Overview
This week we farewell Joe McManus plus we look at security updates for
Firefox, Chrony, Squid, Django, the Linux kernel and more.
This week in Ubuntu Security Updates
59 unique CVEs addressed
[USN-4473-1] libmysofa vulnerabilities [01:01]
- 5 CVEs addressed in Bionic (18.04 LTS)
- OOB, NULL ptr deref, heap buffer overflow etc -> DoS
[USN-4474-1] Firefox vulnerabilities [01:30]
- 8 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- 80.0
- Attacker controlled website -> DoS, install malicious extension, spoof
URL bar, leak sensitive info across origins, RCE etc
- NSS side-channel attacks etc
- Race condition when importing a cert into the trust store (unspec impact)
[USN-4446-2] Squid regression [02:31]
- 4 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)
- Regression in recent squid update would cause issues if using icap or
ecap protocols to do content adaptation
[USN-4475-1] Chrony vulnerability [02:51]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- pid file is created as root before drops privileges and was susceptible
to a symlink attack -> could be used to overwrite arbitrary files on the
system
[USN-4476-1] NSS vulnerability [03:45]
- 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- OOB read for CHACHA20 decryption with undersized tag
[USN-4477-1] Squid vulnerabilities
- 3 CVEs addressed in Focal (20.04 LTS)
- HTTP request smuggling
[USN-4478-1] Python-RSA vulnerability [04:15]
- 1 CVEs addressed in Trusty ESM (14.04 ESM)
- Ignores leading NUL/zero byte in decryption of ciphertext - fixed to
check length matches block size
[USN-4479-1] Django vulnerabilities [04:40]
- 2 CVEs addressed in Focal (20.04 LTS)
- Incorrect handling of permissions on directories in caches - caused by a
behavioural change in python 3.7 - so only affects Python Django when
used with python 3.7 and hence say bionic (which uses python 3.6) is not
affected
[USN-4480-1] OpenStack Keystone vulnerabilities [05:25]
- 4 CVEs addressed in Bionic (18.04 LTS)
- Incorrect handling of EC2 permissions could allow an authenticated
attacker to create EC2 credentials with elevated permissions
- Incorrect handling of OAUTH1 roles could give an authenticated attacker
more role assignments than intended
- Incorrect handling of EC2 signature TTL checks could allow reuse of
authorisation headers
[USN-4471-2] Net-SNMP regression [05:51]
- 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS)
- Previous update (Episode 87) caused `nsExtendCacheTime` to be not
settable as MIB attribute - instead add cacheTime feature flag to set
this
[USN-4481-1] FreeRDP vulnerabilities [06:23]
- 10 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- Various memory corruption and handling issues -> OOB reads / writes, UAF
etc -> crash / RCE
[USN-4482-1] Ark vulnerability [06:54]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- Crafted TAR with symlinks outside of working directory -> overwrite or
creation of arbitrary files (zipslip but for tar - tarslip?)
[USN-4483-1] Linux kernel vulnerabilities [07:22]
- 13 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- 5.4 kernel - focal - raspi / aws / gcp / oracle / azure / gcp etc for
bionic
- Memory leak in USB audio and USB testing drivers, DAX mremap, Speculative
Store Bypass Disable (SSBD), Indirect Branch Predictor Barrier (IBPB) &
Indirect Branch Speculation mitigation bypasses, crafted XFS metadata
DoS, cgroupv2 reference count -> NULL ptr deref etc
[USN-4484-1] Linux kernel vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS)
- 5.3 gke/HWE kernel
- cgroupv2 issue
[USN-4485-1] Linux kernel vulnerabilities
- 14 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS)
- 4.15 (bionic / xenial hwe / trusty esm azure)
- Mostly same as above
[USN-4486-1] Linux kernel vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS)
- 4.4 (xenial / trusy esm hwe)
- XFS metadata DoS
Goings on in Ubuntu Security Community
Farewell Joe McManus [09:04]
- Thanks for being the best co-host a bloke could wish for
Get in contact