Overview
Security updates for DPDK, Linux kernel, QEMU, ImageMagick, Ghostscript and
more, plus Joe and Alex talk about how to get into information security.
This week in Ubuntu Security Updates
89 unique CVEs addressed
[USN-4189-1] DPDK vulnerability [01:00]
- 1 CVEs addressed in Bionic, Disco, Eoan
- Data Plane Development Kit - Memory and file-descriptor leak, able to be
triggered by a malicious master or a container with access to the
vhost_user socket
[USN-4190-1] libjpeg-turbo vulnerabilities [01:41]
- 4 CVEs addressed in Xenial, Bionic, Disco
- 2 x heap-buffer overflow - crash or possible RCE
- 2 x heap-buffer overread - crash
[USN-4183-2] Linux kernel vulnerability [02:48]
- 9 CVEs addressed in Eoan
- Episode 53 - Extra update for CVE-2019-0155 (i915 blitter command streamer) - previous
one was based on an in-flight patch that got changed at the last minute
before the CRD - part of this fix is to whitelist certain commands to the
command-streamer, and this is done via a bitmask - this used a memset()
to zero it out but assumed the size of the underlying data was 32-bit -
so on 64-bit platforms this becomes a 64-bit size and so half the bitmask
is not zeroed out - meaning the whitelist may be able to be bypassed -
this fix includes the final upstream fix
[USN-4184-2] Linux kernel vulnerability and regression [04:37]
- 14 CVEs addressed in Bionic (HWE), Disco
- See above (i915 vuln) - but also includes a fix for a regression that was
introduced in last week’s kernel - KVM guests would fail to launch if
extended page tables were disabled or not supported.
[USN-4185-3] Linux kernel vulnerability and regression [05:05]
- 11 CVEs addressed in Xenial (HWE), Bionic
- See above (both i915 vuln and KVM regression)
[USN-4186-3] Linux kernel vulnerability [05:22]
- 13 CVEs addressed in Xenial
- i915 vuln
[USN-4191-1, USN-4191-2] QEMU vulnerabilities [05:32]
- 5 CVEs addressed in Trusty ESM, Xenial, Bionic, Disco, Eoan
- Heap buffer overflow and UAF in SLiRP networking implementation - DoS +
possible code exec
- Bridge helper didn’t validate interface names to be within IFNAMSIZ -
could be used to bypass ACL restrictions
- NULL pointer dereference in qxl paravirtual graphics driver - DoS
- Possible CPU based DoS via an infinite loop able to be triggered in the
LSI SCSI adaptor emulator
[USN-4192-1] ImageMagick vulnerabilities [06:48]
- 30 CVEs addressed in Xenial, Bionic, Disco, Eoan
- Usual raft of issues - DoS, RCE etc - in various image decoders etc - so
just need to display or process a malicious image via ImageMagick to
trigger - interestingly, seems to be noticed - some applications (Emacs)
chose not to automatically link against and use ImageMagick now as a
result of all the various vulnerablilties which keep being found in it…
[USN-4193-1] Ghostscript vulnerability [08:13]
- 1 CVEs addressed in Xenial, Bionic, Disco, Eoan
- Another -dSAFER bypass - newest Ghostscript is not affected since it
rewrote the SAFER sandbox - but older versions are - allows a malicious
postscript file to bypass the sandbox and access files or execute
commands etc.
[USN-4194-1] postgresql-common vulnerability [09:17]
- 1 CVEs addressed in Xenial, Bionic, Disco, Eoan
- Privesc via arbitrary directory creation through the pg_ctlcluster
command - allows to create a dir as postgres user - say
/usr/lib/sudo/haswell - then dump a shared lib there which will be loaded
by sudo to gain a root shell - by specifying this as the
stats_temp_directory in the config
- Interesting but requires ability to configure and run as postgres
[USN-4195-1] MySQL vulnerabilities [11:07]
- 29 CVEs addressed in Xenial, Bionic, Disco, Eoan
- Multiple issues fixed in MySQL - updated to 8.0.18 in eoan, whilst in
xenial, bionic and disco - 5.7.28 - for more details see upstream notices
[USN-4196-1] python-ecdsa vulnerabilities [11:42]
- 2 CVEs addressed in Xenial, Bionic, Disco, Eoan
- Issues in handling DER encoding of signatures - failed to verify proper
DER encoding but also might raise exceptions unexpectedly on valid input
so would cause a DoS
Goings on in Ubuntu Security Community
Joe and Alex discuss how to get into infosec [12:18]
Get in contact