Episode 151

Overview

This week we do the usual round-up of security vulnerability fixes for the various Ubuntu releases, plus we discuss enabling PIE for Python and preview some upcoming content on Ubuntu system hardening as well.

This week in Ubuntu Security Updates

44 unique CVEs addressed

[USN-5292-4] snapd regression [00:52]

• 4 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10)
  • CVE-2021-44731
  • CVE-2021-44730
  • CVE-2021-4120
  • CVE-2021-3155
• Episode 149 - another regression with fish shell

[USN-5303-1] PHP vulnerability [01:20]

• 1 CVEs addressed in Focal (20.04 LTS), Impish (21.10)
  • CVE-2021-21708
• UAF - PoC exists which shows the ability to crash PHP interpreter via a crafted database query - possible RCE as well

[USN-5304-1] PolicyKit vulnerability [01:40]

• 1 CVEs addressed in Focal (20.04 LTS), Impish (21.10)
  • CVE-2021-4115
• fd exhaustion - send 2 requests and cause the first one to fail - leaks the fd - eventually polkit runs out of fds and crashes - will be restarted by systemd so impact is low

[USN-5305-1] MariaDB vulnerabilities [02:17]

• 10 CVEs addressed in Focal (20.04 LTS), Impish (21.10)
  • CVE-2022-24052
  • CVE-2022-24051
  • CVE-2022-24050
  • CVE-2022-24048
  • CVE-2021-46668
  • CVE-2021-46665
  • CVE-2021-46664
  • CVE-2021-46663
  • CVE-2021-46661
  • CVE-2021-46659
• Several security issues - latest upstream point releases
• 10.3.34 for 20.04 LTS
• 10.5.15 for 21.10

[USN-5306-1] WebKitGTK vulnerabilities [02:44]

• 3 CVEs addressed in Focal (20.04 LTS), Impish (21.10)
  • CVE-2022-22592
  • CVE-2022-22590
  • CVE-2022-22589
• Various issues in webkit fixed

[USN-5307-1] QEMU vulnerabilities [02:58]

• 11 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10)
  • CVE-2022-0358
  • CVE-2021-4158
  • CVE-2021-3930
  • CVE-2021-3748
  • CVE-2021-3713
  • CVE-2021-3682
  • CVE-2021-3546
  • CVE-2021-3545
  • CVE-2021-3544
  • CVE-2021-20203
  • CVE-2021-20196
• Various issues - integer overflow, NULL ptr derefs, memory leaks and disclosures in vhost-user GPU driver, crash or possible code-exec in USB redirector device emulation etc

[USN-5309-1] virglrenderer vulnerabilities [03:28]

• 2 CVEs addressed in Focal (20.04 LTS), Impish (21.10)
  • CVE-2022-0175
  • CVE-2022-0135
• Virtual GPU for KVM
• info leak and possible OOB write

[USN-5310-1] GNU C Library vulnerabilities [03:48]

• 12 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10)
  • CVE-2022-23219
  • CVE-2022-23218
  • CVE-2021-3999
  • CVE-2021-3998
  • CVE-2021-35942
  • CVE-2021-27645
  • CVE-2020-6096
  • CVE-2021-3326
  • CVE-2020-29562
  • CVE-2020-27618
  • CVE-2019-25013
  • CVE-2016-10228
• Usual mix of issues in libc - OOB read / writes - crash / possible code execution - in various modules - character encoding handling in iconv, netgroup lookups via nscd daemon, wordexp() / realpath() / getcwd() functions etc

Goings on in Ubuntu Security Community

Python + PIE? [04:45]

• https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1452115
• Request since 2015 to enable this
• When compiled as PIE enables to use exec ASLR which can frustrate ROP exploits etc
• Performance testing shows this to have no impact
• Coordinating with foundations team to try and land for Ubuntu 22.04 LTS as a FFe

Security advice for running your own server [07:02]

• https://discourse.ubuntu.com/t/basic-security-advice-for-running-your-own-server/26786

Hiring [07:33]

Ubuntu Security Engineer

• https://canonical.com/careers/2925180/security-engineer-ubuntu-remote
• Home based, worldwide

Get in contact

• [email protected]
• #ubuntu-security on the Libera.Chat IRC network
• ubuntu-hardened mailing list
• Security section on discourse.ubuntu.com
• @ubuntu_sec on twitter