Overview
This week we put out a call for testing and feedback on proposed Samba
updates for Ubuntu 18.04 LTS plus we look at security updates for Mailman,
Thunderbird, LibreOffice, BlueZ and more.
This week in Ubuntu Security Updates
15 unique CVEs addressed
[USN-5150-1] OpenEXR vulnerability [00:39]
- 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
- oss-fuzz -> div-by-zero with crafted image using YUV-encoded colors
[USN-5151-1] Mailman vulnerabilities [00:58]
- 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
- Similar to vulns in last Mailman update (Episode 136)
[USN-5152-1] Thunderbird vulnerabilities [01:27]
- 5 CVEs addressed in Impish (21.10)
- 91.3.1
- Usual web framework issues (HTML email etc) - one TB specific issue
around the ability to force TB into full-screen via web content
navigation - could then spoof usual chrome which is hidden in fullscreen
and get user input unexpectedly
[USN-5153-1] LibreOffice vulnerabilities [02:23]
- 2 CVEs addressed in Focal (20.04 LTS)
- 2 issues around interpretation / display of details for signed
documents - could inject a new timestamp and get this shown as the time
the document was signed, or could cause to show incorrect details for a
signed document by adding details from another certificate
- Too invasive to backport for 18.04 LTS
[USN-5154-1] FreeRDP vulnerabilities [03:28]
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)
- OOB write in client if sent malicious data from server -> crash / code-exec
- if using a gateway and the RPC protocol, would fail to validate input ->
malicious gateway could then corrupt client memory -> crash / code-exec
[USN-5155-1] BlueZ vulnerabilities [04:07]
- 3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)
- Would save and restore discoverable status on power down / power up - so
if powered down when discoverable would power up as discoverable
- UAF if gatt client disconnected during a particular write operation with
dbus - so would likely need bad luck or cooperation between a local
application / user and the device to trigger
- Memory leak in handling of SDP devices -> DoS
Goings on in Ubuntu Security Community
Samba updates available for testing for Ubuntu 18.04 LTS [05:24]
Get in contact