Overview
Whilst avoiding Coronavirus, this week we look at updates for libarchive,
OpenSMTPD, rake and more, plus Joe and Alex discuss ROS, the Robot
Operating System and how the Ubuntu Security Team is involved in the
ongoing development of secure foundations for robotics.
This week in Ubuntu Security Updates
7 unique CVEs addressed
[USN-4293-1] libarchive vulnerabilities [00:18]
- 2 CVEs addressed in Xenial, Bionic, Eoan
- OSS-Fuzz: RAR unpacker would try and unpack a file with a corrupted /
malformed header (ie. zero length etc) - OOB read - crash/DoS
- OOB read due to use of wrong length parameter to mbtowc()
[USN-4294-1] OpenSMTPD vulnerabilities [02:00]
- 2 CVEs addressed in Bionic, Eoan
- Remote code exec on both clients and server (as server reuses client-side code for debouncing)
- Possible arbitrary file read due to race-condition in offline
functionality - a user could create a hardlink to a root-owned file which
opensmtpd would then read - mitigated on Ubuntu since we enable
protected_hardlinks sysctl which stops regular users creating hardlinks
to root-owned files
[USN-4288-2] ppp vulnerability [03:12]
- 1 CVEs addressed in Precise ESM, Trusty ESM
- Episode 64 (possible buffer overflow)
[USN-4290-2] libpam-radius-auth vulnerability [03:23]
- 1 CVEs addressed in Precise ESM, Trusty ESM
- Episode 64 (stack overflow in password field handling)
[USN-4295-1] Rake vulnerability [03:31]
- 1 CVEs addressed in Xenial, Bionic, Eoan
- Command injection vulnerability via Rake::FileList - used the Kernel
open() method rather than File.open() - this supports launching a process
if the file-name starts with a pipe `|` - so instead just use File.open()
Goings on in Ubuntu Security Community
Joe and Alex discuss ROS, the Robot Operating System [04:28]
Kyle Fazzari’s ROS and Ubuntu Video Series
Hiring
Robotics Security Engineer
Security Engineer - Certifications (FIPS, Common Criteria)
Ubuntu Security Engineer
Get in contact