Overview
Ubuntu 22.04 LTS (Jammy Jellyfish) is officially released 🎉 and so this
week we take a quick look at the new features and enhancements, with a
particular focus on security, plus we cover security updates for the Linux
kernel, Firefox, Django, Git, Gzip and more.
This week in Ubuntu Security Updates
58 unique CVEs addressed
[USN-5368-1] Linux kernel vulnerabilities [00:51]
- 23 CVEs addressed in Focal (20.04 LTS)
- 5.13 azure/oracle for 20.04 LTS
- BPF verifier could possibly allow pointer arithmetic in BPF operations -
OOB read / write -> crash (DoS) or privesc
- cgroups v1
release_agent
not properly restricted -> privesc
- UAF in network traffic control - DoS/crash
[USN-5377-1] Linux kernel (BlueField) vulnerabilities [01:52]
- 15 CVEs addressed in Focal (20.04 LTS)
- BPF verifier could possibly allow pointer arithmetic in BPF operations -
OOB read / write -> crash (DoS) or privesc
- cgroups v1
release_agent
not properly restricted -> privesc
[USN-5366-1] FriBidi vulnerabilities [02:07]
- 3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10)
- Various memory corruption vulns in library for handling unicode
bidirectional text
[USN-5369-1] oslo.utils vulnerability [02:21]
- 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10)
- Python utility functions for OpenStack
- Passwords which contained a double-quote would not be properly masked in
debug logs in which case the part of the password following the double
quote would be exposed
[USN-5370-1] Firefox vulnerabilities [02:50]
- 11 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10)
- 99.0
- Including an issue where just selecting text could be enough to cause a
memory corruption in text selection cache and cause firefox to crash
[USN-5331-2] tcpdump vulnerabilities [03:34]
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- Episode 153 for xenial - now same updates for bionic + focal
- 3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10)
- 2 different SQL injection attacks and 1 header in injection attack
[USN-5374-1] libarchive vulnerability [04:07]
- 1 CVEs addressed in Focal (20.04 LTS), Impish (21.10)
- OOB when handling crafted LZMA archives -> DoS
[USN-5372-1] Subversion vulnerabilities [04:24]
- 2 CVEs addressed in Focal (20.04 LTS), Impish (21.10)
- 2 vulns in svn server - both in handling of path based auth rules - 1 as
logic error could then allow an attacker to bypass these and info about
private paths
- other as a UAF -> crash/RCE
[USN-5376-1] Git vulnerability [05:13]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10)
- Possible local RCE if another user creates a .git directory in the system
root and specifies arbitrary commands in that git config
[USN-5371-1] nginx vulnerabilities [05:55]
- 3 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10)
- HTTP req smuggling
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10)
- xzgrep/zgrep with crafted filenames -> local file overwrite
[USN-5379-1] klibc vulnerabilities [06:27]
- 4 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
- Various integer overflows and other bugs leading to memory corruption ->
RCE in these low-level tools (designed for use in initramfs/embedded
systems etc - cat/dd/dmesg/gzip/ipconfig/mv/readlink and more)
[USN-5380-1] Bash vulnerability [07:12]
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
- Incorrect handling of setuid binaries - didn’t drop privileges correctly,
so could allow a user who could cause bash to load their own crafted
builtin module to then escalate privileges by then restoring the saved
UID
Goings on in Ubuntu Security Community
Ubuntu 22.04 LTS Release! [08:02]
- By the time you read / hear this will likely already be out
- LTS - 5 years of standard support, plus 5 years of ESM support - 10 years
of security support in total
- https://discourse.ubuntu.com/t/jammy-jellyfish-release-notes/24668
- Multiple kernels depending on which product you install
- Desktop
- 5.17 on OEM certified devices
- Rolling HWE kernel for other hardware (currently 5.15)
- Server
- Non-rolling LTS kernel (5.15)
- Cloud
- Use optimised kernels in collaboration with partners (currently 5.15+
with additional backports / features)
- As always these are just the defaults and you can change as you desired
(ie could enable rolling HWE kernel on server if required)
- UDP disabled for NFS mounts
- Toolchain upgrades
- GCC 11.2.0, Python 3.10 (with PIE🥧), LLVM 14, Golang 1.18.x, rustc 1.58
- OpenJDK 18 provided (but not default and not in main, still default to
openjdk-11 in main and supported)
- systemd-oomd enabled by default on Ubuntu desktop
- OpenSSL 3.0
- Disables various legacy algorithms (SHA1/MD5 for certificate hashes)
- nftables default backend for firewall
- Still ship legacy iptables tools which will use the xtables backend but
not by default - sysadmins need to ensure all applications which
configure firewall rules use the same backend (e.g. if using docker
snap need to switch to legacy xtables backend until the snap is updated
to detect and use the new nftables backend)
- ssh-rsa with sha-1 signatures disabled by default in openssh
- scp supports a new -s option to use sftp instead of scp which is safer
(see USN-3885-1 etc)
- Firefox is a snap
- Maintained and published directly by Mozilla - faster access to newer
versions
- Sandboxed for improved security hardening
- Lots of changes for server too (new BIND, Apache, PostgreSQL, Django,
MySQL, Samba)
- Qemu 6.2.0 (massively improved RISC-V support)
- Libvirt + swtpm for TPM emulation
- virt-manager will then enable a TPM OOTB for UEFI boot of VMs
- wireguard is now in main \o/
- First LTS release for Ubuntu Desktop on RPi
Ubuntu Security Podcast on break for 1 week
- Returning end of the first week of May 2022
Get in contact