Overview
In the final episode of 2019, we look at security updates for RabbitMQ,
GraphicsMagick, OpenJDK and more, plus Joe and Alex discuss a typical
day-in-the-life of a Ubuntu Security Team member.
This week in Ubuntu Security Updates
34 unique CVEs addressed
[USN-4217-2] Samba vulnerabilities [01:00]
[USN-4214-2] RabbitMQ vulnerability [01:23]
- 1 CVEs addressed in Xenial, Bionic
- AMQP implementation
- Possible integer overflow when handling the CONNECTION_STATE_HEADER
frame - rogue server could return a malicious frame header which is then
processed by the client and leads to a smaller target_size value due to
integer overflow - then when the frame data is copied in via memcpy()
this would overwrite past the bounds of the heap allocation, and with
attacker controlled data
- Not an issue if connecting to trusted servers
[USN-4222-1] GraphicsMagick vulnerabilities [02:28]
- 15 CVEs addressed in Xenial
- Episode 55 covered previous update for GraphicsMagick - more of the same
here
[USN-4223-1] OpenJDK vulnerabilities [03:00]
- 16 CVEs addressed in Xenial, Bionic, Disco, Eoan
- Latest upstream micro-release for openjdk 8 and openjdk 11
- Various mix of issues (buffer overflows, NULL pointer dereferences and
various denial of service issues on application crashes in different
scenarios) - see the full USN for details
Goings on in Ubuntu Security Community
Joe and Alex discuss a day-in-the-life of a Ubuntu Security Team member [03:50]
Get in contact