Episode 65

Overview

Whilst avoiding Coronavirus, this week we look at updates for libarchive, OpenSMTPD, rake and more, plus Joe and Alex discuss ROS, the Robot Operating System and how the Ubuntu Security Team is involved in the ongoing development of secure foundations for robotics.

This week in Ubuntu Security Updates

7 unique CVEs addressed

[USN-4293-1] libarchive vulnerabilities [00:18]

• 2 CVEs addressed in Xenial, Bionic, Eoan
  • CVE-2020-9308
  • CVE-2019-19221
• OSS-Fuzz: RAR unpacker would try and unpack a file with a corrupted / malformed header (ie. zero length etc) - OOB read - crash/DoS
• OOB read due to use of wrong length parameter to mbtowc()

[USN-4294-1] OpenSMTPD vulnerabilities [02:00]

• 2 CVEs addressed in Bionic, Eoan
  • CVE-2020-8793
  • CVE-2020-8794
• Remote code exec on both clients and server (as server reuses client-side code for debouncing)
• Possible arbitrary file read due to race-condition in offline functionality - a user could create a hardlink to a root-owned file which opensmtpd would then read - mitigated on Ubuntu since we enable protected_hardlinks sysctl which stops regular users creating hardlinks to root-owned files

[USN-4288-2] ppp vulnerability [03:12]

• 1 CVEs addressed in Precise ESM, Trusty ESM
  • CVE-2020-8597
• Episode 64 (possible buffer overflow)

[USN-4290-2] libpam-radius-auth vulnerability [03:23]

• 1 CVEs addressed in Precise ESM, Trusty ESM
  • CVE-2015-9542
• Episode 64 (stack overflow in password field handling)

[USN-4295-1] Rake vulnerability [03:31]

• 1 CVEs addressed in Xenial, Bionic, Eoan
  • CVE-2020-8130
• Command injection vulnerability via Rake::FileList - used the Kernel open() method rather than File.open() - this supports launching a process if the file-name starts with a pipe `|` - so instead just use File.open()

Goings on in Ubuntu Security Community

Joe and Alex discuss ROS, the Robot Operating System [04:28]

Kyle Fazzari’s ROS and Ubuntu Video Series

• https://ubuntu.com/blog/from-ros-prototype-to-production-on-ubuntu-core
• https://ubuntu.com/blog/your-first-robot-a-beginners-guide-to-ros-and-ubuntu-core-1-5

Hiring

Robotics Security Engineer

• https://canonical.com/careers/1550997

Security Engineer - Certifications (FIPS, Common Criteria)

• https://canonical.com/careers/2085468

Ubuntu Security Engineer

• https://canonical.com/careers/2085023

Get in contact

• [email protected]
• #ubuntu-security on the Libera.Chat IRC network
• ubuntu-hardened mailing list
• Security section on discourse.ubuntu.com
• @ubuntu_sec on twitter