Sveriges mest populära poddar

Ubuntu Security Podcast

Episode 63

27 min • 20 februari 2020

Overview

Security updates for Firefox, QEMU, Linux kernel, ClamAV and more, plus we discuss our recommended reading list for getting into infosec and farewell long-time member of the Ubuntu Security Team / community Tyler Hicks.

This week in Ubuntu Security Updates

54 unique CVEs addressed

[USN-4278-1] Firefox vulnerabilities [00:55]

  • 4 CVEs addressed in Bionic, Eoan
  • Firefox 73.0
    • Various memory safety issues
    • Possible XSS if a site used a <template> tag within a <select> tag since could allow subsequent JavaScript parsing and execution

[USN-4279-1] PHP vulnerabilities [01:26]

  • 3 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Eoan
  • Buffer overread when converting multibyte characters via mbstring functions and when reading data whilst stripping tags via fgetss() - crash / info disc
  • Fix for a CPU and disk-based DoS when PHP FPM (FastCGI Process Manager) would endlessly restart a child process - busy CPU loop and large error logs -> DoS

[USN-4280-1, USN-4280-2] ClamAV vulnerability [02:27]

  • 1 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Eoan
  • OOB read in Data-Loss-Prevention (DLP) module (scans for CC or social security numbers) - crafted email would cause OOB read -> crash -> DoS

[USN-4281-1] WebKitGTK+ vulnerabilities [03:04]

  • 5 CVEs addressed in Bionic, Eoan
  • Various issues able to be triggered by malicious websites
    • DoS via poor memory handling
    • Wrong secrity origin for particular DOM objects
    • Top-level DOM object incorrectly considered secure
    • Logic issue leading to a universal XSS flaw
    • Poor memory handling leading to RCE

[USN-4282-1] PostgreSQL vulnerability [03:50]

  • 1 CVEs addressed in Bionic, Eoan
  • Missing authorization checks on ALTER … DEPENDS ON EXTENSION sub-commands - could allow unprivileged users to drop any function, procedure, index etc under certain conditions

[USN-4283-1] QEMU vulnerabilities [04:10]

  • 3 CVEs addressed in Xenial, Bionic, Eoan
  • Buffer overflow in libslirp tcp emulation due to misuse of snprintf() return value - assumed snprintf() returns the number of bytes written - BUT returns the number of bytes which would have been written if the dest buffer was big enough - so if buffer is too small then returns a value larger than the buffer - so if that returned size is used later in a memcpy() or similar would overflow the buffer - so instead need to carefully track the return value if it is larger than the dest buffer
  • Separate buffer overflow in libslirp tcp emulation code due to missing size checks
  • Heap buffer OOB write in iSCSI block driver - malicious iSCSI server could trigger this and crash or possibly get code execution on QEMU host

[USN-4284-1] Linux kernel vulnerabilities [05:21]

[USN-4285-1] Linux kernel vulnerabilities [07:58]

[USN-4287-1, USN-4287-2] Linux kernel vulnerabilities [08:46]

[USN-4286-1, USN-4286-2] Linux kernel vulnerabilities [09:44]

Goings on in Ubuntu Security Community

Joe and Alex discuss their recommended reading list for infosec beginners [10:17]

  • Red Team Field Manual | Ben Clark
  • Head First Programming
  • Linux System Administrators Handbook | Nemeth, et al
  • Robert Seacord’s Secure Coding in C/C++
  • CERT Resilience Management Model (CERT-RMM)
  • The Code Book | Simon Singh
  • The Tao of Network Security Monitoring: Beyond Intrusion Detection | Richard Bejtlich
  • The Cuckoos Egg | Cliff Stoll
  • Linux Pro Magazine
  • Black Hat Python | Justin Seitz
  • Hacking: The Art Of Exploitation | Jon Erickson

Farewell and good luck Tyler Hicks (tyhicks) [25:05]

Get in contact

Kategorier
Förekommer på
00:00 -00:00