Overview
Andrei is back this week with a deep dive into recent research around CVSS
scoring inconsistencies, plus we look at a recent Ubuntu blog post on the
internals of package updates and the repositories, and we cover security updates
in Apache Shiro, GRUB2, CUPS, RedCloth, curl and more.
This week in Ubuntu Security Updates
77 unique CVEs addressed
[USN-6346-1] Linux kernel (Raspberry Pi) vulnerabilities (00:55)
[USN-6347-1] Linux kernel (Azure CVM) vulnerabilities
- 24 CVEs addressed in Focal (20.04 LTS)
- Microsoft Azure CVM cloud systems - 5.15
[USN-6348-1] Linux kernel vulnerabilities
- 11 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- 5.15 Raspi on 22.04 / Intel-IoTG on 20.04
[USN-6349-1] Linux kernel (Azure) vulnerabilities
- 9 CVEs addressed in Focal (20.04 LTS)
- 5.4 Azure
- 8 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- 5.15
- Oracle, AWS, GKE, Raspi, Azure on 22.04
- IBM, Oracle, AWS, GKE, Azure on 20.04
[USN-6340-2] Linux kernel vulnerabilities
- 9 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS)
- 5.4 Xilinx ZyncMP, GKEOP, Raspi on 20.04; Raspi, GCP, Azure on 18.04 (Ubuntu Pro)
[USN-6342-2] Linux kernel (Azure) vulnerabilities
- 6 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM)
- 4.15 Azure on all
[USN-6338-2] Linux kernel vulnerabilities
- 11 CVEs addressed in Jammy (22.04 LTS), Lunar (23.04)
- 6.2
- Starfive, IBM, Oracle, GCP on 23.04
- GCP on 22.04
[USN-6357-1] Linux kernel (IBM) vulnerabilities
- 14 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS)
- 5.4 IBM on 20.04 / 18.04
[USN-6345-1] SoX vulnerability (02:42)
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Lunar (23.04)
- Floating point exception via crafted content -> crash -> DoS
[USN-6352-1] Apache Shiro vulnerabilities (03:03)
- 2 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS)
- Two different authentication bypasses for crafted HTTP requests - not great to
have in a component whose purpose is to to authentication, authorisation,
cryptopraphy and session management
[USN-6353-1] PLIB vulnerability (03:25)
- 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS)
- Portable games library - aims to work across a range of HW and OSes - used by
torcs and flightgear
- Integer overflow -> buffer overflow on crafted TGA file
[USN-6354-1] Python vulnerability (03:54)
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM)
- XML eXternal Entity when parsing XML plist files - fix was to reject entity
declarations in plist files - this is consistent with the behaviour in Apple’s
plutil tool as well
[USN-6355-1] GRUB2 vulnerabilities (04:14)
- 10 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- Various grub vulns - see [USN-4992-1] GRUB 2 vulnerabilities from Episode 121
for the previous lot - these updates were published back in February to the
-updates pocket and have now been synced to -security
- various OOB R/W via crafted images (Daniel Axtens), integer overflow when
parsing crafted IP packets -> buffer overflow, OOB write via crafted HTTP
header, UAF in chainloader and more
[USN-6356-1] OpenDMARC vulnerabilities (05:08)
- 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS)
- Open Source implementation of the DMARC specification
- Possible to inject authentication results via a crafted domain
- 1-byte heap buffer overflow of a NUL-byte - likely just crash -> DoS
[USN-6164-2] c-ares vulnerabilities (05:39)
[USN-6237-3] curl vulnerabilities (05:50)
[USN-6359-1] file vulnerability (06:01)
- 1 CVEs addressed in Jammy (22.04 LTS)
- stack-based buffer over-read -> crash, DoS
[USN-6360-1] FLAC vulnerability (06:18)
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- buffer overflow -> RCE / crash
[USN-6361-1] CUPS vulnerability (06:27)
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Lunar (23.04)
- Default configuration failed to require authentication for the
CUPS-Get-Document
operation - could allow other users to fetch print documents
without authentication
[USN-6362-1] .NET vulnerability (06:46)
- 1 CVEs addressed in Jammy (22.04 LTS), Lunar (23.04)
- DoS in X509 certs handling
[USN-6358-1] RedCloth vulnerability (06:52)
- 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Lunar (23.04)
- ReDoS via crafted HTML payload - upstream maintainer hasn’t responded to the
original report or to the PR with the proposed fix - one of the rare occasions
where we deploy a fix that is not blessed by upstream - also demonstrates
though that we try and maintain the software in Ubuntu even when upstream
stops supporting it (whether officially or not)
[USN-6363-1] curl vulnerability (08:03)
- 1 CVEs addressed in Lunar (23.04)
- Provides an API to access headers from past HTTP responses - so stores headers
in memory, but failed to limit how large this could be - so if a malicious
server provided a response with a very large header then could DoS the
application using libcurl - limited to 300KB total per response - which is
similar to how Chrome behaves
Goings on in Ubuntu Security Community
Part 4 of Andrei’s deep dive into cybersecurity research ()
“Shedding Light on CVSS Scoring Inconsistencies: A User-Centric Study on
Evaluating Widespread Security Vulnerabilities” - to appear in IEEE Symposium on
Security & Privacy (aka S&P) in 2024
Ubuntu updates, releases and repositories explained (22:18)
Get in contact