Overview
With Ubuntu 19.10 going EOL, we have a special interview by Joe with Chris
Coulson and Steve Beattie from the Ubuntu Security Team to talk TPMs and
Ubuntu Core 20, plus Alex looks at some of the 71 CVEs addressed by the
team and more.
This week in Ubuntu Security Updates
71 unique CVEs addressed
[USN-4407-1] LibVNCServer vulnerabilities [01:02]
- 5 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- Used by gnome-remote-desktop, virtualbox and others
- Provides both a server and client libraries
- So some issues affect clients when connecting to a malicious server,
others could be from a malicious client to the server
- Issues when handling WebSocket frames, cursor shape updates,
ServerCutText messages and decompression of zlib compressed data - crash ->
DoS, info leak, RCE etc
[USN-4408-1] Firefox vulnerabilities [01:57]
- 11 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- 78.0.1
- Would reject certificate chains for addons which did not terminate in a
built-in root certificate - could cause some add-ons to become outdated
as it would reject updates for them
- Usual web browser issues -> crafted website DoS, info leak, bypass
permission prompts or RCE
[USN-4409-1] Samba vulnerabilities [03:00]
- 3 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- 2 separate issues when handling LDAP queries -> both UAF -> crash -> DoS
or RCE
- CPU based DoS when processing NetBIOS over TCP/IP
[USN-4410-1] Net-SNMP vulnerability [03:44]
- 1 CVEs addressed in Focal (20.04 LTS)
- Double free -> heap memory corruption -> crash / RCE
[USN-4411-1] Linux kernel vulnerabilities [04:02]
- 5 CVEs addressed in Focal (20.04 LTS)
- 5.4 kernel
- Various low impact issues - info leak due to failure to initialise memory
when handling ELF code, SELinux network label handling NULL ptr deref,
SCSI driver OOB read, USB gadget OOB read via configfs etc
[USN-4412-1] Linux kernel vulnerabilities [04:57]
- 5 CVEs addressed in Bionic (18.04 LTS), Eoan (19.10)
- 5.3 kernel (bionic HWE)
- Most of above plus an SELinux failure to validate all parts of a
multi-part netlink message - could then possibly bypass SELinux access
controls - SELinux is not the default LSM in Ubuntu - AppArmor
[USN-4413-1] Linux kernel vulnerabilities [05:58]
- 5 CVEs addressed in Bionic (18.04 LTS)
- 5.0 kernel (gke/oem)
[USN-4414-1] Linux kernel vulnerabilities [06:10]
- 12 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)
- 4.15 kernel (bionic / xenial hwe)
- Some of above, plus others and a kernel->user space relay bug where
local user could trigger a crash -> DoS via improper return values to the
kernel
[USN-4419-1] Linux kernel vulnerabilities [06:49]
- 5 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS)
- 4.4 kernel (xenial / trusty hwe)
- ptp race condition during device allocation and removal due to a dangling
pointer to free’d memory
[USN-4415-1] coTURN vulnerabilities [07:33]
- 3 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- TURN / STUN server used to traverse VoIP media traffic over NAT with a
telnet / HTTPS management interface
- Info leak due to failure to zero memory used for response buffers
- Improper handling of HTTP POST requests to the web interface -> DoS /
info-leak etc
[USN-4416-1] GNU C Library vulnerabilities [08:04]
- 11 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10)
- Failure to handle regex/s, bit patters, path tilde expansion, hostname
lookups, memalign & AVX-512 optimised memcpy() etc -> memory corruption
-> crash / RCE
- Possible ASLR bypass for setuid() programs since would not respect the
LD_PREFER_MAP_32BIT_EXEC environment variable after security transition
and so a local attcker could use this to restrict the range of memory
addresses used when loading libraries
- 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- Possible RSA side-channel due to input-dependent code flow - would allow
possible RSA private key extraction via electromagnetic-based
side-channel measurements
[USN-4418-1] OpenEXR vulnerabilities [10:06]
- 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- Heap buffer overflow and UAF
[USN-4420-1] Cinder and os-brick vulnerability [10:13]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- Possible exposure of credentials when using the Dell EMC ScaleIO or
VxFlex OS backend storage drivers - credentials would be accessible via
the connection_info element in various API calls - instead credentials
get moved to a file on disk so may require some changes on various
deployed environments as a result
[USN-4421-1] Thunderbird vulnerabilities [10:52]
- 10 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- 68.10.0
- Most firefox issues mentioned earlier, plus a specific TB one where if an
attacker could potentially intercept and modify traffic across a STARTTLS
IMAP server by responding with a PREAUTH.
[USN-4376-2] OpenSSL vulnerabilities [11:33]
- 3 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM)
- Episode 77
[USN-4422-1] WebKitGTK+ vulnerabilities [11:40]
- 8 CVEs addressed in Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
[USN-4423-1] Firefox vulnerability [11:52]
- Affecting Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- 78.0.2
- Possible click-jacking attack via crafted X-Frame-Options bypass when
visiting a specially crafted website (no CVE..)
Goings on in Ubuntu Security Community
Joe talks TPMs and Ubuntu Core 20 with Chris Coulson and Steve Beattie [12:30]
Ubuntu 19.10 Eoan Ermine goes end-of-life [23:12]
Get in contact