Sveriges mest populära poddar

Ubuntu Security Podcast

Episode 9

12 min • 30 oktober 2018

Overview

This week we look at some details of the 61 unique CVEs addressed across the supported Ubuntu releases, with a particular focus on the recent Xorg vulnerability (CVE-2018-14665), plus Cosmic is now officially supported by the Security Team.

This week in Ubuntu Security Updates

61 unique CVEs addressed

[USN-3790-2] Requests vulnerability

  • 1 CVEs addressed in Cosmic
  • Cosmic is now officially released and so is officially supported by the Security Team
  • This is the same vulnerability which we covered in Episode 8 for Trusty, Xenial, Bionic now fixed for Cosmic

[USN-3795-2] libssh vulnerability

  • 1 CVEs addressed in Cosmic
  • This is the same vulnerability which we covered in Episode 8 for Trusty, Xenial, Bionic now fixed for Cosmic

[USN-3792-3] Net-SNMP vulnerability

  • 1 CVEs addressed in Cosmic
  • This is the same vulnerability which we covered in Episode 8 for Trusty, Xenial & Bionic now fixed for Cosmic

[USN-3796-3] Paramiko vulnerability

  • 1 CVEs addressed in Cosmic
  • This is the same vulnerability which we covered in Episode 8 for Trusty, Xenial & Bionic now fixed for Cosmic

[USN-3788-2] Tex Live-bin vulnerability

  • 1 CVEs addressed in Cosmic
  • This is the same vulnerability which we covered in Episode 7 for Trusty, Xenial & Bionic now fixed for Cosmic

[USN-3797-1, USN-3797-2] Linux kernel vulnerabilities

  • 4 CVEs addressed in Xenial and Trusty for the Xenial HWE kernel for Trusty
  • Includes:
    • UAF in Infiniband -> DoS via crash
    • Integer overflow in CDROM -> info disclosure of kernel memory
    • Integer overflow in bluetooth HID -> buffer overflow -> DoS / possible arbitrary code execution
    • Remotely triggerable infinite loop in labelled network handler (CIPSO)
      • CIPSO used by SELinux / SMACK not AppArmor so unlikely Ubuntu users affected

[USN-3798-1] Linux kernel vulnerabilities

  • 8 CVEs addressed in Trusty and Precise ESM (for the Trusty HWE kernel for Precise ESM)
  • Includes:
    • Local DoS / code exec via insertion of an already existing key into kernel keyring
    • UAF in XCeive driver, local DoS / code exec (crash)
    • Race condition in generic SCSI -> Local DoS (crash) / code exec
    • NULL ptr dereference in ocfs2 -> Local DoS (crash)
    • Race condition in ALSA handling of ioctls -> Local DoS via deadlock
    • Race condition in ALSA -> UAF / out of bounds read -> Local DoS (crash) / code exec
    • Buffer overflow in NFC LLCP impl -> remote DoS / code exec

[USN-3777-3] Linux kernel (Azure) vulnerabilities

[USN-3799-1] MySQL vulnerabilities

[USN-3800-1] audiofile vulnerabilities

[USN-3801-1] Firefox vulnerabilities

[USN-3802-1] X.Org X server vulnerability

  • 1 CVEs addressed in Xenial, Bionic, Cosmic
  • Incorrect permissions check for 2 command-line arguments (-modulepath and -logfile)
  • On some platforms (not Ubuntu) Xorg itself is setuid
  • Can then use these command-line options to overwrite arbitrary files etc -> privilege escalation to root via say overwrite of /etc/shadow
  • Generated a lot of press - BUT missed the distinction that Xorg is not really setuid on Ubuntu
  • We use Xorg.wrap as setuid to first run and drop permissions if using KMS driver
    • This is the case for the vast majority of drivers, and for almost all free drivers
    • So most Ubuntu users unaffected by this vulnerability
  • Special Friday release :)

Goings on in Ubuntu Security Community

Hiring

Ubuntu Security Engineer

Get in contact

Kategorier
Förekommer på
00:00 -00:00