Sveriges mest populära poddar

Ubuntu Security Podcast

Episode 62

24 min • 13 februari 2020

Overview

This week Alex and Joe take an indepth look at the recent Sudo vulnerability CVE-2019-18634 plus we look at security updates for OpenSMTPD, systemd, Mesa, Yubico PIV tool and more. We also look at a recent job opening for a Robotics Security Engineer to join the Ubuntu Security team.

This week in Ubuntu Security Updates

33 unique CVEs addressed

[USN-4263-2] Sudo vulnerability [00:41]

[USN-4268-1] OpenSMTPD vulnerability [01:02]

  • 1 CVEs addressed in Bionic, Eoan
  • Logic bug caused existing sanity checks on MAIL FROM field to be skipped under certain scenarios - so by failing to perform this validation, could allow an attacker to input shell metacharacters to obtain command execution in smtpd (which runs as root) -> remote root command execution.
  • Fixed to always perform sanity checks on MAIL FROM

[USN-4269-1] systemd vulnerabilities [02:06]

  • 5 CVEs addressed in Xenial, Bionic, Eoan
  • Heap UAF when handing asynchronous policykit queries and dbus messages - could allow possible root privesc
  • Possible sandbox escape through DynamicUser property on services via setuid binaries to gain new privileges or created setgid binaries
  • Also DynamicUser services can create setuid/setgid binaries which could then be used to escalate privileges after
    • Both low priority since not many users of DynamicUser services plus requires cooperation between the service and a helper so can’t be directly exploited
  • Memory leak in logind when executing udevadm trigger command
  • Possible to get systemd to kill the wrong process if can write to it’s PIDFile since the pid specified here is not validated

[USN-4267-1] ARM mbed TLS vulnerabilities [03:26]

  • 5 CVEs addressed in Xenial
  • lightweight crypto / TLS library
  • integer overflow -> heap overflow -> RCE / DoS
  • read buffer overflow in handling of certificate chains -> DOS
  • 2 different cache side-channel attacks which could allow a remote attacker to recover partial plaintext for CBC modes

[USN-4270-1] Exiv2 vulnerability [04:22]

  • 1 CVEs addressed in Xenial, Bionic, Eoan
  • Infinite loop in JP2 image metadata parser -> CPU DoS

[USN-4271-1] Mesa vulnerability [04:38]

  • 1 CVEs addressed in Bionic, Eoan
  • Created a shared memory segment with world readable and writable permissions - so any local user could interfere with or access shared memory buffers which are often used for back buffers to improve performance - changed to open as only user readable / writable

[USN-4272-1] Pillow vulnerabilities [05:24]

[USN-4273-1] ReportLab vulnerability [05:48]

  • 1 CVEs addressed in Xenial, Bionic, Eoan
  • Python library used for creating PDFs
  • RCE via a crafted XML document - would eval() an argument which comes from a document and so would execute arbitrary python code from the document as a result

[USN-4250-2] MariaDB vulnerability [06:21]

  • 1 CVEs addressed in Bionic, Eoan
  • Episode 60 for MySQL - similar update for MariaDB - unfortunately no details from upstream

[USN-4275-1] Qt vulnerabilities [06:45]

  • 4 CVEs addressed in Xenial, Bionic, Eoan
  • 2 possible code execution bugs where Qt would search for plugins and libraries in incorrect locations, allowing a local attacker to get code execution
  • 2 different buffer overflow vulnerabilities in handling PPM images and in text files with many unicode directional characters

[USN-4274-1] libxml2 vulnerabilities [07:20]

  • 2 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Eoan
  • Infinite loop for crafted XML documents -> CPU DoS
  • Memory leak

[USN-4276-1] Yubico PIV Tool vulnerabilities [07:41]

  • 2 CVEs addressed in Bionic
  • Yubico PIV (personal identity verificatiion) smart card driver - can be used with a Yubikey to do authentication
  • 2 different buffer overflows able to be triggered by a malicious USB device - could lead to possible code execution

[USN-4277-1] libexif vulnerabilities [08:14]

Goings on in Ubuntu Security Community

Alex and Joe discuss the recent sudo vulnerability (CVE-2019-18634) [08:46]

Hiring [22:07]

Robotics Security Engineer

Get in contact

Kategorier
Förekommer på
00:00 -00:00