Overview
This week we talk antivirus scanners and false positives in the Ubuntu
archive, plus we look at security updates for QEMU, Bind, Net-SNMP,
sane-backends and more.
This week in Ubuntu Security Updates
56 unique CVEs addressed
[USN-4467-1] QEMU vulnerabilities [00:52]
- 13 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- OOB read in SLiRP networking implementation when replying to a ICMP ping
echo request -> malicious guest could leak host memory -> info leak
- Network Block Device server assertion failure able to be triggered via a
remote NBD client -> DoS
- Malicious guest could cause a OOB write / read in SM501 graphic driver on
host -> crash / code exec
[USN-4466-2] curl vulnerability [01:58]
- 1 CVEs addressed in Trusty ESM (14.04 ESM)
- Episode 87 - connect_only option -> could connect to wrong destination
-> info leak
- 5 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- Assertion failures when handling:
- queries for zones signed by RSA signature
- truncated response to a TSIG-signed request
- queries when QNAME minimazation and forward first are enabled
- specially crafted large TCP payload on most recent versions (focal
only)
[USN-4471-1] Net-SNMP vulnerabilities [03:10]
- 2 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- Would cache MIBs in a directory on the host - an attacker who has
read-write access to the SNMP service could use the NET-SNMP-EXTEND-MIB
extension to modify an existing MIB to add a command to be executed when
the MIB attribute is read, and this would be cached for future. In
general net-snmp server runs as a low privileged user, so any
command-exec is not privileged, except at startup when it runs as root
and loads the cached MIBs - these could then contain commands to change
the configuration of net-snmp to instead run as root and not drop
privileges. Then subsequent runs of net-snmp will run as root and so any
command-exec can be done as root. Fix is to both disable the EXTEND-MIB
extension by default and to not cache MIBs.
[USN-4469-1] Ghostscript vulnerabilities [04:47]
- 25 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- Fixes for various buffer overflows etc found via fuzzing with address
sanitizer enabled - crafted PDF files -> crash / RCE
[USN-4470-1] sane-backends vulnerabilities [05:17]
[USN-4472-1] PostgreSQL vulnerabilities [06:25]
- 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- 2 issues in the mishandling of the search path, allowing a remote
attacker to execute arbitrary SQL code - one when using logical
replication and the other with CREATE EXTENSION command.
Goings on in Ubuntu Security Community
Windows Defender and other AVs flagging jq as possibly malicious [06:54]
sudo apt install jq
xdg-open "https://www.virustotal.com/gui/file/$(sha256sum /usr/bin/jq | cut -f1 -d' ')"
Get in contact