Sveriges mest populära poddar

Ubuntu Security Podcast

Episode 181

15 min • 21 oktober 2022

Overview

It’s the release of Ubuntu 22.10 Kinetic Kudu, and we give you all the details on what’s new and improved, with a particular focus on the security features, plus we cover a high priority vulnerability in libksba as well.

This week in Ubuntu Security Updates

39 unique CVEs addressed

[USN-5672-1] GMP vulnerability

  • 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)

[USN-5673-1] unzip vulnerabilities

[USN-5674-1] XML Security Library vulnerability

[USN-5675-1] Heimdal vulnerabilities

[USN-5677-1] Linux kernel vulnerabilities

[USN-5678-1] Linux kernel vulnerabilities

[USN-5679-1] Linux kernel (HWE) vulnerabilities

[USN-5676-1] PostgreSQL vulnerability

[USN-5680-1] gThumb vulnerabilities

[USN-5682-1] Linux kernel (AWS) vulnerabilities

[USN-5683-1] Linux kernel (IBM) vulnerabilities

[USN-5684-1] Linux kernel (Azure) vulnerabilities

[USN-5570-2] zlib vulnerability

  • 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)

[USN-5685-1] FRR vulnerabilities

[USN-5686-1] Git vulnerabilities

[USN-5687-1] Linux kernel (Azure) vulnerabilities

[USN-5688-1] Libksba vulnerability [01:24]

  • 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
  • libksba library used to parse and build ASN.1 objects contained within S/MIME, X.509 certificates etc
  • ASN.1 supports various encoding formats - BER, DER (basic and distinguised encoding rules respectively)
  • Both use a tag-length-value scheme to encode objects
  • When copying these objects around, would copy both a header as well as the object itself - if an object was really large, the sum of the header size plus the object would overflow - allowing a size check to be bypassed (since when overflowing wraps around to be a small sized integer)
  • Integer overflow leading to a buffer overflow
  • Considered a severe bug by upstream
  • in Ubuntu is used by gpgsm (used to handled SMIME signed data) and dirmngr - responsible for parsing and loading CRLS and verifying certs used by TLS

Goings on in Ubuntu Security Community

Ubuntu 22.10 Kinetic Kudu release [04:02]

  • https://ubuntu.com/blog/canonical-releases-ubuntu-22-10-kinetic-kudu
  • kernel 5.19
    • security wise
    • Faster RNG (entropy extraction switched from SHA1 to BLAKE2)
    • Support for Intel Trust Domain Extensions (TDX)
      • successor to SGX, builds on lessons learned
      • virtualisation based confidential computing environment
        • equivalent to an SGX enclave
        • uses a new processor mode called SEAM
      • allows to deploy legacy applications without having to adapt them a different programming model as was done for SGX
  • AppArmor support for posix-mq and unprivileged user namespace mediation
    • idea is that only applications which are running under an AppArmor profile with permission to user userns will be able to - unconfined will not - this kernel configuration is disabled by default but can be enabled via a sysctl:
    • then unconfined applications will not be able to use them
    • helps limit an attack surface for exploits - 4 out of 5 pwn2own exploits against Ubuntu this year used unprivileged userns as part of their attack chain
sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=1
  • Desktop
    • pipewire is now default instead of pulseaudio - improved bluetooth handling
    • GNOME 43 - gedit replaced by gnome-text-editor, gnome-terminal still there but likely will be new gnome-console in 23.04
    • LibreOffice 7.4
    • FF 106/ TB 102
    • Updated bluez, CUPS, network-manager, Mesa 22 etc
  • Server
    • socket-activated SSH daemon to reduce memory footprint inside containers etc
    • improved support for integration with Windows Server w/ LDAP channel binding and LDAP signing in cyrus-sasl2
    • bind9 support for remote TLS verification in both named and dig to allow to implement strict and mutual TLS authentication
    • updated containerd, runc, docker.io
    • updated qemu - improved emulation of RISC-V, s390x
    • updated libvirt - ppc64 Power10 processor support
  • For developers:
    • debuginfod
    • updated gcc, Go, Ruby and Rust toolchains

Canonical Product Roadmap + Engineering Sprints + Ubuntu Summit [12:32]

  • No podcast for the next 3 weeks

Thanks and farewell to Shaun Murphy [13:45]

Get in contact

Kategorier
Förekommer på
00:00 -00:00