Sveriges mest populära poddar

Ubuntu Security Podcast

Episode 145

57 min • 6 januari 2022

Overview

The Ubuntu Security Podcast is back for 2022 and we’re starting off the year with a bang💥! This week we bring you a special interview with Kees Cook of Google and the Linux Kernel Self Protection Project discussing Linux kernel hardening upstream developments. Plus we look at security updates for Mumble, Apache Log4j2, OpenJDK and more.

This week in Ubuntu Security Updates

31 unique CVEs addressed

[USN-5195-1] Mumble vulnerability [01:02]

  • 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
  • Low-latency VoIP client - client / server model
  • Client picks a server to connect to from public server list
  • Malicious actor could register a server with a web URL that uses some other protocol - e.g. smb to then refer to a .desktop file
  • When user chose the option to ‘Open Webpage’ for that server, would automatically fetch and execute via underlying Qt framework libraries QDesktopServices::openUrl function
  • Fixed to check URI scheme and only open if is http/https
  • Wonder if this kind of vuln may be seen in other applications?

[USN-5192-2] Apache Log4j 2 vulnerability [02:13]

[USN-5203-1] Apache Log4j 2 vulnerability

[USN-5202-1] OpenJDK vulnerabilities [03:13]

[USN-5199-1, USN-5200-1, USN-5201-1] Python vulnerabilities [04:26]

  • 1 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04) for Python 3.8/3.9
  • 2 CVEs addressed in Bionic (18.04 LTS) for Python 3.6
  • 3 CVEs addressed in Bionic (18.04 LTS) for Python 3.7/3.8
  • 3 different DoS via urllib http client
    • infinite loop when handling 100 Continue responses - malicious HTTP server could cause a DoS against clients - affects all
    • ReDoS due to quadratic complexity regex in basic auth handling - only affects Python 3.6->3.8 in Ubuntu 18.04
    • Similar but different ReDos in basic auth handling - only affects Python 3.7/3.8 in Ubuntu 18.04

[USN-5198-1] HTMLDOC vulnerability [05:37]

  • 1 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04)
  • Used to covert HTML/Markdown files to generate EPUB/HTML/PS/PDF with ToC etc
  • Through fuzzing a NULL ptr deref was found if given crafted input HTML file -> crash -> DoS

[USN-5186-2] Firefox regressions [06:06]

Goings on in Ubuntu Security Community

Seth and John talk Linux Kernel Security with Kees Cook [06:53]

  • Seth Arnold and John Johansen from the Ubuntu Security team chat with Kees Cook from Google (KSPP) about Linux kernel hardening and self-protection, including KASLR and FGKASLR, delving into the finer points of linker scripts, kernel address pointer info leaks through debug logs, detecting possible integer overflows in C by relying on undefined behaviour of signed integer wraparound, hardware support for detecting memory corruption and more.

Get in contact

Kategorier
Förekommer på
00:00 -00:00