Sveriges mest populära poddar

Ubuntu Security Podcast

Episode 124

14 min • 30 juli 2021

Overview

It’s another week when too many security updates are never enough as we cover 240 CVE fixes across Avahi, QEMU, the Linux kernel, containerd, binutils and more, plus the Ubuntu 20.10 Groovy Gorilla end-of-life.

This week in Ubuntu Security Updates

240 unique CVEs addressed

[USN-5008-1, USN-5008-2] Avahi vulnerabilities [00:36]

  • 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
  • 2 DoS via local users - first via abusing the Avahi daemon’s unix socket -> hang
  • second by calling asking the avahi daemon to resolve a crafted domain name either via the DBus API or the local socket - assert() -> crash

[USN-5006-2] PHP vulnerabilities [01:12]

[USN-5009-1] libslirp vulnerabilities [01:31]

[USN-5010-1] QEMU vulnerabilities [02:07]

[LSN-0078-1] Linux kernel vulnerability [03:14]

  • 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
  • Livepatch for CAN BCM UAF -> arbitrary code exec (Episode 121)

[USN-5014-1] Linux kernel vulnerability [03:49]

  • 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Hirsute (21.04)
  • high priority respin
  • seq_file vuln - this virt file-system contained an unsigned integer conversion error - would result in a local user being able to cause an OOB write and hence possible code-exec in the kernel -> privesc

[USN-5015-1] Linux kernel (OEM) vulnerabilities [04:28]

[USN-5016-1] Linux kernel vulnerabilities [04:54]

[USN-5017-1] Linux kernel vulnerabilities [05:26]

[USN-5018-1] Linux kernel vulnerabilities [05:49]

[LSN-0079-1] Linux kernel vulnerability [06:21]

  • 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
  • seq_file vuln plus eBPF codeexec

[USN-5019-1] NVIDIA graphics drivers vulnerabilities [06:43]

  • 3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
  • 2 DoS - one by triggering an assert(), the other by dereferencing an untrusted pointer - kernel crash in either case
  • OOB array access (OOB read) - info leak or crash -> DoS

[USN-5012-1] containerd vulnerabilities [07:23]

  • 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
  • When extracting a container image, would try and set the owner/permissions on the resulting extracted files - if these files were symlinks pointing to existing files on the host then would change perms of those files instead - fixed to ensure it does not follow symlinks when applying this permissions changes

[USN-5013-1, USN-5013-2] systemd vulnerabilities [08:00]

  • 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
  • When parsing mount paths, would allocate memory for the path on the stack - if a local attacker can mount a file-system with a very long path name, would overflow the entire stack memory and cause systemd to crash - as systemd is PID1 this effectively crashes the whole system
  • Remote attacker could cause sytemd DHCP client to force assign a different address and hence could cause a networking DoS against a remote server on the same network by making it unroutable etc

[USN-4336-2] GNU binutils vulnerabilities [09:12]

[USN-5020-1] Ruby vulnerabilities [10:24]

  • 3 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
  • RCE, port scans / banner extractions, interpose on connections to bypass TLS

[USN-5021-1] curl vulnerabilities [10:46]

  • 3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
  • Failed to initialise data when handling TELNET connections - if these structures happened to contain sensitive info -> info leak
  • Could reuse connections from the connection pool in the wrong circumstances, leading to reusing wrong connection and sending data to wrong host

[USN-5022-1] MySQL vulnerabilities [11:36]

[USN-5023-1] Aspell vulnerability [12:00]

  • 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
  • Heap buffer overflow - fixed to actually validate size before using

Goings on in Ubuntu Security Community

Ubuntu 20.10 Groovy Gorilla EOL [12:25]

Get in contact

Kategorier
Förekommer på
00:00 -00:00