Sveriges mest populära poddar

Ubuntu Security Podcast

Episode 209

25 min • 15 september 2023

Overview

Andrei is back this week with a deep dive into recent research around CVSS scoring inconsistencies, plus we look at a recent Ubuntu blog post on the internals of package updates and the repositories, and we cover security updates in Apache Shiro, GRUB2, CUPS, RedCloth, curl and more.

This week in Ubuntu Security Updates

77 unique CVEs addressed

[USN-6346-1] Linux kernel (Raspberry Pi) vulnerabilities (00:55)

[USN-6347-1] Linux kernel (Azure CVM) vulnerabilities

[USN-6348-1] Linux kernel vulnerabilities

[USN-6349-1] Linux kernel (Azure) vulnerabilities

[USN-6350-1, USN-6351-1, USN-6339-2, USN-6339-3] Linux kernel vulnerabilities

[USN-6340-2] Linux kernel vulnerabilities

[USN-6342-2] Linux kernel (Azure) vulnerabilities

[USN-6338-2] Linux kernel vulnerabilities

[USN-6357-1] Linux kernel (IBM) vulnerabilities

[USN-6345-1] SoX vulnerability (02:42)

  • 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Lunar (23.04)
  • Floating point exception via crafted content -> crash -> DoS

[USN-6352-1] Apache Shiro vulnerabilities (03:03)

  • 2 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS)
  • Two different authentication bypasses for crafted HTTP requests - not great to have in a component whose purpose is to to authentication, authorisation, cryptopraphy and session management

[USN-6353-1] PLIB vulnerability (03:25)

  • 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS)
  • Portable games library - aims to work across a range of HW and OSes - used by torcs and flightgear
  • Integer overflow -> buffer overflow on crafted TGA file

[USN-6354-1] Python vulnerability (03:54)

  • 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM)
  • XML eXternal Entity when parsing XML plist files - fix was to reject entity declarations in plist files - this is consistent with the behaviour in Apple’s plutil tool as well

[USN-6355-1] GRUB2 vulnerabilities (04:14)

[USN-6356-1] OpenDMARC vulnerabilities (05:08)

  • 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS)
  • Open Source implementation of the DMARC specification
  • Possible to inject authentication results via a crafted domain
  • 1-byte heap buffer overflow of a NUL-byte - likely just crash -> DoS

[USN-6164-2] c-ares vulnerabilities (05:39)

[USN-6237-3] curl vulnerabilities (05:50)

[USN-6359-1] file vulnerability (06:01)

  • 1 CVEs addressed in Jammy (22.04 LTS)
  • stack-based buffer over-read -> crash, DoS

[USN-6360-1] FLAC vulnerability (06:18)

  • 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
  • buffer overflow -> RCE / crash

[USN-6361-1] CUPS vulnerability (06:27)

  • 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Lunar (23.04)
  • Default configuration failed to require authentication for the CUPS-Get-Document operation - could allow other users to fetch print documents without authentication

[USN-6362-1] .NET vulnerability (06:46)

  • 1 CVEs addressed in Jammy (22.04 LTS), Lunar (23.04)
  • DoS in X509 certs handling

[USN-6358-1] RedCloth vulnerability (06:52)

  • 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Lunar (23.04)
  • ReDoS via crafted HTML payload - upstream maintainer hasn’t responded to the original report or to the PR with the proposed fix - one of the rare occasions where we deploy a fix that is not blessed by upstream - also demonstrates though that we try and maintain the software in Ubuntu even when upstream stops supporting it (whether officially or not)

[USN-6363-1] curl vulnerability (08:03)

  • 1 CVEs addressed in Lunar (23.04)
  • Provides an API to access headers from past HTTP responses - so stores headers in memory, but failed to limit how large this could be - so if a malicious server provided a response with a very large header then could DoS the application using libcurl - limited to 300KB total per response - which is similar to how Chrome behaves

Goings on in Ubuntu Security Community

Part 4 of Andrei’s deep dive into cybersecurity research ()

“Shedding Light on CVSS Scoring Inconsistencies: A User-Centric Study on Evaluating Widespread Security Vulnerabilities” - to appear in IEEE Symposium on Security & Privacy (aka S&P) in 2024

Ubuntu updates, releases and repositories explained (22:18)

Get in contact

Kategorier
Förekommer på
00:00 -00:00