Episode 71

Overview

This week Joe discusses Ubuntu’s involvement in ZDI’s Pwn2Own with special guests Steve Beattie and Marc Deslauriers from the Ubuntu Security team, plus we do the usual roundup of fixed vulnerabilities including libssh, Thunderbird, Git and a kernel Livepatch.

This week in Ubuntu Security Updates

38 unique CVEs addressed

[USN-4325-1] Linux kernel vulnerabilities [00:59]

• 2 CVEs addressed in Bionic
  • CVE-2020-8428
  • CVE-2019-19046
• 5.0 (bionic clouds / oem - oracle, gke, gcp, azure, etc)
• VFS UAF and IPMI memory leak - Episode 70

[USN-4326-1] libiberty vulnerabilities [01:46]

• 14 CVEs addressed in Xenial, Bionic
  • CVE-2019-9071
  • CVE-2019-9070
  • CVE-2019-14250
  • CVE-2018-9138
  • CVE-2018-18701
  • CVE-2018-18700
  • CVE-2018-18484
  • CVE-2018-18483
  • CVE-2018-17985
  • CVE-2018-17794
  • CVE-2018-12934
  • CVE-2018-12698
  • CVE-2018-12697
  • CVE-2018-12641
• libib - collection of subroutines used by other libraries / applications
  • primarily binutils for parsing binary formats (ELF executables etc)
• Mostly low priority issues (DoS via memory leak / NULL ptr dereference in say objdump etc)
• 1 medium - integer overflow -> heap buffer overflow in parsing a crafted ELF file

[USN-4327-1] libssh vulnerability [02:57]

• 1 CVEs addressed in Bionic, Eoan
  • CVE-2020-1730
• Malicious client / server could crash other end when using AES-CTR ciphers - error in memory handling on cleanup of cipher context when closing the connection -> DoS

[LSN-0065-1] Linux kernel vulnerability [03:41]

• 3 CVEs addressed in Xenial, Bionic
  • CVE-2020-8428
  • CVE-2019-3016
  • CVE-2013-1798
• Livepatch for VFS UAF, fix a possible SpectreV1/L1TF gadget introduced back in 2013 for a KVM IOAPIC issue, KVM TLB flush (Episode 67)

[USN-4328-1] Thunderbird vulnerabilities [04:31]

• 18 CVEs addressed in Bionic, Eoan
  • CVE-2020-6811
  • CVE-2020-6825
  • CVE-2020-6821
  • CVE-2020-6820
  • CVE-2020-6819
  • CVE-2020-6814
  • CVE-2020-6812
  • CVE-2020-6807
  • CVE-2020-6806
  • CVE-2020-6805
  • CVE-2020-6800
  • CVE-2020-6798
  • CVE-2019-20503
  • CVE-2020-6794
  • CVE-2020-6822
  • CVE-2020-6795
  • CVE-2020-6793
  • CVE-2020-6792
• 68.7.0
• Includes various fixes for issues previously covered in Firefox updates

[USN-4329-1] Git vulnerability [05:11]

• 1 CVEs addressed in Xenial, Bionic, Eoan
  • CVE-2020-5260
• Would not properly handle URLs that include newlines - and would possibly send credentials to the wrong host as a result - fixed by forbidding a newline in any part of credential handling

Goings on in Ubuntu Security Community

Joe discusses Ubuntu’s participation in ZDI’s Pwn2Own with Steve Beattie and Marc Deslauriers [06:25]

• https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results
• https://www.zdnet.com/article/windows-ubuntu-macos-virtualbox-fall-at-pwn2own-hacking-contest/

Get in contact

• [email protected]
• #ubuntu-security on the Libera.Chat IRC network
• ubuntu-hardened mailing list
• Security section on discourse.ubuntu.com
• @ubuntu_sec on twitter