Overview
Special guest, Tim McNamara, author of Rust In Action talks all things Rust
plus we look at security updates for Linux bluetooth firmware, OpenLDAP,
PulseAudio, Squid and more.
This week in Ubuntu Security Updates
17 unique CVEs addressed
[USN-4351-1] Linux firmware vulnerability [01:03]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)
- Bluetooth devices failed to properly validate elliptic curve parameters
used in key exchange - remote attacker could possibly force a weak key to
be used and hence obtain the encryption key. Required changes to both the
kernel and firmware blobs - kernel was updated previously (Episode 43) -
this is the corresponding update for firmware
[USN-4352-1, USN-4352-2] OpenLDAP vulnerability [02:05]
- 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM),
Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- A search filter with a large number of nested boolean expressions could
cause slapd daemon to crash via deep stack recursion - add a hard coded
limit to resolve this
[USN-4353-1] Firefox vulnerabilities [02:46]
- 8 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- 76.0
- Displays alerts for breached passwords stored in Lockwise
- Usual UAF, sandbox escape, buffer overflows, content security policy
bypass etc
- https://www.mozilla.org/en-US/firefox/76.0/releasenotes/
[USN-4353-2] Firefox regression [03:34]
[USN-4354-1] Mailman vulnerability [03:51]
-
1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)
- CVE-2020-12108
- Arbitrary content injection via options login page - if the submitted
email address looking invalid it would be echo’d back to the user - and
so anything supplied as the email address would be displayed
[USN-4355-1] PulseAudio vulnerability [04:23]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- Snap policy module for pulseaudio - only exists in Ubuntu - is designed
to allow snapd to mediate access to pulseaudio for snaps - so if plug
pulseaudio (or audio-playback / record) interface(s) can talk to
pulseaudio but then should only be able to do certain actions - however
the policy did not restrict unloading the policy module itself so any
snap with access could unload the policy and then have unrestricted
access to pulseaudio - so could say record audio when only audio-playback
interface was connected.
[USN-4357-1] IPRoute vulnerability [05:39]
- 1 CVEs addressed in Bionic (18.04 LTS)
- UAF when listing network namespaces (ip netns list)
[USN-4356-1] Squid vulnerabilities [05:59]
- 4 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- Possible cache poisoning, crash or RE from malicious remote servers via
Edge Side Includes
- Failure to properly validate hostname in cachemanager for certain
browsers -> HTML injection
- Nonce reply due to failure to properly validate Digest Authentication
nonce values
[USN-3911-2] file regression [06:40]
- Affecting Xenial (16.04 LTS), Bionic (18.04 LTS)
- Episode 25 - USN-3911-1 - update for file caused a regression where the
name of the interpreter parsed by file would be truncated and so the
output would be incorrect - used sizeof(var) - but var is a char * and so
sizeof() is size of a pointer - should instead be the length of the
string - updated to use strlen(var) +1
Goings on in Ubuntu Security Community
Alex talks Rust with Tim McNamara [08:14]
Get in contact