Overview
This week we look at security updates for Firefox, PostgreSQL, MariaDB,
HAProxy, the Linux kernel and more, plus we cover some current openings on
the team - come join us ☺
This week in Ubuntu Security Updates
35 unique CVEs addressed
[USN-5037-1] Firefox vulnerabilities [00:39]
- 10 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
- 91.0
- Better support for clearing cookies to stop possible hidden data leaks as part of the Total Cookie Protection
- Private browsing to use attempt HTTPS by default than fallback to HTTP
- Various security fixes:
- race condition on DNS resolution specific to Linux -> memory
corruption -> crash / RCE
- also specific to Linux - subsequent permissions dialogs would accept
input in the location of the original one - so could possibly trick a
user into accepting a permission without their direct knowledge
- various other memory corruption issues in JIT etc
[USN-3809-2] OpenSSH regression [02:54]
- 2 CVEs addressed in Bionic (18.04 LTS)
- Episode 11 - possible user enumeration since as a result of patching
CVE-2018-15473 the behaviour when trying to log in changed depending on
whether the specific user account existed or not - due to a mistake made
when backporting the upstream patch
[USN-5038-1] PostgreSQL vulnerabilities [03:38]
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
- 2 possible remote crasher bugs - one through just sending a crafted TLS
ClientHello message -> NULL ptr deref -> crash, the other via the planner
which is used to try and optimise SQL queries - possible OOB read
[USN-5022-2] MariaDB vulnerabilities [04:19]
- 2 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04)
- Episode 124 in MySQL - only 2 of these also were relevant to MariaDB
- Like MySQL, update to latest point release in each series - 10.5.12 for
hirsute, 10.3.31 for focal - includes both bug and security fixes
[USN-5042-1] HAProxy vulnerabilities [05:07]
- Affecting Focal (20.04 LTS), Hirsute (21.04)
- HTTP/2 handling issues in HAProxy
- Researchers investigated HTTP/2 handling in various gateway / proxies and
found multiple issues - HTTP/2 desync attacks - allow to possibly hijack
clients, poison caches, and steal credentials
- Initially HAProxy upstream thought they were safe but then found after
more analysis they were vulnerable to a few of the possible issues
- Can be mitigated by disabling HTTP/2 or just install these updates :)
[USN-5043-1] Exiv2 vulnerabilities [06:04]
- 11 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
- Slew of issues discovered by Kevin Backhouse from Github security team
- C++ - so usual mix of issues - OOB read, NULL ptr deref, floating point
exception (div/0), infinte loop, assertion failure - all DoS
[USN-5039-1] Linux kernel vulnerability [06:49]
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
- netfilter setsockopt()
[LSN-0080-1] Linux kernel vulnerability [07:08]
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5044-1] Linux kernel vulnerabilities [07:39]
- 3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
- 4.15 bionic + ESM HWE
- 2 bluetooth UAF and 1 NFC NULL ptr deref
[USN-5045-1] Linux kernel vulnerabilities [08:06]
- 4 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- 5.4 focal + bionic hwe
- same as above plus CAN BCM uninitialised memory - info leak to local
attacker
[USN-5046-1] Linux kernel vulnerabilities [08:31]
- 6 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04)
- 5.11 hirsute + focal hwe
- bluetooth UAF, NFC NULL ptr deref, access control issue in bluetooth -
could allow a local attacker in range to expose info, xen PV issue -
attacker in guest could DoS/RCE on host
Goings on in Ubuntu Security Community
Hiring [09:10]
Linux Cryptography and Security Engineer
Security Engineer - Ubuntu
Get in contact