Overview
This week we have a great interview between Joe McManus and Emilia Torino from the Ubuntu
Security team, plus we cover security updates for Apport, Firefox, GnuTLS,
the Linux kernel and more.
This week in Ubuntu Security Updates
18 unique CVEs addressed
[USN-4315-1] Apport vulnerabilities [00:32]
- 2 CVEs addressed in Xenial, Bionic, Eoan
- Apport creates it’s lock file as world writable in a world-writable
location - so a local attacker could create a symlink in it’s place to a
non-existant file in a root-owned location and Apport would end up
creating that file but with world-writable permissions - so could be used
to possibly escalate privileges say by dropping a new cron file or
similar.
- Apport runs as root but drops privileges when creating crash reports -
and then changes permissions on crash report to be owned by the user -
again using a symlink attack it could be possible to get Apport to change
the permissions on an arbitrary file to be readable by a regular user and
hence disclose sensitive information. Is generally mitigated by
protected_symlinks setting.
[USN-4316-1, USN-4316-2] GD Graphics Library vulnerabilities [02:46]
- 2 CVEs addressed in Trusty ESM, Xenial, Bionic, Eoan
- Used by php for image handling
- Use of an uninitialized variable during
image creation -> info leak or possible memory corruption
- NULL ptr deref in certain circumstances
[USN-4317-1] Firefox vulnerabilities [03:10]
[USN-4321-1] HAProxy vulnerability [03:56]
- 1 CVEs addressed in Bionic, Eoan
- Arbitrary heap memory write in HPACK decoder (HTTP/2 header
compression) -> crash, DoS or possible RCE
[USN-4322-1] GnuTLS vulnerability [04:35]
- 1 CVEs addressed in Eoan
- Used all zeros instead of a random 32-byte value for key negotiation as a
DTLS client - so breaks the security guarantees of DTLS
(datagram-TLS). Introduced in a code change which changed a boolean OR to
and AND without inverting the logic (ie De Morgan)
[USN-4323-1] Firefox vulnerabilities [05:28]
- 6 CVEs addressed in Xenial, Bionic, Eoan
- 75.0
- Malicious extension could possibly steal auth codes from OAuth login
sequences
- Memory corruption -> DoS, info leak or RCE via malicious website
[USN-4318-1] Linux kernel vulnerabilities [06:18]
- 3 CVEs addressed in Xenial, Bionic
- 4.15 bionic kernel (xenial hwe)
- 3 DoS issues:
- Use-after-free in VFS layer -> crash / info-leak
- PowerPC KVM guest to host state memory corruption -> crash
- Soft-lockup via malicious ext4 image due to failure to properly validate
the journal size
[USN-4319-1, USN-4325-1] Linux kernel vulnerabilities [07:22]
- 2 CVEs addressed in Bionic, Eoan
- 5.3 eoan kernel (bionic hwe), 5.0 bionic clouds kernel
- VFS UAF from above
- Memory leak in IPMI handler -> DoS via memory exhaustion
[USN-4320-1] Linux kernel vulnerability [08:08]
- 1 CVEs addressed in Trusty ESM, Xenial
- 4.4 xenial kernel (trusty hwe)
- VFS UAF
[USN-4324-1] Linux kernel vulnerabilities [08:33]
- 2 CVEs addressed in Trusty ESM, Xenial, Bionic
- 4.15 rapsi, snapdragon, gke, aws etc - bionic, xenial hwe, trusty esm hwe
- VFS UAF
- Ext4 soft-lockup issue
Goings on in Ubuntu Security Community
Joe talks with Ubuntu Security Team member Emilia Torino [09:06]
Uncompressed OVAL data being discontinued on 1st May [24:25]
Get in contact