Overview
In this week’s episode we look at how to get media coverage for your shiny
new vulnerability, plus we cover security updates for ExifTool,
ImageMagick, BlueZ and more.
This week in Ubuntu Security Updates
49 unique CVEs addressed
[USN-4986-2] rpcbind vulnerability [00:44]
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
- Episode 119 (bionic) - memory leak on crafted requests
- Affecting Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
- Original fix missed follow-up patches to correct problems in the upstream
fix - required multiple other bits to work correctly
[USN-4971-2] libwebp vulnerabilities [01:34]
- 10 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
- Episode 118
[USN-4987-1] ExifTool vulnerability [01:50]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Was originally reported to gitlab via hackerone as exiftool is used on
image uploads to redact image metadata etc - they coordinated the fix
with exiftool upstream. RCE when parsing a malicious DjVu image - uses
perl to parse DjVu and in doing so it eval’s certain constructs without
properly validating them
[USN-4988-1] ImageMagick vulnerabilities [03:17]
- 34 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- every ~30 weeks we seem to have another ImageMagick update - so that time again ;)
- DoS, RCE etc
[USN-4989-1] BlueZ vulnerabilities [03:56]
- 3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- 1 bluetooth core specification issue - during pairing a nearby attacker
could interpose on the pairing process and hence complete the pairing
instead of the intended device
- 2 issues in bluez code itself
- double free (UAF) + OOB read
Goings on in Ubuntu Security Community
How to get media coverage for your Linux vulnerabilities [04:48]
- In Episode 119 covered an update for polkit - the following day Github
published a blog post with significant details of the vuln - then we saw
a heap of media coverage
- Why did this vuln get so much coverage when lots of others don’t?
- Great technical detail from a reputable and popular source (github)
- Very clearly written and easy to understand
- Is a simple logic error that can be triggered via a race-condition in
a privileged daemon
- PoC can be implemented as a 1 line bash invocation so is also simple
to understand
- c.f. a complicated memory corruption vuln or similar (ie no need to
understand memory management, heap grooming etc etc)
- Or give it a cool name and logo
- heartbleed was one of the first to do this and this likely helped it
get noticed and patched (plus fame/notoriety for the researchers)
- Since then we have seen many (shellshock, stagefright, dirty cow,
spectre, meltdown, boothole etc) but not all vulns that get names/logos
are created equal - impact / exploitability varies greatly - so a name
and a logo doesn’t necessarily mean a vuln is critical
Get in contact