Sveriges mest populära poddar

Ubuntu Security Podcast

Episode 121

15 min • 25 juni 2021

Overview

Ubuntu One opens up two-factor authentication for all, plus we cover security updates for Nettle, libxml2, GRUB2, the Linux kernel and more.

This week in Ubuntu Security Updates

73 unique CVEs addressed

[USN-4989-2] BlueZ vulnerabilities [00:57]

  • 2 CVEs addressed in Xenial ESM (16.04 ESM)
  • Episode 120 - bluetooth spec issue around pairing takeover plus a possible double-free in gattool that is likely quite hard to exploit due to time window race between the two free() calls

[USN-4990-1] Nettle vulnerabilities [01:27]

  • 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
  • Low level crypto library used by lots of packages - chrony, dnsmasq, lighttpd, qemu, squid, supertuxkart
  • Last covered just a few weeks ago in Episode 112 - is someone taking a closer look at this library?
  • Bleichenbacher type side-channel base on a padding oracle attack in endian conversion of RSA decrypted PKCS#1 v1.5 data - requires to run a process on the same physical core as the victim - but could then allow the plaintext to be extracted
  • RSA algo possible crash which is able to be triggered on decryption of manipulated ciphertext
  • Changes required for both of these are too intrusive to backport for the older releases (e.g. 16.04 ESM) so suggest to upgrade to a newer Ubuntu release if you are using nettle on these older releases and are concerned about possible attacks

[USN-4991-1] libxml2 vulnerabilities [03:08]

[USN-4992-1] GRUB 2 vulnerabilities [03:33]

[USN-4993-1] Dovecot vulnerabilities [05:13]

  • 2 CVEs addressed in Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
  • STARTTLS plaintext command injection vuln via SMTP, plus if a local attacker could write files to the disk, they could supply their own keys to validate their own supplied JSON Web Token and hence login as any other user and then access their emails if using OAUTH2

[USN-4994-1, USN-4994-2] Apache HTTP Server vulnerabilities [05:58]

  • 5 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
  • Various DoS issues where under certain configurations an attacker could issue particular requests and trigger various crashes in Apache

[USN-4996-1, USN-4996-2] OpenEXR vulnerabilities [06:16]

[USN-4995-1] Thunderbird vulnerabilities [06:48]

[USN-4997-1] Linux kernel vulnerabilities [08:22]

[USN-4999-1] Linux kernel vulnerabilities [09:51]

[USN-5000-1] Linux kernel vulnerabilities [10:08]

[USN-5001-1] Linux kernel (OEM) vulnerabilities

[USN-5002-1] Linux kernel (HWE) vulnerability [10:23]

  • 1 CVEs addressed in Bionic (18.04 LTS)
  • 5.3
  • CAN BCM

[USN-5003-1] Linux kernel vulnerabilities [10:35]

  • 3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
  • 4.15 (bionic, xenial esm hwe, trusty esm azure)
  • CAN BCM and eBPF verifier OOB write

Goings on in Ubuntu Security Community

2FA coming to Ubuntu One [11:04]

  • https://ubuntu.com/blog/two-factor-authentication-coming-to-ubuntu-one
  • Used for access to discourse.ubuntu.com, Launchpad, ubuntuforums, publishers on the Snap Store etc
  • Allows to use a phone / desktop TOTP app as second factor, or Yubikey TOTP etc
  • Has actually been supported since 2014 but only available to a beta testing group plus for all Canonical employees, due to challenges in account recovery
    • Since Ubuntu One purposefully doesn’t store any real identifying information (name, email, username) we can’t easily verify account holders if they lose the 2FA device
    • The intent is to be robust even in the event that a users email address is compromised
  • Now have a comprehensive code recovery experience including printable backup codes and mechanisms in place to encourage users to exercise backup codes so that users can feel confident in using these if they need to (ie where did I put my backup codes again..?)

Get in contact

Kategorier
Förekommer på
00:00 -00:00