Overview
SRBDS aka CrossTalk, the latest Intel speculative execution attack, is the
big news this week in security updates for Ubuntu, as well as fixes for
GnuTLS, Firefox and more, plus Alex and Joe talk about using STRIDE for
threat modelling of software products.
This week in Ubuntu Security Updates
39 unique CVEs addressed
[USN-4381-2] Django vulnerabilities [01:00]
- 2 CVEs addressed in Trusty ESM (14.04 ESM)
- Episode 77
[USN-4382-1] FreeRDP vulnerabilities [01:28]
- 14 CVEs addressed in Xenial (16.04 LTS)
- Episode 77 covered a similar update for FreeRDP2 in 18.04 LTS, 19.10, 20.04 LTS
- This is the corresponding update for FreeRDP 1 in 16.04 LTS
[USN-4383-1] Firefox vulnerabilities [02:09]
- 8 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- 77.0.1
[USN-4384-1] GnuTLS vulnerability [02:54]
- 1 CVEs addressed in Eoan (19.10), Focal (20.04 LTS)
- Rare Friday update - high priority GnuTLS vulnerability - would use an
all-zero key for encrypting TLS session ticket
- TLS1.3 -> enables a middleperson attack against resumed sessions
- TLS1.2 -> enables passive decryption of traffic to/from servers when the
client supports session tickets
[USN-4386-1] libjpeg-turbo vulnerability [04:19]
- 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- CVE-2020-13790
- Heap buffer over-read via crafted PPM file -> info disclosure / crash
[USN-4385-1] Intel Microcode vulnerabilities [04:49]
- 3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- Latest Intel microarchitectural cache side-channel vulnerabilities - L1D
cache, vector registers, special registers
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS
- Special register buffer data sampling (SRBDS) -> RDRAND, RDSEED etc ->
aka CrossTalk -> micro-arch buffer is shared across cores so old values
could be read by other processors
- microcode clears buffers -> performance decrease for RDRAND etc as a
result -> kernel update contains support for a kernel command-line arg to
disable this mitigation
[USN-4387-1] Linux kernel vulnerabilities [07:25]
- 5 CVEs addressed in Bionic (18.04 LTS), Eoan (19.10)
- 5.3
- Kernel command-line option to disable SRBDS mitigation
- F2FS bounds check fail on xattrs -> OOB read -> info leak
- USB scatter-gather UAF -> malicious USB device -> crash / RCE
- XDP socket fail to validate userspace metadata -> OOB write -> requires
CAP_NET_ADMIN
[USN-4388-1] Linux kernel vulnerabilities [08:40]
- 6 CVEs addressed in Bionic (18.04 LTS)
- 5.0 gke & oem
[USN-4389-1] Linux kernel vulnerabilities [08:54]
- 6 CVEs addressed in Focal (20.04 LTS)
- 5.4
[USN-4390-1] Linux kernel vulnerabilities [09:02]
- 6 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS)
- 4.15 (14.04 ESM azure, 16.04 LTS - hwe, 18.04 LTS
all)
- As above + IPsec fail to encrypt IPv6 in some conditions -> info leak
[USN-4391-1] Linux kernel vulnerabilities [09:35]
- 8 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS)
- 4.4
[USN-4392-1] Linux kernel vulnerabilities [09:46]
- 3 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM)
- 3.13
[USN-4393-1] Linux kernel vulnerabilities [09:46]
- 2 CVEs addressed in Precise ESM (12.04 ESM)
- 3.2
Goings on in Ubuntu Security Community
Joe and Alex discuss Threat Modelling via STRIDE [10:12]
Get in contact