Start / Ubuntu Security Podcast / Episode 134

Episode 134

14 min • 15 oktober 2021

Overview

It’s release week! As Ubuntu 21.10 Impish Indri is released we take a look at some of the new security features it brings, plus we cover security updates for containerd, MongoDB, Mercurial, docker.io and more.

This week in Ubuntu Security Updates

58 unique CVEs addressed

[USN-5095-1] Apache Commons IO vulnerability [00:46]

1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- CVE-2021-29425
Failed to properly sanitize filenames in FileNameUtils.normalize() - should remove relative path components like ../ but if contained leading double-slashes this would fail - and the original path would be returned without alteration - so could then possibly get relative directory traversal to the parent directory depending on how this returned value was used.

[USN-5106-1] Linux kernel (OEM) vulnerabilities [01:36]

6 CVEs addressed in Focal (20.04 LTS)
io_uring (5.1) - unprivileged user - trigger free of other kernel memory - code execution
Episode 133

[USN-4973-2] Python vulnerability [02:18]

1 CVEs addressed in Focal (20.04 LTS)
- CVE-2021-29921
ipaddress with octal encoded numbers vuln previously fixed but the patch with this fix got dropped in an intervening SRU where 3.8.10 got backported to 20.04 (LP: #1928057)

[USN-5099-1] Imlib2 vulnerability [03:11]

1 CVEs addressed in Focal (20.04 LTS)
- CVE-2020-12761
integer overflow -> OOB read - ICO file with an excessive amount of colors declared in its color map - fixed to error out in this case

[USN-5100-1] containerd vulnerability [03:43]

1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
- CVE-2021-41103
container bundles root dirs and plugins had excessive permissions - allows an unprivileged Linux user to traverse directory contents and execute programs in these dirs. If a container image was created with setuid executables then that user on the Linux host could execute these setuid binaries and gain root privileges on the host.

[USN-5101-1] MongoDB vulnerability [04:34]

1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- CVE-2019-20925
Unauthenticated client can send crafted messages to the server which specify a negative size when decompressed - an insufficient amount of memory would then get allocated and lead to a possible OOB write
Thanks to Heather Lemon from Sustaining Engineering team for preparing this update

[USN-5102-1] Mercurial vulnerabilities [05:10]

2 CVEs addressed in Bionic (18.04 LTS)
- CVE-2018-17983
- CVE-2019-3902
Mishandled symlinks in subrepos - defeats usual path-checking logic and so could could allow an attacker to write arbitrary files to the victim’s filesystem outside the repo
OOB read when parsing malformed manifest entries

[USN-5097-1] LedgerSMB vulnerabilities

3 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04)

[USN-5098-1] bl vulnerability

1 CVEs addressed in Bionic (18.04 LTS)
- CVE-2020-8244

[USN-5103-1] docker.io vulnerability

1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
- CVE-2021-41089
docker cp - could craft a container image that would result in docker cp making changes to existing files on the host filesystem - doesn’t actually allow to read/modify or execute files on the host but could make them readable/change perms etc and expose info on the host

[USN-5104-1] Squid vulnerability

1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
- CVE-2021-28116

[USN-5105-1] Bottle vulnerability

1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- CVE-2020-28473

[USN-5022-3] MySQL vulnerabilities

16 CVEs addressed in Xenial ESM (16.04 ESM)

[USN-5107-1] Firefox vulnerabilities [06:47]

7 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
93.0 - usual web issues - “if a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof another origin, or execute arbitrary code.”

[USN-5108-1] libntlm vulnerability [07:32]

1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- CVE-2019-17455
stack buffer OOB read when handling a crafted NTLM request since used a fixed size buffer in various functions - fixed to truncate size to fit within the buffer if too big to avoid overflowing the buffer

[USN-5078-3] Squashfs-Tools vulnerability [07:54]

1 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04)
- CVE-2021-41072
Original backport of patch contained an error and so failed to work for squashfs 2.x filesystems - would fail to actually sort entries as expected - thanks to Salvatore Bonaccorso from the Debian security team for bringing this to our attention

Goings on in Ubuntu Security Community

Ubuntu 21.10 (Impish Indri) released [09:08]

https://ubuntu.com/blog/ubuntu-21-10-has-landed
5.13 kernel
- KFENCE memory error detector
- Stack offset randomisation across system-calls
- Landlock LSM
Disabled unprivileged BPF
GCC 11

Hiring [13:12]

Security Product Manager

https://canonical.com/careers/2278145/security-product-manager-remote

Get in contact

Kategorier

Poddar Teknologi

Förekommer på

Teknik

00:00 -00:00