Start / Ubuntu Security Podcast / Episode 84

Episode 84

25 min • 30 juli 2020

Overview

In a week when too many security updates are never enough, we cover the biggest one of them all for a while, BootHole, with an interview between Joe McManus and Alex Murray for some behind-the-scenes and in-depth coverage, plus we also look briefly at the other 100-odd CVEs for the week in FFmpeg, OpenJDK, LibVNCServer, ClamAV and more.

This week in Ubuntu Security Updates

109 unique CVEs addressed

[USN-4428-1] Python vulnerabilities [01:03]

4 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
CPU based DoS via infinite loop in parsing a crafted tar archive

[USN-4431-1] FFmpeg vulnerabilities [01:31]

9 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
UAF, use of uninitialised variables, heap buffer over-read, NULL pointer deref etc - most via oss-fuzz

[USN-4430-2] Pillow vulnerabilities [02:15]

5 CVEs addressed in Focal (20.04 LTS)
2 buffer overflows in TIFF decoder

[USN-4433-1] OpenJDK vulnerabilities [02:33]

8 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
11.0.8 upstream release - thanks to Tiago from Foundations for preparing these
Usual mix of issues for Java - possible sandbox escape, crash in TIFF decoder, failure to properly validate TLS certs in some cases etc

[USN-4434-1] LibVNCServer vulnerabilities [03:11]

12 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
2 NULL ptr deref, infinite loop -> DoS when closing connection, misaligned data access leading to possible crash, integer overflow, OOB read etc

[USN-4435-1, USN-4435-2] ClamAV vulnerabilities [04:03]

3 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
0.102.4 release
NULL ptr deref on crafted EGG, race condition where could replace target dir with a symlink and get clamscan to remove that target, OOB read in ARJ decoder (previous fix Episode 76 was incomplete)

[USN-4436-1, USN-4436-2] librsvg vulnerabilities / regression [04:55]

2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)
- CVE-2019-20446
- CVE-2017-11464
Update caused a regression since it removed a symbol - backed out, waiting for a more complete fix from upstream

[USN-4437-1] libslirp vulnerability [05:26]

1 CVEs addressed in Focal (20.04 LTS)
- CVE-2020-10756
OOB read in icmp6 echo reply - guest leaks contents of host memory -> info disclosure

[USN-4438-1] SQLite vulnerability [05:45]

1 CVEs addressed in Focal (20.04 LTS)
- CVE-2020-15358
Heap buffer overflow

[USN-4442-1] Sympa vulnerabilities [06:54]

3 CVEs addressed in Trusty ESM (14.04 ESM)
Mailing list manager - possible privesc via injection of environment variables to run setuid wrappers arbitrary code

[USN-4443-1] Firefox vulnerabilities [07:27]

9 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
79.0

[USN-4432-1] GRUB 2 vulnerabilities [07:39]

8 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)

Goings on in Ubuntu Security Community

Alex and Joe take an in-depth and behind-the-scenes look at BootHole / GRUB 2 [08:14]

Alex hints at pending future secureboot-db update [23:55]

https://uefi.org/revocationlistfile

Get in contact

Kategorier

Poddar Teknologi

Förekommer på

Teknik

00:00 -00:00