Overview
This week Alex and Joe take an indepth look at the recent Sudo
vulnerability CVE-2019-18634 plus we look at security updates for
OpenSMTPD, systemd, Mesa, Yubico PIV tool and more. We also look at a
recent job opening for a Robotics Security Engineer to join the Ubuntu
Security team.
This week in Ubuntu Security Updates
33 unique CVEs addressed
[USN-4263-2] Sudo vulnerability [00:41]
- 1 CVEs addressed in Precise ESM, Trusty ESM
- See Episode 61 and discussion later in episode
[USN-4268-1] OpenSMTPD vulnerability [01:02]
- 1 CVEs addressed in Bionic, Eoan
- Logic bug caused existing sanity checks on MAIL FROM field to be skipped
under certain scenarios - so by failing to perform this validation, could
allow an attacker to input shell metacharacters to obtain command
execution in smtpd (which runs as root) -> remote root command execution.
- Fixed to always perform sanity checks on MAIL FROM
[USN-4269-1] systemd vulnerabilities [02:06]
- 5 CVEs addressed in Xenial, Bionic, Eoan
- Heap UAF when handing asynchronous policykit queries and dbus messages -
could allow possible root privesc
- Possible sandbox escape through DynamicUser property on services via
setuid binaries to gain new privileges or created setgid binaries
- Also DynamicUser services can create setuid/setgid binaries which could
then be used to escalate privileges after
- Both low priority since not many users of DynamicUser services plus
requires cooperation between the service and a helper so can’t be
directly exploited
- Memory leak in logind when executing udevadm trigger command
- Possible to get systemd to kill the wrong process if can write to it’s
PIDFile since the pid specified here is not validated
[USN-4267-1] ARM mbed TLS vulnerabilities [03:26]
- 5 CVEs addressed in Xenial
- lightweight crypto / TLS library
- integer overflow -> heap overflow -> RCE / DoS
- read buffer overflow in handling of certificate chains -> DOS
- 2 different cache side-channel attacks which could allow a remote
attacker to recover partial plaintext for CBC modes
[USN-4270-1] Exiv2 vulnerability [04:22]
- 1 CVEs addressed in Xenial, Bionic, Eoan
- Infinite loop in JP2 image metadata parser -> CPU DoS
[USN-4271-1] Mesa vulnerability [04:38]
- 1 CVEs addressed in Bionic, Eoan
- Created a shared memory segment with world readable and writable
permissions - so any local user could interfere with or access shared
memory buffers which are often used for back buffers to improve
performance - changed to open as only user readable / writable
[USN-4272-1] Pillow vulnerabilities [05:24]
- 6 CVEs addressed in Trusty ESM, Xenial, Bionic, Eoan
- Python Image Library
- Various errors in handling image formats -> Crash -> DoS, RCE etc
[USN-4273-1] ReportLab vulnerability [05:48]
- 1 CVEs addressed in Xenial, Bionic, Eoan
- Python library used for creating PDFs
- RCE via a crafted XML document - would eval() an argument which comes
from a document and so would execute arbitrary python code from the
document as a result
[USN-4250-2] MariaDB vulnerability [06:21]
- 1 CVEs addressed in Bionic, Eoan
- Episode 60 for MySQL - similar update for MariaDB - unfortunately no
details from upstream
[USN-4275-1] Qt vulnerabilities [06:45]
- 4 CVEs addressed in Xenial, Bionic, Eoan
- 2 possible code execution bugs where Qt would search for plugins and
libraries in incorrect locations, allowing a local attacker to get code
execution
- 2 different buffer overflow vulnerabilities in handling PPM images and in
text files with many unicode directional characters
[USN-4274-1] libxml2 vulnerabilities [07:20]
- 2 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Eoan
- Infinite loop for crafted XML documents -> CPU DoS
- Memory leak
[USN-4276-1] Yubico PIV Tool vulnerabilities [07:41]
- 2 CVEs addressed in Bionic
- Yubico PIV (personal identity verificatiion) smart card driver - can be
used with a Yubikey to do authentication
- 2 different buffer overflows able to be triggered by a malicious USB
device - could lead to possible code execution
[USN-4277-1] libexif vulnerabilities [08:14]
- 3 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Eoan
- Buffer overflow (crash or RCE) and 2 buffer over reads (crash / info
disclosure)
Goings on in Ubuntu Security Community
Alex and Joe discuss the recent sudo vulnerability (CVE-2019-18634) [08:46]
Hiring [22:07]
Robotics Security Engineer
Get in contact