Start / Ubuntu Security Podcast / Episode 53

Episode 53

17 min • 15 november 2019

Overview

This week we look at the details of the latest Intel hardware vulnerabilities, including security updates for the Linux kernel and Intel microcode, plus Bash, cpio, FriBidi and more.

This week in Ubuntu Security Updates

26 unique CVEs addressed

[USN-4176-1] GNU cpio vulnerability [01:00]

1 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Disco, Eoan
- CVE-2019-14866
cpio wouldn’t validate values written to headers of TAR archives - could use cpio to create a TAR containing another TAR with a big size and will use wrong context values (ie uses inner TAR values in header) - this could allow a TAR to be created which has files with permissions not owned by the original user - when extracted by cpio will overwrite target files - whereas if using tar to extract will avoid this - fixed to check and handle header values correctly

[USN-4177-1] Rygel vulnerability [02:18]

Affecting Eoan
Added Rygel in Eoan which is off by default but needed GNOME to handle that - it would disable it dynamically - so if not running GNOME, rygel would be running and sharing your stuff on the local network - fixed to disable automatically on upgrade - and then can use the GNOME settings front-end etc to re-enable if desired

[USN-4178-1] WebKitGTK+ vulnerabilities [03:34]

4 CVEs addressed in Bionic, Disco

[USN-4181-1] WebKitGTK+ vulnerabilities [03:34]

2 CVEs addressed in Bionic, Disco, Eoan
- CVE-2019-8814
- CVE-2019-8812

[USN-4179-1] FriBidi vulnerability [04:00]

1 CVEs addressed in Disco, Eoan
- CVE-2019-18397
Issue reported about unicode isolated handling in Qt - turns out affected GTK applications as well - entirely different code with very similar flaw - stack buffer overflow since didn’t check bounds of a fixed array used to store details on nested unicode isolate sections - simple fix to just check bounds before trying to store next element

[USN-4180-1] Bash vulnerability [05:38]

1 CVEs addressed in Precise ESM
- CVE-2012-6711
Recently announced vuln (heap-based buffer overflow) in bash affecting old versions - so most releases unaffected except Precise - can trigger by printing wide characters via echo -e

[USN-4182-1, USN-4182-2] Intel Microcode update [06:12]

2 CVEs addressed in Trusty ESM, Xenial, Bionic, Disco, Eoan
- CVE-2019-11139
- CVE-2019-11135
Voltage modulation able to be performed by a local privileged user - disabled via microcode
TSX Asynchronous Abort (TAA) - https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915
- Another variant of MDS but only affects processsors with Transational Synchronization Extensions (TSX)
- MDS mitigations also can mitigate this - but needs microcode update - associated kernel update too

[USN-4183-1] Linux kernel vulnerabilities [07:58]

9 CVEs addressed in Eoan
MCEPSC - https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915
- trigger a MCE from a guest by changing page size in a particular way within the guest -> MCE on host kernel -> DoS
i915 graphics - userspace can modify PTE via writes to MMIO from blitter command streamer or expose kernel memory - privesc
TAA
Various other issues:
- Realtek wifi driver buffer overflow - able to be triggered OTA - crash / RCE
- Buffer overflow in nl80211 config interface (local user) - crash / code exec
- Jann Horn - shiftfs issues
  - UID/GID confusion when namespace of lower file-system is not init_user_ns - DAC bypass
  - type confusion -> buffer overflow
  - reference count underflow -> UAF
    - local user crash / code exec
- i915 graphics - userspace read on GT MMIO -> hang -> DoS (low power state)

[USN-4184-1] Linux kernel vulnerabilities [11:09]

14 CVEs addressed in Bionic (HWE), Disco
See above plus
- Various network based subsystems failed to enforce CAP_NET_RAW for raw socket creation
  - AF_NFC, AF_ISDN, AF_APPLETALK, AF_IEEE802154 (low-rate wireless network), AF_AX25

[USN-4185-1, USN-4185-2] Linux kernel vulnerabilities [12:06]

11 CVEs addressed in Trusty ESM (Azure), Xenial (HWE), Bionic
realtek wifi buffer overflow, AF_XXX CAP_NET_RAW, NULL pointer dereference in Atheros USB Wifi Driver, Intel hardware issues (2xi915 + TAA + MCEPSC)

[USN-4186-1, USN-4186-2] Linux kernel vulnerabilities [12:47]

13 CVEs addressed in Trusty ESM (HWE), Xenial
Binder UAF -> crash, DoS -> code exec (CONFIG_DEBUG_LIST mitigates this - looking to add this in future kernels like 20.04)
realtek wifi, CAP_NET_RAW, nl80211 config buffer overflow, Intel hardware issues

[USN-4187-1] Linux kernel vulnerability [13:48]

1 CVEs addressed in Trusty ESM
- CVE-2019-11135
TAA

[USN-4188-1] Linux kernel vulnerability [13:48]

1 CVEs addressed in Precise ESM
- CVE-2019-11135
TAA

[LSN-0059-1] Linux kernel vulnerability [14:05]

4 CVEs addressed in Xenial and Bionic
Intel hardware issues - CAN’T BE LIVEPATCHED - need to update kernel and reboot

Goings on in Ubuntu Security Community

20.04 Roadmap Sprint [14:55]

Get in contact

Kategorier

Poddar Teknologi

Förekommer på

Teknik

00:00 -00:00