Sveriges mest populära poddar

Ubuntu Security Podcast

Episode 16

11 min • 17 december 2018

Overview

Last episode for 2018! This week we look at CVEs in lxml, CUPS, pixman, FreeRDP & more, plus we discuss the security of home routers as evaluated by C-ITL.

This week in Ubuntu Security Updates

21 unique CVEs addressed

[USN-3841-1, USN-3841-2] lxml vulnerability

  • 1 CVEs addressed in Precise ESM, Trusty, Xenial, Bionic
  • Popular XML/HTML parser for Python
  • Tries to remove clean input document and remove links (to say embedded javascript code) - but doesn’t account for links containing escaped characters - so link could persist
  • Similar to CVE-2014-3146
    • In this case tried to account for whitespace in links but didn’t include all possible whitespace characters

[USN-3842-1] CUPS vulnerability

  • 1 CVEs addressed in Trusty, Xenial, Bionic, Cosmic
  • Session cookies used for authentication to CUPS web interface used only the current time in seconds as a seed for the relatively predictable PRNG
    • Easy to bruteforce / guess
    • Fix ensures to use current time value including microseconds
    • Still using relatively predictable PRNG - should use /dev/urandom etc

[USN-3837-2] poppler regression

  • 2 CVEs addressed in Trusty, Xenial, Bionic, Cosmic
  • Previous poppler update (Episode 15) - fix missed a previous commit and so regressed (crash on opening certain PDF files)

[USN-3843-1, USN-3843-2] pixman vulnerability

  • 1 CVEs addressed in Precise ESM, Trusty
  • Low level library for pixel manipulation (used by X, Wayland, Qemu etc)
  • Pointer overflow leading to stack-based buffer overflow in computing bounds of pixel buffers
    • Did include a check to see if was inside bounds, BUT didn’t account for possible overflow in arithmetic before the check
    • Need to check for possible overflow before doing arithmetic and comparison

[USN-3844-1] Firefox vulnerabilities

[USN-3845-1] FreeRDP vulnerabilities

Goings on in Linux Security Community

Linux on MIPS and home routers

  • Cyber-ITL (Independent Testing Lab) analysed a number of home routers for basic security hardening features
    • ASLR, DEP (non-executable stack), RELRO
    • Mix of MIPS and ARM devices
    • Compared against Ubuntu 16.04 LTS x86_64 (general hardening)
    • Most found to have minimal hardening features enabled
    • https://cyber-itl.org/assets/papers/2018/build_safety_of_software_in_28_popular_home_routers.pdf
    • Also found Linux kernel on MIPS either has executable stack (until 2016) due to FP emulation code, or since then has no executable stack but has a RWX segment at a fixed location, which can be used to bypass DEP / ASLR
      • Ubuntu does not support MIPS

Final episode for 2018

  • This is the last episode for 2018, on leave for the next 3 weeks
  • Next episode will be from Cape Town in 2019 during week of 14th January with some special guests… :)

Get in contact

Kategorier
Förekommer på
00:00 -00:00