Sveriges mest populära poddar

Ubuntu Security Podcast

Episode 73

31 min • 8 maj 2020

Overview

After the recent release of Ubuntu 20.04 LTS, we look at security fixes for OpenJDK, CUPS, the Linux kernel, Samba and more, plus Joe and Alex discuss robot kits and the Kaiji botnet.

This week in Ubuntu Security Updates

86 unique CVEs addressed

[USN-4337-1] OpenJDK vulnerabilities [01:21]

[USN-4338-1, USN-4338-2] re2c vulnerability [02:26]

  • 1 CVEs addressed in Eoan, Focal
  • Used to generate fast C code for parsing regular expressions
  • Heap buffer overflow if parsing a very long input due to incorrect length checks

[USN-4339-1] OpenEXR vulnerabilities [02:59]

[USN-4340-1] CUPS vulnerabilities [04:09]

  • 2 CVEs addressed in Xenial, Bionic, Eoan, Focal
  • Heap buffer overflow when parsing ppd files - so if added a printer with a crafted ppd file could crash / RCE - since cupsd runs as root could be possible RCE as root
  • OOB read -> info leak / crash

[USN-4341-1, USN-4341-2, USN-4341-3] Samba vulnerabilities [05:11]

  • 2 CVEs addressed in Trusty ESM, Xenial, Bionic, Eoan, Focal
  • Stack overflow able to be triggered by an unauthenticated user when Samba is acting as an AD DC -> crash, code exec?
  • UAF in Samba AD DC LDAP server

[USN-4342-1] Linux kernel vulnerabilities [06:02]

  • 7 CVEs addressed in Bionic, Eoan
  • 5.3 kernel for eoan + bionic hwe
  • s390 specific race-condition in page table handling -> local attacker arbitrary code exec
  • race-condition -> UAF in block io tracing -> OOB read -> info leak / crash
  • stack buffer overflow in vhost-net driver -> able to be triggered by a local attacker via ioctl() on /dev/vhost-net
  • race-condition -> UAF in tty (virtual terminal) subsystem
  • low priority (DoS etc via crafted file-systems)

[USN-4344-1] Linux kernel vulnerabilities [07:58]

[USN-4343-1] Linux kernel vulnerability [08:13]

  • 1 CVEs addressed in Focal
  • 5.4 kernel
  • s390 page-table issue

[USN-4345-1] Linux kernel vulnerabilities [08:25]

[USN-4346-1] Linux kernel vulnerabilities [09:00]

[USN-4347-1] WebKitGTK vulnerability [09:26]

[USN-4348-1] Mailman vulnerabilities [09:47]

  • 3 CVEs addressed in Xenial, Bionic
  • Possible XSS when viewing list archives since mailman does not track the mime-type of attachments -> so HTTP reply may lack a MIME type and so the receiving browser may assume that content-type is text/html and so execute contained Javascript code

[USN-4349-1] EDK II vulnerabilities [10:36]

[USN-4350-1] MySQL vulnerabilities [12:05]

[USN-4330-2] PHP vulnerabilities [12:46]

[USN-4332-2] File Roller vulnerability [13:05]

[USN-4333-2] Python vulnerabilities [13:06]

Goings on in Ubuntu Security Community

Release of Ubuntu 20.04 LTS (Focal Fossa) [13:16]

  • Supported as LTS for 5 years and as ESM for 5 years -> 10 years of security support
  • Kernel changes -> based on upstream 5.4 LTS kernel, includes Lockdown LSM, Wireguard as built-in to the kernel
  • SSH client / server supports hardware based 2 factor auth (like Yubikeys) OOTB
  • More stringent TLS default parameters to blacklist insecure ciphers / key-lengths etc

Joe and Alex discuss Kaiji Botnet targeting Linux IoT devices [16:00]

Get in contact

Kategorier
Förekommer på
00:00 -00:00