Overview
The Ubuntu Security Podcast is back for 2023! We ease into the year with
coverage of the recently announced launch of Ubuntu Pro as GA, plus we look at
some recent vulns in git, sudo, OpenSSL and more.
This week in Ubuntu Security Updates
212 unique CVEs addressed
[USN-5778-1] X.Org X Server vulnerabilities
- 6 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5779-1] Linux kernel (Azure) vulnerabilities
- 9 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
[USN-5780-1] Linux kernel (OEM) vulnerabilities
- 5 CVEs addressed in Jammy (22.04 LTS)
[USN-5781-1] Emacs vulnerability
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-5782-1] Firefox vulnerabilities
- 7 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5783-1] Linux kernel (OEM) vulnerability
- 1 CVEs addressed in Jammy (22.04 LTS)
[USN-5784-1] usbredir vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5785-1] FreeRADIUS vulnerabilities
- 3 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
[USN-5786-1] GNOME Files vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5787-1] Libksba vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5782-2] Firefox regressions
- 7 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5789-1] Linux kernel (OEM) vulnerabilities
- 10 CVEs addressed in Focal (20.04 LTS)
[USN-5788-1] curl vulnerabilities
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5790-1] Linux kernel vulnerabilities
- 7 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
[USN-5791-1] Linux kernel vulnerabilities
- 10 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5792-1] Linux kernel vulnerabilities
- 13 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
[USN-5793-1] Linux kernel vulnerabilities
- 17 CVEs addressed in Kinetic (22.10)
[USN-5794-1] Linux kernel (AWS) vulnerabilities
- 4 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-5787-2] Libksba vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
[USN-5795-1] Net-SNMP vulnerabilities
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5797-1] WebKitGTK vulnerabilities
- 7 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5792-2] Linux kernel vulnerabilities
- 13 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
[USN-5793-2] Linux kernel (Azure) vulnerabilities
- 17 CVEs addressed in Kinetic (22.10)
[USN-5782-3] Firefox regressions
- 7 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- 1 CVEs addressed in Trusty ESM (14.04 ESM)
[USN-5798-1] .NET 6 vulnerability
- 1 CVEs addressed in Jammy (22.04 LTS), Kinetic (22.10)
[USN-5791-3] Linux kernel (Azure) vulnerabilities
- 10 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5793-3] Linux kernel vulnerabilities
- 17 CVEs addressed in Kinetic (22.10)
[USN-5793-4] Linux kernel (IBM) vulnerabilities
- 17 CVEs addressed in Kinetic (22.10)
[USN-5799-1] Linux kernel (OEM) vulnerability
- 1 CVEs addressed in Jammy (22.04 LTS)
[USN-5800-1] Heimdal vulnerabilities
- 4 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5802-1] Linux kernel vulnerabilities
- 4 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
[USN-5803-1] Linux kernel vulnerabilities
- 4 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5804-1] Linux kernel vulnerabilities
- 4 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5801-1] Vim vulnerabilities
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
[USN-5804-2] Linux kernel vulnerabilities
- 4 CVEs addressed in Bionic (18.04 LTS)
[USN-5805-1] Apache Maven vulnerability
- 1 CVEs addressed in Kinetic (22.10)
[USN-5795-2] Net-SNMP vulnerabilities
- 8 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
[USN-5808-1] Linux kernel (IBM) vulnerabilities
- 4 CVEs addressed in Bionic (18.04 LTS)
- 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
- Integer overflow when parsing really long paths specified in
.gitattributes
- But depends if file is in working tree, index or both since when parsed
normally the parsing is done in chunks which mitigates the vuln
- leads to heap reads/writes -> RCE
- Integer overflow when using a crafted format specifier for git log or git archive
- Not too common to use random format specifiers, but how many people have
wanted a prettier git log output, and copy-pasted something from stack
overflow without understanding it?
- We talk about the provenance and integrity of code for OSS / supply chain
attacks - interesting to think about it from a configuration / data point of
view
- Can ChatGPT be poisoned to spit out dangerous configs?
