Overview
This week we look at some details of the 90 unique CVEs addressed across the supported Ubuntu releases and more.
This week in Ubuntu Security Updates
90 unique CVEs addressed
[USN-4934-2] Exim vulnerabilities [00:41]
- 16 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS)
- Episode 114
[USN-4937-1] GNOME Autoar vulnerability [01:00]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Directory traversal due to failure to properly handle symlinks (result of
incomplete fix for previous CVE-2020-36241)
[USN-4936-1] Thunderbird vulnerabilities [01:47]
- 5 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)
- 78.8.1
- If used a PGP key but then a failure occurred, TB would keep the
decrypted key in memory - on Ubuntu we enable Yama ptrace restrictions
(ptrace_scope) - so this means processes can only ptrace their
descendents by default and hence even other user-level processes cannot
dump the memory of another process to say extract this private key
- Various other CVEs inherited from Firefox
[USN-4938-1] Unbound vulnerabilities [03:21]
- 13 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- Validating, recursive DNS resolver
- Remote DoS, command injection, RCE, local file overwrite etc
[USN-4939-1] WebKitGTK vulnerabilities [03:48]
- 3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- 1 logic issue, 2 memory corruption bugs - all leading to possible RCE
[USN-4940-1] PyYAML vulnerability [04:12]
- 1 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)
- RCE when processing untrusted YAML - due to incomplete fix for previous
CVE-2020-1747 - that CVE not specifically patched in Ubuntu as either the
versions of pyyaml were too old to be affected or were based on upstream
releases that had already patched it
[USN-4941-1] Exiv2 vulnerabilities [04:35]
- 4 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- EXIF/IPTC/XMP metadata manipulation tool
- Heap buffer overflow or OOB read when writing metadata - so not so likely
to be triggered by applications that are just extracting metadata etc
- Heap buffer overflow for handling EXIF in JPG images
[USN-4942-1] Firefox vulnerability [05:09]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- 88.0.1
- Race condition on destruction of WebRender components -> UAF? -> possible RCE
[USN-4943-1] XStream vulnerabilities [05:32]
- 14 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Episode 102 - B+F - corresponding fixes for those 3 CVEs for G
- Also a heap of others - denial of service, arbitrary code execution,
arbitrary file deletion and server-side forgery attacks
[USN-4944-1] MariaDB vulnerabilities [06:04]
- Affecting Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Latest upstream point releases rolling in a large number of security fixes:
- Ubuntu 18.04 LTS has been updated to MariaDB 10.1.48.
- Ubuntu 20.04 LTS has been updated to MariaDB 10.3.29.
- Ubuntu 20.10 has been updated to MariaDB 10.3.29.
- Ubuntu 21.04 has been updated to MariaDB 10.5.10.
- Thanks to Otto Kekäläinen from the MariaDB foundation for contributing
and preparing these updates
[USN-4945-1] Linux kernel vulnerabilities [06:33]
- 7 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- 5.4 (standard kernel for 20.04 LTS, HWE for 18.04 LTS)
[USN-4946-1] Linux kernel vulnerabilities
- 9 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS)
- 4.15 (standard kernel for 18.04 LTS, HWE for 16.04 ESM, Azure for 14.04
ESM)
[USN-4947-1] Linux kernel (OEM) vulnerabilities
- 5 CVEs addressed in Focal (20.04 LTS)
- 5.6 (OEM for 20.04 LTS)
[USN-4948-1] Linux kernel (OEM) vulnerabilities
- 21 CVEs addressed in Focal (20.04 LTS)
- 5.10 (OEM for 20.04 LTS)
- 3 Pwn2Own vulnerabilities
- Ryota Shiga - eBPF ring buffer
- Manfred Paul - eBPF bounds tracking on bitwise operations
- Billy Jheng Bing-Jhong - io_uring
- All OOB writes + info leaks -> local priv esc + code execution as
root
[USN-4949-1] Linux kernel vulnerabilities
- 12 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)
- 5.8 (standard kernel for 20.10, HWE for 20.04 ESM, Azure for 14.04
ESM)
[USN-4950-1] Linux kernel vulnerabilities
- 3 CVEs addressed in Hirsute (21.04)
- 5.11
- Plus CAN ISOTP race condition - discovered by a Norbert Slusarek (high
school student in Germany) - local privilege escalation
- Introduced via recent broadcast mode support (normally a CAN socket
registers a particular CAN ID to receive and only gets those frames -
was only in 5.11 kernel so only affected hirsute) - this support has
been removed from the hirsute kernel until a proper fix comes from
upstream
[USN-4951-1] Flatpak vulnerability [10:16]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- File forwarding issue which could allow an attacker to get access to
files that are not normally provided by the permissions granted to an app
- Use special tokens in the Exec line of the desktop file for an app could
trick flatpak runtime into providing access to a file as though this had
been explicitly granted by the user
- snapd generates desktop files so less likely to be affected by this
sort of issue - less untrusted input in general (but perhaps also less
flexible)
Goings on in Ubuntu Security Community
Hiring [11:47]
Linux Cryptography and Security Engineer
Security Engineer - Ubuntu
Get in contact