Overview
In a week when too many security updates are never enough, we cover the
biggest one of them all for a while, BootHole, with an interview between
Joe McManus and Alex Murray for some behind-the-scenes and in-depth
coverage, plus we also look briefly at the other 100-odd CVEs for the week
in FFmpeg, OpenJDK, LibVNCServer, ClamAV and more.
This week in Ubuntu Security Updates
109 unique CVEs addressed
[USN-4428-1] Python vulnerabilities [01:03]
- 4 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM),
Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- CPU based DoS via infinite loop in parsing a crafted tar archive
[USN-4431-1] FFmpeg vulnerabilities [01:31]
- 9 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04
LTS)
- UAF, use of uninitialised variables, heap buffer over-read, NULL pointer
deref etc - most via oss-fuzz
[USN-4430-2] Pillow vulnerabilities [02:15]
- 5 CVEs addressed in Focal (20.04 LTS)
- 2 buffer overflows in TIFF decoder
[USN-4433-1] OpenJDK vulnerabilities [02:33]
- 8 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- 11.0.8 upstream release - thanks to Tiago from Foundations for preparing
these
- Usual mix of issues for Java - possible sandbox escape, crash in TIFF
decoder, failure to properly validate TLS certs in some cases etc
[USN-4434-1] LibVNCServer vulnerabilities [03:11]
- 12 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04
LTS)
- 2 NULL ptr deref, infinite loop -> DoS when closing connection,
misaligned data access leading to possible crash, integer overflow, OOB
read etc
- 3 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM),
Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- 0.102.4 release
- NULL ptr deref on crafted EGG, race condition where could replace target
dir with a symlink and get clamscan to remove that target, OOB read in
ARJ decoder (previous fix Episode 76 was incomplete)
[USN-4436-1, USN-4436-2] librsvg vulnerabilities / regression [04:55]
- 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)
- Update caused a regression since it removed a symbol - backed out,
waiting for a more complete fix from upstream
[USN-4437-1] libslirp vulnerability [05:26]
- 1 CVEs addressed in Focal (20.04 LTS)
- OOB read in icmp6 echo reply - guest leaks contents of host memory ->
info disclosure
[USN-4438-1] SQLite vulnerability [05:45]
- 1 CVEs addressed in Focal (20.04 LTS)
- Heap buffer overflow
[USN-4439-1] Linux kernel vulnerabilities [05:51]
- 14 CVEs addressed in Bionic (18.04 LTS)
[USN-4440-1] Linux kernel vulnerabilities [06:05]
- 12 CVEs addressed in Bionic (18.04 LTS)
- 5.3 (hwe / azure / gcp / gke / oracle)
[USN-4441-1] MySQL vulnerabilities [06:17]
- 30 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04
LTS)
- 8.0.21 (focal)
- 5.7.31 (bionic / xenial)
[USN-4442-1] Sympa vulnerabilities [06:54]
- 3 CVEs addressed in Trusty ESM (14.04 ESM)
- Mailing list manager - possible privesc via injection of environment
variables to run setuid wrappers arbitrary code
[USN-4443-1] Firefox vulnerabilities [07:27]
- 9 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04
LTS)
- 79.0
[USN-4432-1] GRUB 2 vulnerabilities [07:39]
- 8 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
Goings on in Ubuntu Security Community
Alex and Joe take an in-depth and behind-the-scenes look at BootHole / GRUB 2 [08:14]
Alex hints at pending future secureboot-db update [23:55]
Get in contact