Sveriges mest populära poddar

Ubuntu Security Podcast

Episode 215

31 min • 8 december 2023

Overview

Mark Esler is our special guest on the podcast this week to discuss the OpenSSF’s Compiler Options Hardening Guide for C/C++ plus we cover vulnerabilities and updates for GIMP, FreeRDP, GStreamer, HAProxy and more.

This week in Ubuntu Security Updates

65 unique CVEs addressed

[USN-6521-1] GIMP vulnerabilities (00:50)

  • 6 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Lunar (23.04), Mantic (23.10)
  • Includes 4 recent issues disclosed via Trend’s ZDI - all found by the same researcher - 2 heap buffer overflows in DDS and PSD parsers, ab integer overflow and a separate off-by-one error in the PSP parser which could apparently lead to remote code execution plus a couple DoS related issues (unhandled exception and an excessive memory allocation) - both leading to a crash

[USN-6522-1] FreeRDP vulnerabilities (01:39)

  • 3 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Lunar (23.04), Mantic (23.10)
  • Windows RDP client
  • Malicious server could send a crafted drive redirect to the client - triggering an OOB read, causing the client to disclose memory contents and therefore possibly sensitive info to the server
  • Plus an OOB write and an OOB read on crafted image data - both also likely leading to a crash

[USN-6523-1] u-boot-nezha vulnerability (02:19)

  • 3 CVEs addressed in Jammy (22.04 LTS), Lunar (23.04)
  • u-boot for the Allwinner Nezha RISC-V board
  • Missing length checks in DFU parser -> heap buffer overflow
  • 2 other buffer overflows when handling fragmented IP packets

[USN-6524-1] PyPy vulnerability (03:06)

  • 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
  • Integer overflow leading to a buffer overflow in SHA3 - comes from the original reference implementation of SHA3
  • Has affected a range of packages in Ubuntu
    • PHP, Python itself and now PyPy

[USN-6525-1] pysha3 vulnerability (03:06)

  • 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
  • Same as above

[USN-6519-2] EC2 hibagent update

  • Affecting Xenial ESM (16.04 ESM)

[USN-6526-1] GStreamer Bad Plugins vulnerabilities (03:16)

  • 6 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Lunar (23.04), Mantic (23.10)
  • Heap overflow in PGS subtitle overlay decoder
  • Various integer overflows -> heap buffer overflows in MXF container handler (Material Exchange Format) - apparently used for delivering advertisements to TV stations and for movies in commercial theatres - specifically in handling of files using AES3 audio
  • MXF demuxer UAF
  • AV1 buffer overflow
  • Integer overflow -> stack overflow in H.256 parser

[USN-6527-1] OpenJDK vulnerabilities (04:09)

  • 2 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Lunar (23.04), Mantic (23.10)
  • 11.0.21 + 17.0.9

[USN-6528-1] OpenJDK 8 vulnerabilities (04:25)

[USN-6509-2] Firefox regressions (04:34)

[USN-6529-1] Request Tracker vulnerabilities (05:25)

  • 4 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Lunar (23.04), Mantic (23.10)
  • Possible timing attack in the authentication module - could allow to enumerate user accounts
  • XSS plus some info leaks as well

[USN-6530-1] HAProxy vulnerability (06:12)

  • 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Lunar (23.04)
  • Mishandling of # character in URIs could allow unexpected routing of a URI containing say index.html#.png to a static server (since usually is configured to route .png to a static server, but in this case the request is really for index.html)

[USN-6531-1] Redis vulnerabilities (07:06)

  • 6 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS)
  • Heap overflow in cjson library able to be triggered by a Lua script -> RCE
  • Race condition on setting permissions on the local unix socket - if using a less restrictive umask could allow a local attacker to race redis on startup
  • Also various integer overflows and other issues fixed too

[USN-6494-2] Linux kernel vulnerabilities (08:08)

[USN-6495-2] Linux kernel vulnerabilities

[USN-6496-2] Linux kernel vulnerabilities

[USN-6502-4] Linux kernel vulnerabilities

[USN-6532-1] Linux kernel vulnerabilities

[USN-6533-1] Linux kernel (OEM) vulnerabilities

[USN-6534-1] Linux kernel vulnerabilities

Goings on in Ubuntu Security Community

Alex discusses the OpenSSF’s Compiler Options Hardening Guide for C/C++ with Mark Esler (08:38)

Get in contact

Kategorier
Förekommer på
00:00 -00:00