Sveriges mest populära poddar

Ubuntu Security Podcast

Episode 75

30 min • 22 maj 2020

Overview

In episode 75 we look at security updates for APT, json-c, Bind, the Linux kernel and more, plus Joe and Alex discuss recent phishing attacks and the Wired biopic of Marcus Hutchins.

This week in Ubuntu Security Updates

26 unique CVEs addressed

[USN-4358-1] libexif vulnerabilities [00:44]

  • 2 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
  • Divide by zero and a CPU infinite loop (DoS) for handling crafted exif content

[USN-4359-1] APT vulnerability [01:19]

  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
  • Own ar archive handling code
  • Stack buffer OOB read for ar archive members with specially crafted names - tried to handle spaces etc in names but if the name was all spaces would overrun the name and read past the end of it

[USN-4360-1] json-c vulnerability [02:04]

  • 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
  • Integer overflow -> OOB write from a large json file

[USN-4360-2, USN-4360-3] json-c regression [02:27]

  • Affecting Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
  • Upstream fix had a bug where logic for trying to handle integer overflow was inverted and so would cause INT_MAX (2GB) memory to be allocated
  • On machines with a small amount of memory this could exhaust all and trigger OOM killer
  • Part of logic of the package is to trigger a rexec of upstart (which serialises itself via libjson) - so this could cause upstart to consume all memory, get killed to OOM killer and cause fail to boot etc
  • upstart not used as default init on xenial+ and initial update was delayed for ESM so only a small number of users would be affected (those running 16.04 LTS/xenial who had manually configured upstart as init)

[USN-4361-1] Dovecot vulnerabilities [04:13]

  • 3 CVEs addressed in Eoan (19.10), Focal (20.04 LTS)
  • 3 issues discovered by Philippe Antoine
    • UAF sending command is followed by a sufficient number of newlines -> crash
    • Sending with empty quoted localpart or malformed NOOP commands -> crash

[USN-4362-1] DPDK vulnerabilities [04:47]

  • 5 CVEs addressed in Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
  • Data-plane development kit (provides TCP offloading to userspace to accelerate package processing workloads)
  • Used by openvswitch for OpenStack software defined networking
  • Memory leak and file-descriptor leak -> DoS
  • Guest to host crash via a missing check on an address in an io descriptor
  • Failure to validate key lengths
  • Integer overflow on host from guest -> crash

[USN-4367-1] Linux kernel vulnerabilities [05:51]

  • 3 CVEs addressed in Focal (20.04 LTS)
  • 5.4 kernel
  • UAF due to a race-condition in bfq block io scheduler in block subsystem
  • Bug in parsing of mount options for tmpfs -> stack overflow (need root privileges etc to specify mount options)
  • UAF in btrfs when handling a specially crafted file-system image

[USN-4363-1] Linux kernel vulnerabilities [06:42]

  • 4 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)
  • 4.15 kernel
  • block io scheduler UAF
  • PowerPC specific guest -> host VM crash on save / restore of authority mask registers
  • tmpfs mount option parsing
  • Serial CAN driver did not initialise stack data so could leak stack memory to userspace etc

[USN-4364-1] Linux kernel vulnerabilities [07:30]

[USN-4368-1] Linux kernel vulnerabilities [07:59]

[USN-4365-1] Bind vulnerabilities [08:31]

[USN-4366-1] Exim vulnerability [09:14]

  • 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
  • OOB read in Secure Password Authentication (SPA, also known as NTLM) authenticator, could result in SPA/NTLM auth bypass

Goings on in Ubuntu Security Community

Alex and Joe discuss recent trends in phishing attacks and Marcus Hutchins (aka MalwareTech) [09:43]

Get in contact

Kategorier
Förekommer på
00:00 -00:00