Bra podcast
Sveriges mest populära poddar
Overview
More Intel CPU issues, including Hertzbleed and MMIO stale data, plus we cover security vulnerabilities and updates for ca-certificates, Varnish Cache, FFmpeg, Firefox, PHP and more.
This week in Ubuntu Security Updates
64 unique CVEs addressed
[USN-5473-1] ca-certificates update [00:41]
- Affecting Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10)
- Updates to the latest 2.50 version of the Mozilla CA bundle - in particular this removes a bunch of expired certs plus an old (but still valid) GeoTrust certificate and others - also adds some new CA certs from GlobalTrust, Certum, GlobalSign too
[USN-5396-2] Ghostscript vulnerability [01:30]
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
- Episode 158
[USN-5474-1] Varnish Cache vulnerabilities [01:41]
- 4 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10), Jammy (22.04 LTS)
- Thanks to Luís Infante da Câmara for preparing, testing and providing the
debdiff’s for these updates
- Possible HTTP/1 and HTTP/2 request smuggling attacks
- DoS via triggering an assertion failure
- Pointer of one client reused on the next if both share the same connection - can expose info from the old client to the new one
[USN-5472-1] FFmpeg vulnerabilities [02:30]
- 35 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10), Jammy (22.04 LTS)
- CVE-2021-38291
- CVE-2020-22025
- CVE-2022-1475
- CVE-2021-38171
- CVE-2021-38114
- CVE-2020-35965
- CVE-2020-22037
- CVE-2020-22035
- CVE-2020-22030
- CVE-2020-22029
- CVE-2020-22027
- CVE-2020-22033
- CVE-2020-22021
- CVE-2020-22019
- CVE-2020-22042
- CVE-2020-22036
- CVE-2020-22034
- CVE-2020-22032
- CVE-2020-22031
- CVE-2020-22028
- CVE-2020-22026
- CVE-2022-22025
- CVE-2020-22023
- CVE-2020-22022
- CVE-2020-22020
- CVE-2020-22017
- CVE-2020-22016
- CVE-2020-22015
- CVE-2020-21697
- CVE-2020-21688
- CVE-2020-21041
- CVE-2020-20450
- CVE-2020-20453
- CVE-2020-20446
- CVE-2020-20445
- Thanks to Luís Infante da Câmara for preparing, testing and providing the debdiff’s for these updates
- Updates ffmpeg to latest upstream bug-fix releases
- 4.4.2 for 21.10, 22.04 LTS
- 4.2.7 for 20.04 LTS
- 3.4.11 for 18.04 LTS
[USN-5475-1] Firefox vulnerabilities [03:04]
- 12 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10)
- 101.0.1
- Usual mix of web browser / framework issues fixed - specially crafted website -> could exploit to cause DoS, info leak, spoof the browser UI, conduct XSS attacks, bypass content security policy (CSP) restrictions, or execute arbitrary code
[USN-5476-1] Liblouis vulnerabilities [03:54]
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10), Jammy (22.04 LTS)
- Braille translation library + utils
- Buffer overflow -> crash -> DoS
- OOB write -> crash -> DoS / RCE
[USN-5359-2] rsync vulnerability [04:27]
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
- Episode 156 (zlib memory corruption issue when compressing input data)
[USN-5477-1] ncurses vulnerabilities [04:54]
- 6 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
- Various memory corruption vulns fixed - requires to process crafted input files (e.g. termcap - but this is usually trusted so hence negligible rating for most of these CVEs)
[USN-5478-1] util-linux vulnerability [05:28]
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
- Memory leak in libblkid when parsing crafted MSDOS partition table
[USN-5479-1] PHP vulnerabilities [05:40]
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10), Jammy (22.04 LTS)
- both issues in handling of crafted inputs into database drivers - 1 for
postgres and 1 for mysql
- uninitialised var in pg driver -> UAF in certain error scenario -> RCE
- buffer overflow in password handler for mysqlnd (native driver) - rogue MySQL server could trigger this to get RCE
Goings on in Ubuntu Security Community
News on latest Intel security issues [06:33]
- Hertzbleed & MMIO stale data both disclosed this week
- Hertzbleed - interesting new crypto side-channel attack demonstrated
against SIKE (Supersingular Isogeny Key Encapsulation - post-quantum key
encapsulation mechanism)
- Turns a frequency side-channel into a timing side-channel such that code which was previously assumed to be constant time can still leak information about the key, allowing it to be recovered by mounting a chosen cipher-text attack from a client, observing the timing response of the server and then inferring the secret key as a result
- Acknowledged by both Intel and AMD but likely all modern processors which employ dynamic voltage and frequency scaling are affected
- Intel have released guidance for how to harden crypto implementations against this attack
- No changes/fixes for this in kernel/microcode/toolchain etc - instead will be up to individual libraries to assess if they may be affected and then refactor accordindly
- MMIO stale-data
- Vulns in memory mapped I/O - generally only applicable to
virtualisation when untrusted guest have access to MMIO
- not transient execution attacks themselves but since these vulns allow stale data to persist, can then be inferred by a TEA (think Spectre etc)
- consists of a series of different issues for various microarchitectural buffers / registers where stale data is left after being copied / moved - then can be sampled via a TEA to infer the value
- different processor models have different microarchitectural buffers so some may or may not be affected
- 3 separate vulns (CVEs) identified based on the microarchitectural buffer affected and the technique used to read from it
- Fixes required in both kernel and intel-microcode packages
- Kernels will have already been released by the time you hear this
- Microcode is currently being released via the -updates pocket of the
archive - will then publish to -security once fully phased to all
users
- Likely early on Monday next week
- Vulns in memory mapped I/O - generally only applicable to
virtualisation when untrusted guest have access to MMIO
- More details in next week’s episode
Get in contact
00:00
-00:00