Start / Ubuntu Security Podcast / Episode 78

Episode 78

25 min • 12 juni 2020

Overview

SRBDS aka CrossTalk, the latest Intel speculative execution attack, is the big news this week in security updates for Ubuntu, as well as fixes for GnuTLS, Firefox and more, plus Alex and Joe talk about using STRIDE for threat modelling of software products.

This week in Ubuntu Security Updates

39 unique CVEs addressed

[USN-4381-2] Django vulnerabilities [01:00]

2 CVEs addressed in Trusty ESM (14.04 ESM)
- CVE-2020-13596
- CVE-2020-13254
Episode 77

[USN-4382-1] FreeRDP vulnerabilities [01:28]

14 CVEs addressed in Xenial (16.04 LTS)
Episode 77 covered a similar update for FreeRDP2 in 18.04 LTS, 19.10, 20.04 LTS
This is the corresponding update for FreeRDP 1 in 16.04 LTS

[USN-4383-1] Firefox vulnerabilities [02:09]

8 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
77.0.1

[USN-4384-1] GnuTLS vulnerability [02:54]

1 CVEs addressed in Eoan (19.10), Focal (20.04 LTS)
- CVE-2020-13777
Rare Friday update - high priority GnuTLS vulnerability - would use an all-zero key for encrypting TLS session ticket
TLS1.3 -> enables a middleperson attack against resumed sessions
TLS1.2 -> enables passive decryption of traffic to/from servers when the client supports session tickets

[USN-4386-1] libjpeg-turbo vulnerability [04:19]

1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- CVE-2020-13790
- Heap buffer over-read via crafted PPM file -> info disclosure / crash

[USN-4385-1] Intel Microcode vulnerabilities [04:49]

3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
Latest Intel microarchitectural cache side-channel vulnerabilities - L1D cache, vector registers, special registers
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS
Special register buffer data sampling (SRBDS) -> RDRAND, RDSEED etc -> aka CrossTalk -> micro-arch buffer is shared across cores so old values could be read by other processors
microcode clears buffers -> performance decrease for RDRAND etc as a result -> kernel update contains support for a kernel command-line arg to disable this mitigation

[USN-4387-1] Linux kernel vulnerabilities [07:25]

5 CVEs addressed in Bionic (18.04 LTS), Eoan (19.10)
5.3
Kernel command-line option to disable SRBDS mitigation
F2FS bounds check fail on xattrs -> OOB read -> info leak
USB scatter-gather UAF -> malicious USB device -> crash / RCE
XDP socket fail to validate userspace metadata -> OOB write -> requires CAP_NET_ADMIN

[USN-4388-1] Linux kernel vulnerabilities [08:40]

6 CVEs addressed in Bionic (18.04 LTS)
5.0 gke & oem

[USN-4389-1] Linux kernel vulnerabilities [08:54]

6 CVEs addressed in Focal (20.04 LTS)
5.4

[USN-4390-1] Linux kernel vulnerabilities [09:02]

6 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS)
4.15 (14.04 ESM azure, 16.04 LTS - hwe, 18.04 LTS all)
As above + IPsec fail to encrypt IPv6 in some conditions -> info leak

[USN-4391-1] Linux kernel vulnerabilities [09:35]

8 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS)
4.4

[USN-4392-1] Linux kernel vulnerabilities [09:46]

3 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM)
3.13

[USN-4393-1] Linux kernel vulnerabilities [09:46]

2 CVEs addressed in Precise ESM (12.04 ESM)
- CVE-2020-0543
- CVE-2020-12654
3.2

Goings on in Ubuntu Security Community

Joe and Alex discuss Threat Modelling via STRIDE [10:12]

Get in contact

Kategorier

Poddar Teknologi

Förekommer på

Teknik

00:00 -00:00