Episode 81

Overview

Joe talks cyber security policy with Dr David Reed from CU Boulder, plus Alex covers the week in security updates including Mutt, NVIDIA graphics drivers, Mailman and more.

This week in Ubuntu Security Updates

6 unique CVEs addressed

[USN-4403-1] Mutt vulnerability and regression [00:40]

• 1 CVEs addressed in Precise ESM (12.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
  • CVE-2020-14954
• When connecting to an IMAP/SMTP/POP3 server via STARTTLS, would read additional data after the clear-text command to begin TLS - if someone was able to intercept the connection they could inject content which would then later get processed by Mutt as though it had come from the TLS connection. Fixed to simply clear input buffer at the start of TLS negotiation.
• Also includes a fix for a possible regression in the previous security update (Episode 80)

[USN-4404-1, USN-4404-2] NVIDIA graphics drivers & Linux kernel vulnerabilities [01:59]

• 3 CVEs addressed in Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
  • CVE-2020-5973
  • CVE-2020-5967
  • CVE-2020-5963
• CUDA driver failed to properly perform access control during IPC - could allow a local attacker to DoS/RCE
• UVM driver (Unified Virtual Memory - used with CUDA driver for better performance) race condition - local attacker DoS
• Virtual guest GPU driver unspecified vuln -> privileged operations -> DoS
• Updates the linux kernel source package since this is used to provide the DKMS packages

[USN-4405-1] GLib Networking vulnerability [03:15]

• 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
  • CVE-2020-13645
• glib-networking - additional library for glib/gio to provide TLS (ie links against gnutls etc.)
• Would fail to verify that the hostname of a server’s TLS certificate matches the expected hostname by the client - but only if the client failed to specify the hostname itself. If did not provide hostname, would expect it to fail validation completely. Balsa (GNOME mail client) did this, so could possibly be tricked into connecting to a different mail server as a result.

[USN-4406-1] Mailman vulnerability [04:48]

• 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)
  • CVE-2020-15011
• Failed to validate inputs to the private archive login page - would then echo these back inside the generated page and so provides arbitrary content injection from a crafted URL.

Goings on in Ubuntu Security Community

Joe talks cyber security policy with Dr David Reed, Scholar in Residence @ UC Boulder [05:51]

• https://www.colorado.edu/program/tcp/people/david-reed
• Stock price study:
  • https://www.comparitech.com/blog/information-security/data-breach-share-price-analysis/
• FCC 5G FAST Plan
• https://docs.fcc.gov/public/attachments/DOC-354326A1.pdf

Ubuntu Security Notices relocated [27:00]

• Thanks to the design and web teams at Canonical
• Notices now live at https://ubuntu.com/security/notices/
• Old notices from https://usn.ubuntu.com will get redirected

Get in contact

• [email protected]
• #ubuntu-security on the Libera.Chat IRC network
• ubuntu-hardened mailing list
• Security section on discourse.ubuntu.com
• @ubuntu_sec on twitter