Sveriges mest populära poddar

Ubuntu Security Podcast

Episode 49

23 min • 18 oktober 2019

Overview

This week we look at updates for Sudo, Python, OpenStack Octavia and more, plus we discuss a recent CVE for Python which resulted in erroneous scientific research results, and we go over some of your feedback from Episode 48.

This week in Ubuntu Security Updates

27 unique CVEs addressed

[USN-4148-1] OpenEXR vulnerabilities [00:45]

[USN-4149-1] Unbound vulnerability [02:06]

  • 1 CVEs addressed in Disco
  • Validating, recursive DNS resolver
  • OOB read due to a remotely crafted NOTIFY query (source IP needs to match an ACL) -> crash

[USN-4151-1, USN-4151-2] Python vulnerabilities [02:40]

  • 2 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Disco
  • XML-RPC server module could end up serving arbitrary JS if set via the set_server_title() method as did not escape content
  • Python email module tries to parse email address into sender + domain - if domain contains multiple @ chars could get confused and return wrong output - so applications which rely on this for validating email addresses could accept an email address which is actually invalid

[USN-4152-1] libsoup vulnerability [03:53]

  • 1 CVEs addressed in Bionic, Disco
  • Heap buffer OOB read - fails to check the specified length of message against the actual received message - could then memcpy past the end of the input message -> crash

[USN-4153-1] Octavia vulnerability [04:33]

  • 1 CVEs addressed in Disco
  • Amphora Images in OpenStack Octavia - fails to properly validate client certificates for management network clients -> could allow anyone with management network access to retrieve information / issue config commands

[USN-4154-1] Sudo vulnerability [05:06]

  • 1 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Disco
  • Lots of press around a seemingly high priority privilege escalation vulnerability - BUT requires an admin to have configured sudo with a particular configuration (ie specifying a user can run a command as any other user via the ALL keyword in a Runas rule). In this case if the rule had also been configured to explicitly deny running the command as root, this could be bypassed by the user specifying a UID of -1. So would only affect a very small number of installations.

[USN-4155-1] Aspell vulnerability [07:26]

  • 1 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Disco
  • Stack buffer over-read - found by Google’s oss-fuzz

[USN-4156-1] SDL vulnerabilities [08:03]

Goings on in Ubuntu Security Community

Alex and Joe talk CVEs for bad documentation and resulting scientific research? [09:20]

Feedback on desired features for 20.04 [18:53]

Get in contact

Kategorier
Förekommer på
00:00 -00:00