Overview
In episode 75 we look at security updates for APT, json-c, Bind, the Linux
kernel and more, plus Joe and Alex discuss recent phishing attacks and the
Wired biopic of Marcus Hutchins.
This week in Ubuntu Security Updates
26 unique CVEs addressed
[USN-4358-1] libexif vulnerabilities [00:44]
- 2 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- Divide by zero and a CPU infinite loop (DoS) for handling crafted exif
content
[USN-4359-1] APT vulnerability [01:19]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- Own ar archive handling code
- Stack buffer OOB read for ar archive members with specially crafted
names - tried to handle spaces etc in names but if the name was all
spaces would overrun the name and read past the end of it
[USN-4360-1] json-c vulnerability [02:04]
- 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- Integer overflow -> OOB write from a large json file
[USN-4360-2, USN-4360-3] json-c regression [02:27]
- Affecting Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- Upstream fix had a bug where logic for trying to handle integer overflow
was inverted and so would cause INT_MAX (2GB) memory to be allocated
- On machines with a small amount of memory this could exhaust all and
trigger OOM killer
- Part of logic of the package is to trigger a rexec of upstart (which
serialises itself via libjson) - so this could cause upstart to consume
all memory, get killed to OOM killer and cause fail to boot etc
- upstart not used as default init on xenial+ and initial update was
delayed for ESM so only a small number of users would be affected (those
running 16.04 LTS/xenial who had manually configured upstart as init)
[USN-4361-1] Dovecot vulnerabilities [04:13]
- 3 CVEs addressed in Eoan (19.10), Focal (20.04 LTS)
- 3 issues discovered by Philippe Antoine
- UAF sending command is followed by a sufficient number of newlines -> crash
- Sending with empty quoted localpart or malformed NOOP commands -> crash
[USN-4362-1] DPDK vulnerabilities [04:47]
- 5 CVEs addressed in Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- Data-plane development kit (provides TCP offloading to userspace to
accelerate package processing workloads)
- Used by openvswitch for OpenStack software defined networking
- Memory leak and file-descriptor leak -> DoS
- Guest to host crash via a missing check on an address in an io descriptor
- Failure to validate key lengths
- Integer overflow on host from guest -> crash
[USN-4367-1] Linux kernel vulnerabilities [05:51]
- 3 CVEs addressed in Focal (20.04 LTS)
- 5.4 kernel
- UAF due to a race-condition in bfq block io scheduler in block subsystem
- Bug in parsing of mount options for tmpfs -> stack overflow (need root
privileges etc to specify mount options)
- UAF in btrfs when handling a specially crafted file-system image
[USN-4363-1] Linux kernel vulnerabilities [06:42]
- 4 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)
- 4.15 kernel
- block io scheduler UAF
- PowerPC specific guest -> host VM crash on save / restore of authority
mask registers
- tmpfs mount option parsing
- Serial CAN driver did not initialise stack data so could leak stack
memory to userspace etc
[USN-4364-1] Linux kernel vulnerabilities [07:30]
- 7 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS)
- 4.4 kernel
- USB camera drivers fail to validate device metadata -> NULL ptr deref etc (crash)
- tmpfs & serial CAN above
[USN-4368-1] Linux kernel vulnerabilities [07:59]
- 8 CVEs addressed in Bionic (18.04 LTS)
- 5.0 gke/eom (based off Ubuntu 19.04 disco kernel)
- block io scheduler UAF
- ppc specific guest -> host VM crash on save / restore of authority mask
registers
- USB camera drivers fail to validate device metadata
- tmpfs & serial CAN above
[USN-4365-1] Bind vulnerabilities [08:31]
- 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- DNS refelection attack via recursive resolution -
http://www.nxnsattack.com/
[USN-4366-1] Exim vulnerability [09:14]
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- OOB read in Secure Password Authentication (SPA, also known as NTLM)
authenticator, could result in SPA/NTLM auth bypass
Goings on in Ubuntu Security Community
Alex and Joe discuss recent trends in phishing attacks and Marcus Hutchins (aka MalwareTech) [09:43]
Get in contact