Overview
Joe is back to discuss a recent breach against Wawa, plus we detail
security updates from the past week including Apache Solr, OpenStack
Keystone, Sudo, Django and more.
This week in Ubuntu Security Updates
23 unique CVEs addressed
[USN-4259-1] Apache Solr vulnerability [00:50]
- 1 CVEs addressed in Xenial
- Enterprise search server based on Lucene with XML/HTTP and JSON APIs
- Was vulnerable to an XML External Entity (XXE) attack - XML can include a
reference to another XML resource which might then be fetched - this
could then be combined with another flaw (use of Config API to obtain
access to the RunExecutableListener class) to allow remote code fetched
from the remote XML
[USN-4261-1] WebKitGTK+ vulnerabilities [01:44]
- 3 CVEs addressed in Bionic, Eoan
- Various memory management issues which could be triggered via a malicious
websites - possible remote code execution as a result
[USN-4262-1] OpenStack Keystone vulnerability [02:13]
- 1 CVEs addressed in Eoan
- Keystone provides identity services (client authentication etc) for
OpenStack
- credentials API allowed any user with a role on a project to list all
credentials when enforce_scope was false - so could view other users
credentials.
- Was introduced in keystone 15 so didn’t affect bionic or older releases -
only eoan
[LSN-0062-1] Linux kernel vulnerability [03:01]
- 7 CVEs addressed in Xenial and Bionic
- Heap and stack buffer overflows in Marvell Wifi drivers, Intel GPU info
leak on context switch, binder IPC heap buffer overflow
[USN-4263-1] Sudo vulnerability [03:50]
- 1 CVEs addressed in Xenial, Bionic, Eoan
- Lots of press around this but most people would not be vulnerable since
need to run in an non-default configuration
- When pwfeedback enabled in /etc/sudoers, stack buffer overflow able to be
triggered in sudo during password authentication
- Not enabled by default in Ubuntu
[USN-4264-1] Django vulnerability [05:00]
- 1 CVEs addressed in Bionic, Eoan
- Possible SQL injection via the PostgreSQL module if was using the
StringAgg instance
- Fixed to sanitize the input before processing it
[USN-4265-1, USN-4265-2] SpamAssassin vulnerabilities [05:29]
- 2 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Eoan
- Episode 59 - possible RCE via crafted CF file - 2 more similar
vulnerabilities fixed - again upstream advise should only use trusted
update channels or 3rd parted .cf files
[USN-4266-1] GraphicsMagick vulnerabilities [06:37]
- 7 CVEs addressed in Xenial
- Episode 55, Episode 57, Episode 59, Episode 60
- NULL ptr dereferences -> crash, DoS
- Large memory allocation -> crash, DoS
- Heap + stack based buffer over-read and over-writes too
Goings on in Ubuntu Security Community
Joe and Alex discuss recent Wawa breach [07:26]
Get in contact