- 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
- Most interesting was a vuln in sudoedit - ie the command to edit a file with
sudo - launches your specified editor to edit the file
- The editor is specified via various environment variables -
SUDO_EDITOR
,
VISUAL
or EDITOR
- these would normally specify the binary of the editor to
use
- But could also include extra arguments to pass to the editor - such as
additional filenames by separating them with a double hyphen
--
- As such a user could set their
EDITOR=vim -- /etc/shadow
- then when sudoedit
launches the editor for the originally specified file, would also launch it
with this file too
- Allows a user to bypass possible restrictions set via
/etc/sudoers
- ie since
could be configured to only allow a user to edit say the apache config via
sudoedit
[USN-5812-1] urllib3 vulnerability
- 1 CVEs addressed in Focal (20.04 LTS)
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5813-1] Linux kernel vulnerabilities
- 4 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5814-1] Linux kernel vulnerabilities
- 4 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5815-1] Linux kernel (BlueField) vulnerabilities
- 10 CVEs addressed in Focal (20.04 LTS)
[USN-5816-1] Firefox vulnerabilities
- 9 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5817-1] Setuptools vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5819-1] HAProxy vulnerability
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5806-2] Ruby vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5820-1] exuberant-ctags vulnerability
- 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5821-1] wheel vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5822-1] Samba vulnerabilities
- 7 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5823-1] MySQL vulnerabilities
- 20 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5823-2] MySQL vulnerability
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5826-1] Privoxy vulnerabilities
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5827-1] Bind vulnerabilities
- 3 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5828-1] Kerberos vulnerabilities
- 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5829-1] Linux kernel (Raspberry Pi) vulnerabilities
- 4 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- 7 CVEs addressed in Focal (20.04 LTS)
[USN-5830-1] Linux kernel vulnerabilities
- 4 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5831-1] Linux kernel (Azure CVM) vulnerabilities
- 4 CVEs addressed in Jammy (22.04 LTS)
- Affecting Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5832-1] Linux kernel (Raspberry Pi) vulnerabilities
- 4 CVEs addressed in Kinetic (22.10)
[USN-5833-1] python-future vulnerability
- 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5835-1] Cinder vulnerability
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5835-2] OpenStack Glance vulnerability
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5835-3] Nova vulnerability
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5834-1] Apache HTTP Server vulnerabilities
- 2 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-5836-1] Vim vulnerabilities
- 5 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
[USN-4781-2] Slurm vulnerabilities
- 9 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
[USN-5837-1] Django vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5839-1] Apache HTTP Server vulnerabilities
- 3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5838-1] AdvanceCOMP vulnerabilities
- 7 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5837-2] Django vulnerability
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-5839-2] Apache HTTP Server vulnerability
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-5840-1] Long Range ZIP vulnerabilities
- 6 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5841-1] LibTIFF vulnerabilities
- 6 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
[USN-5816-2] Firefox regressions
- 9 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5824-1] Thunderbird vulnerabilities
- 29 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5842-1] EditorConfig Core C vulnerability [05:24]
- 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
- Discovered by Mark Esler and David Fernandez Gonzalez from Ubuntu Security team
- Will be discussed in more detail in an upcoming episode with an interview with
both Mark and David - TL;DR - Mark decided to fuzz some regex handling in
editorconfig-core-c whilst doing a security audit as part of the MIR
process. This uncovered a few crashes which David then looked into an
identified a heap buffer overflow. He then went further and was able to
develop an input that would allow to jump to an arbitrary location, ie. code
execution. So was able to demonstrate a heap buffer overflow that could lead
to code execution from untrusted input data.
- Will have to wait for hopefully next weeks episode to get the real inside
story
[USN-5843-1] tmux vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5810-3] Git vulnerabilities
- 2 CVEs addressed in Xenial ESM (16.04 ESM)
- 8 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
- 2 CVEs addressed in Trusty ESM (14.04 ESM), Bionic (18.04 LTS)
- Most interesting issue was a type confusion in handling of X.509
certificates - when parsing the X.400 address would parse it as a string but
other code would assume this was a simple type. As such, when comparing this
to other values this would not be done correctly. Thus could bypass these
checks, in particular which are used for CRL processing and that could then
lead to the ability to read other memory contents or crash the application.
- So whilst not a heartbleed (since is a lot more complicated and doesn’t allow
the same level of control of the memory which is read and hence is unlikely to
be able to be used to read out private keys etc)
[USN-5846-1] X.Org X Server vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5847-1] Grunt vulnerabilities
- 3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
Goings on in Ubuntu Security Community
Ubuntu Pro GA [09:33]
- https://ubuntu.com/blog/ubuntu-pro-enters-ga
- https://ubuntu.com/pro
- https://www.omgubuntu.co.uk/2023/01/ubuntu-pro-general-availability
- In late January Canonical announced the general availability of Ubuntu Pro
- you may have noticed this in your apt update output, e.g.:
The following security updates require Ubuntu Pro with 'esm-apps' enabled:
python2.7-minimal python2.7 libpython2.7-minimal libpython2.7-stdlib
Learn more about Ubuntu Pro at https://ubuntu.com/pro
- TL;DR - security team is now patching vulnerabilities in packages in the
universe component of the Ubuntu archive
- these patched packages get published under the esm-apps service of Ubuntu Pro
- ESM has evolved from extended to expanded security maintenance
- not only can you get security updates for packages in main once a release
reaches the end of the LTS period, you also get security updates for
packages in universe both during the LTS period and during the 5 year ESM
period too
- Ubuntu Pro gives 10 years of security support for both packages in both main
and universe
- Ubuntu Pro is free for personal use on up to 5 machines (50 if you are an
Ubuntu member)
- for commercial organisations, 30 day free trial
- More details in Ubuntu Pro Beta overview with Lech Sandecki and Eduardo Barretto from Episode 180
Hiring [12:58]
- Multiple possible focus areas:
- Security Maintenance (CVE and vulnerability addressing life cycle)
- Security Technology (AppArmor, Secureboot, and Cryptography)
- Certifications and Compliance (FIPS, CIS, FedRAMP)
Get in contact