Sveriges mest populära poddar

Ubuntu Security Podcast

Episode 226

24 min • 19 april 2024

Overview

John and Georgia are at the Linux Security Summit presenting on some long awaited developments in AppArmor and we give you all the details in a sneak peek preview as well as some of the other talks to look out for, plus we cover security updates for NSS, Squid, Apache, libvirt and more and we put out a call for testing of a pending AppArmor security fix too.

This week in Ubuntu Security Updates

86 unique CVEs addressed

[USN-6727-1, USN-6727-2] NSS vulnerabilities + regression (01:02)

  • 3 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10)
  • All various different timing side channels - two were effectively the same since the original fix was incomplete - mishandling of padding in PKCS#1 (RSA) certificate checks - possible to infer the length of the encrypted message and other properties to eventually infer secret key by sending a large number of attacker-chosen ciphertexts, the other when using various NIST curves (elliptic curve cryptography)
  • Original fix caused some issues with loading NSS security modules so published a second update to fix that on focal+jammy

[USN-6728-1, USN-6728-2] Squid vulnerabilities + regression (02:05)

[USN-6729-1] Apache HTTP Server vulnerabilities (03:01)

  • 3 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10)
  • 2 different issues that could result in HTTP request splitting attacks - similar to HTTP request smuggling which is a more specific version of this attack, relies on different parsing/interpretation of HTTP request messages by an intermediate (load balancer/proxy/WAF etc.) to split a single HTTP request into multiple HTTP requests at the backend - allowing to bypass restrictions along the way - usually involves the use of injected CR/LF/TAB/SPC etc in headers
  • Plus memory-based DoS in handling of HTTP/2 - client could just keep sending more headers, buffered by the server so it can generate an informative response, until it exhausts memory
    • limit to just 100 headers before bailing with such an error

[USN-6730-1] Apache Maven Shared Utils vulnerability

  • 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS)

[USN-6731-1] YARD vulnerabilities

[USN-6732-1] WebKitGTK vulnerabilities

[USN-6733-1] GnuTLS vulnerabilities (04:57)

  • 2 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10)
  • Timing side-channel in ECDSA
  • Crash when verifying crafted PEM bundles -> DoS

[USN-6734-1] libvirt vulnerabilities (05:13)

  • 3 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10)
  • off-by-one in handling of udev interface names - unpriv client could then abuse this to send crafted udev data to the libvirt daemon, triggering a crash -> DoS
  • NULL ptr deref in same code - race condition, need to detach a host interface whilst calling into the function
  • Crash in RPC handling - pass a negative length value, would then try and allocate a negative number of array indices - uses underlying g_new0() from glib which expects an unsigned value -> tries to allocate an extremely large amount of memory -> crash

[USN-6735-1] Node.js vulnerabilities

[USN-6736-1] klibc vulnerabilities (06:33)

[USN-6724-2] Linux kernel vulnerabilities

[USN-6725-2] Linux kernel (AWS) vulnerabilities

[USN-6726-2] Linux kernel (IoT) vulnerabilities

[USN-6726-3] Linux kernel (Xilinx ZynqMP) vulnerabilities

Goings on in Ubuntu Security Community

Linux Security Summit NA 2024 (07:22)

Upcoming AppArmor Security update for CVE-2016-1585

Get in contact

Kategorier
Förekommer på
00:00 -00:00