Overview
This week we cover security updates for a Linux kernel vulnerability
disclosed during pwn2own, Timeshift, pam-krb5 and more, plus we have a
special guest, Vineetha Kamath, to discuss security certifications for
Ubuntu.
This week in Ubuntu Security Updates
10 unique CVEs addressed
[USN-4308-2] Twisted vulnerabilities [00:42]
- 4 CVEs addressed in Trusty ESM
- Episode 68 - 4 of the 7 CVEs described there affect Twisted in 14.04
ESM
[USN-4310-1] WebKitGTK+ vulnerability [01:09]
- 1 CVEs addressed in Bionic, Eoan
- UAF - discovered by CloudFuzz
[USN-4312-1] Timeshift vulnerability [01:49]
- 1 CVEs addressed in Eoan
- Reuses predictably named temporary directory to execute scripts - and
runs as root - so a local attacker could replace the script in this
predictably named directory with one containing malicious commands, to
get code execution as root. Fixed by using a randomly named directory
and setting the permissions on it so other users can’t write to it.
[USN-4313-1] Linux kernel vulnerability [02:43]
- 1 CVEs addressed in Bionic, Eoan
- pwn2own - Manfred Paul discovered the BPF verifier in the Linux kernel
did not properly calculate register bounds for 32-bit operations - so if
allow unprivileged users to load BPF, this could be used to read or write
kernel memory. Can then use this to elevate privileges to root.
- https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results
[USN-4311-1] BlueZ vulnerabilities [03:52]
- 2 CVEs addressed in Xenial, Bionic, Eoan
- Didn’t handle bonding of HID and HOGP (HID over GATT - Generic Attribute
Profile) devices - local attacker could use this to impersonate
non-bonded devices
- Buffer overflow in parse_line function used by some CLI-based userland
utils
[USN-4314-1] pam-krb5 vulnerability [04:50]
- 1 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Eoan
- Single-byte buffer overflow could potentially allow RCE - buffer is
provided by underlying kerberos library - attacker can supply input of
special length to overflow this and then cause memory corruption -
possible heap or stack corruption. Only used in code-paths where Kerberos
lib does supplemental prompting, or if running PAM with no_prompt
configured.
Goings on in Ubuntu Security Community
Joe and Vineetha discuss security certifications for Ubuntu [06:14]
Get in contact