Sveriges mest populära poddar

Ubuntu Security Podcast

Episode 88

11 min • 27 augusti 2020

Overview

This week we talk antivirus scanners and false positives in the Ubuntu archive, plus we look at security updates for QEMU, Bind, Net-SNMP, sane-backends and more.

This week in Ubuntu Security Updates

56 unique CVEs addressed

[USN-4467-1] QEMU vulnerabilities [00:52]

[USN-4466-2] curl vulnerability [01:58]

  • 1 CVEs addressed in Trusty ESM (14.04 ESM)
  • Episode 87 - connect_only option -> could connect to wrong destination -> info leak

[USN-4468-1, USN-4468-2] Bind vulnerabilities [02:16]

  • 5 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
  • Assertion failures when handling:
    • queries for zones signed by RSA signature
    • truncated response to a TSIG-signed request
    • queries when QNAME minimazation and forward first are enabled
    • specially crafted large TCP payload on most recent versions (focal only)

[USN-4471-1] Net-SNMP vulnerabilities [03:10]

  • 2 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
  • Would cache MIBs in a directory on the host - an attacker who has read-write access to the SNMP service could use the NET-SNMP-EXTEND-MIB extension to modify an existing MIB to add a command to be executed when the MIB attribute is read, and this would be cached for future. In general net-snmp server runs as a low privileged user, so any command-exec is not privileged, except at startup when it runs as root and loads the cached MIBs - these could then contain commands to change the configuration of net-snmp to instead run as root and not drop privileges. Then subsequent runs of net-snmp will run as root and so any command-exec can be done as root. Fix is to both disable the EXTEND-MIB extension by default and to not cache MIBs.

[USN-4469-1] Ghostscript vulnerabilities [04:47]

[USN-4470-1] sane-backends vulnerabilities [05:17]

[USN-4472-1] PostgreSQL vulnerabilities [06:25]

  • 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
  • 2 issues in the mishandling of the search path, allowing a remote attacker to execute arbitrary SQL code - one when using logical replication and the other with CREATE EXTENSION command.

Goings on in Ubuntu Security Community

Windows Defender and other AVs flagging jq as possibly malicious [06:54]

sudo apt install jq
xdg-open "https://www.virustotal.com/gui/file/$(sha256sum /usr/bin/jq | cut -f1 -d' ')"

Get in contact

Kategorier
Förekommer på
00:00 -00:00