Overview
This week we look at security updates for the Linux kernel, SDL 2, ClamAV
and more, plus Alex and Joe talk security and performance trade-offs, snaps
and OWASP Top 10 Cloud Security recommendations, and finally Alex covers
some recent concerns about the security of the Snap Store.
This week in Ubuntu Security Updates
31 unique CVEs addressed
- 1 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Disco
- Cisco TALOS - possible code execution via OOB write to the heap for code
which handles quota support in ext4 - so possible to trigger via a
specially crafted ext4 partition - could be triggered during an fsck on
the partition etc.
[USN-4143-1] SDL 2.0 vulnerabilities [01:37]
- 5 CVEs addressed in Xenial, Bionic, Disco
- 3 different heap based buffer over-reads -> crash, DoS
- Heap based buffer over-write -> possible code execution or at least crash -> DoS
- Integer overflow -> small alloc -> heap based buffer overflow -> possible
code execution
[USN-4147-1] Linux kernel vulnerabilities [02:23]
- 18 CVEs addressed in Bionic (HWE), Disco
- OOB read in ath6kl driver - possible to trigger remotely from the network - crash, DoS
- Bluetooth KNOB attack
- Crashes from malicious USB audio devices:
- Infinite recursion when parsing device descriptors (if
had multiple identical device descriptors could be triggered)
- OOB read if specified an invalid input pin
- OOB read in QLogic QEDI iSCSI driver
- 2 covered in Episode 46
- Possible code execution via a NULL pointer dereference in bluetooth UART
driver - so if an attacker can map executable code at address zero can
achieve code execution - in Ubuntu we have mmap_min_addr set to a
non-zero value so this is mitigated by default
- DoS in Intel wifi driver - allows a malicious client to knock a peer of
the network
[USN-4144-1] Linux kernel vulnerabilities [05:02]
- 2 CVEs addressed in Xenial (HWE), Bionic
- 2 different XFS issues
- UAF triggered from a malicious XFS image -> code exection? -> crash, DoS
- CPU based DoS if can trigger a chgrp() error due to out-of-quota
[USN-4145-1] Linux kernel vulnerabilities [05:46]
- 11 CVEs addressed in Xenial
- Most covered above
- 2 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Disco
- Update to latest upstream version (0.101.4)
- OOB read when handling crafted BZIP2 and ZIP files - was covered for
bzip2 itself in Ubuntu in Episode 38 - vendored in clamav
Goings on in Ubuntu Security Community
Alex and Joe talk security and performance trade-offs, snaps and OWASP Top 10 Cloud Security recommendations [07:01]
Alex addresses some concerns with the perceived security of the Snap Store [20:44]
Get in contact