03]
- 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- 2 local user privesc vulns fixed:
- BPF JIT branch displacement issue (Episode 112)
- Overlayfs / file system capabilities interaction
[USN-4918-3] ClamAV regression [03:52]
- 3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Previous clamav update (back in April ) introduced a regression where clamdscan
would crash if called with –multiscan and –fdpass AND you had an
ExcludePath configured in the configuration - backported the upstream
commit from the development branch to fix this
[USN-4932-1] Django vulnerability [04:30]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Directory traversal via uploaded files with crafted names
[USN-4933-1] OpenVPN vulnerabilities [04:47]
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Race condition in handling of data packets could allow an attacker to
inject a packet using a victim’s peer-id before the crypto channel is
properly initialised - could cause the victim’s connection to be dropped
(DoS) but doesn’t appear to expose any sensitive info etc
- Attackers could possibly bypass auth on control channel and hence leak info
[USN-4934-1] Exim vulnerabilities [05:39]
- 21 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Qualsys - 21Nails - various vulns which could be chained together to get
full remote unauthenticated RCE and root privesc
- Possibly 60% of internet mail servers run exim and 4 million are publicly
accessible
- Previously has been a target of Sandworm
- In the process of preparing the updates for 16.04 / 14.04 ESM - expect to
be available in the next day or 2 so most likely will already be out by
the time you are listening to this
[USN-4935-1] NVIDIA graphics drivers vulnerabilities [07:58]
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Not much detail from NVIDIA
- improper access control -> DoS, infoleak or data corruption -> privesc etc
- incorrect use of reference counting -> DoS (crash?) (UAF?)
Goings on in Ubuntu Security Community
Linux Technical Advisory Board response to UMN incident [08:56]
- Covered in Episode 113
- https://lore.kernel.org/lkml/202105051005.49BFABCE@keescook/
- Kees Cook (previously inaugural Tech Lead of Ubuntu Security Team) posted
to LKML the Tab’s report (various folks from across the Linux Kernel
community, including from Red Hat, Google, Canonical and others)
- Detailed timeline of events, identification of the “hypocrite” commits in
question
- Recommendations going forward
- UMN must improve quality of their submissions since even for a lot of
what were good-faith patches, they actually had issues and either
didn’t fix the purported issue or tried to fix a non-issue
- TAB will create a best-practices document for all research groups when
working with the kernel or other open source projects
Hiring [11:36]
AppArmor Security Engineer
Linux Cryptography and Security Engineer
Security Engineer - Ubuntu
Get in contact