Overview
This week we look at some details of the 29 unique CVEs addressed across
the supported Ubuntu releases in the past 7 days and more.
This week in Ubuntu Security Updates
29 unique CVEs addressed
[USN-5131-1] Firefox vulnerabilities [00:42]
- 6 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)
- 94.0
- Copy image link - copies final image URL after redirects - if a page
were to then combine this with a content security policy which blocked
a redirect, the image URL may then contain any authentication tokens -
and so if a page could trick a user into copying and pasting that image
URL into the page an attacker could steal their auth token
- Various web framework issues
[USN-5132-1] Thunderbird vulnerabilities [01:56]
- 6 CVEs addressed in Impish (21.10)
- 91.2.1
- Usual web framework issues
[USN-5133-1] ICU vulnerability [02:17]
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
- unicode handling library
- UAF - could be triggered if was packaging the ICU data with malicious
input -> crash / RCU
[USN-5135-1] Linux kernel vulnerability [02:43]
- 1 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)
- impish (5.13), hirsute (5.11), focal hwe (5.11)
- IPC memory objects not properly accounted for in memcg - could allow to
bypass limits and cause DoS
[USN-5130-1] Linux kernel vulnerabilities [03:24]
- 2 CVEs addressed in Trusty ESM (14.04 ESM)
- 3.13
- 2 vulns courtesy of Jann Horn (GPZ) - in tty subsystem - lock order
issues - UAF - DoS/privesc (Episode 106)
[USN-5136-1] Linux kernel vulnerabilities [04:06]
- 9 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
- 4.15 (bionic, xenial hwe, trusty azure)
- IPC memory object leak plus various other vulns from Episode 136
[USN-5137-1] Linux kernel vulnerabilities [04:48]
- 10 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- 5.4 (focal, bionic hwe)
[USN-5134-1] Docker vulnerability [04:50]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)
- If was using a private registry for
docker login
but also had configured
credsStore
and credsHelper
in ~/.docker/config.json
and these were not
able to be executed (ie. execute bit not set or not in $PATH
), then creds
would get sent to the public docker registry rather than the configured
private registry.
Goings on in Ubuntu Security Community
Hiring [06:00]
Security - Product Manager
- HOME BASED - EMEA (Europe, Middle East, Africa)
- Role includes:
- guiding the evolution of security offerings from Canonical and Ubuntu
- driving compliance and certification of Ubuntu
- engaging with the open source security community
- telling the story of Canonical’s work to deliver secure platforms
- https://canonical.com/careers/2278145/security-product-manager-remote
Get in contact