Overview
This week we look at some details of the 17 unique CVEs addressed across the supported Ubuntu releases and more.
This week in Ubuntu Security Updates
17 unique CVEs addressed
[USN-3771-1] strongSwan vulnerabilities
- 4 CVEs addressed in Trusty, Xenial, Bionic
- 2 CVEs: flaws in RSA implementation allow Bleichenbacher-style attacks in parsing of the ASN.1 encoded digestInfo
- strongSwan implementation was too lenient and would allow arbitrary random data to be contained following various elements in the ASN.1
- Also would not check the correct amount of padding had been used
- Allows attackers to potentially forge low-exponent signature forgery and hence authentication during IKE authentication
- 2 CVEs for DoS due to missing length check and missing variable initialization
[USN-3772-1] UDisks vulnerability
- 1 CVEs addressed in Bionic
- Format string vulnerability which could be exploited via specially crafted disk label
- udisks prints volume label via printf() passing the label as part of the format string
- Simple fix to replace the label with a %s directive and then pass the label to that
- ie. don’t interpret label as printf() directives directly
[USN-3719-3] Mutt vulnerabilities
- 12 CVEs addressed in Xenial
Goings on in Ubuntu Security Community
LSM Stacking upstreaming
- Casey Schaufler (Intel, SMACK maintainer) primary developer along with John Johansen and Kees Cook (Google) to upstream support for LSM stacking
- Currently upstream allows use of one ‘major’ module (SELinux / AppArmor / Tomoyo) with a minor module (Yama etc)
- Goal of stacking is to allow multiple major modules to be used in conjunction (AppArmor with SELinux)
- Primary use-case is containers
- Current stacking patches allow to stack Tomoyo with either SELinux / AppArmor
- Eventually should be able to stack SELinux with AppArmor but still WIP
- Ubuntu already carries these patches in Bionic etc
- Likely to be merged in the near future
Evince AppArmor hardening LP #1788929
- Jann Horn (GPZ) reported gaps in evince AppArmor profile
- Clever use of GNOME thumbnailer infrastructure to specify a new ’evil’ thumbnailer and the use of systemd via DBus to escape AppArmor confinement
- Policy fixed in Cosmic, in process of updating for Bionic etc
New Ubuntu Security Manager
Hiring
Ubuntu Security Engineer
Get in contact