Overview
This week we look at some details of the 61 unique CVEs addressed across the supported Ubuntu releases, with a particular focus on the recent Xorg vulnerability (CVE-2018-14665), plus Cosmic is now officially supported by the Security Team.
This week in Ubuntu Security Updates
61 unique CVEs addressed
[USN-3790-2] Requests vulnerability
- 1 CVEs addressed in Cosmic
- Cosmic is now officially released and so is officially supported by the Security Team
- This is the same vulnerability which we covered in Episode 8 for Trusty, Xenial, Bionic now fixed for Cosmic
[USN-3795-2] libssh vulnerability
- 1 CVEs addressed in Cosmic
- This is the same vulnerability which we covered in Episode 8 for Trusty, Xenial, Bionic now fixed for Cosmic
[USN-3792-3] Net-SNMP vulnerability
- 1 CVEs addressed in Cosmic
- This is the same vulnerability which we covered in Episode 8 for Trusty, Xenial & Bionic now fixed for Cosmic
[USN-3796-3] Paramiko vulnerability
- 1 CVEs addressed in Cosmic
- This is the same vulnerability which we covered in Episode 8 for Trusty, Xenial & Bionic now fixed for Cosmic
[USN-3788-2] Tex Live-bin vulnerability
- 1 CVEs addressed in Cosmic
- This is the same vulnerability which we covered in Episode 7 for Trusty, Xenial & Bionic now fixed for Cosmic
[USN-3797-1, USN-3797-2] Linux kernel vulnerabilities
- 4 CVEs addressed in Xenial and Trusty for the Xenial HWE kernel for Trusty
- Includes:
- UAF in Infiniband -> DoS via crash
- Integer overflow in CDROM -> info disclosure of kernel memory
- Integer overflow in bluetooth HID -> buffer overflow -> DoS / possible arbitrary code execution
- Remotely triggerable infinite loop in labelled network handler (CIPSO)
- CIPSO used by SELinux / SMACK not AppArmor so unlikely Ubuntu users affected
[USN-3798-1] Linux kernel vulnerabilities
- 8 CVEs addressed in Trusty and Precise ESM (for the Trusty HWE kernel for Precise ESM)
- Includes:
- Local DoS / code exec via insertion of an already existing key into kernel keyring
- UAF in XCeive driver, local DoS / code exec (crash)
- Race condition in generic SCSI -> Local DoS (crash) / code exec
- NULL ptr dereference in ocfs2 -> Local DoS (crash)
- Race condition in ALSA handling of ioctls -> Local DoS via deadlock
- Race condition in ALSA -> UAF / out of bounds read -> Local DoS (crash) / code exec
- Buffer overflow in NFC LLCP impl -> remote DoS / code exec
[USN-3777-3] Linux kernel (Azure) vulnerabilities
- 8 CVEs addressed in Xenial, Bionic
- Corresponding fixes for Azure Cloud specific kernel as covered in Episode 7
for standard Bionic kernel
[USN-3799-1] MySQL vulnerabilities
- 21 CVEs addressed in Trusty, Xenial, Bionic, Cosmic
- New upstream versions of MySQL for all supported releases to fix multiple
vulnerabilities, add features and possible incompatible changes
- Trusty: 5.5.62
- Xenial, Bionic & Cosmic: 5.7.24
[USN-3800-1] audiofile vulnerabilities
- 2 CVEs addressed in Trusty
- DoS (crash) and possible code execution via specially crafted audio files
[USN-3801-1] Firefox vulnerabilities
- 12 CVEs addressed in Trusty, Xenial, Bionic, Cosmic
- Firefox 63
- Includes fixes for a range of issues, most severe is possible RCE
- Also fixes for WebExtensions in Firefox - to exploit need to install a
malicious extension - then could privilege escalation or local code execution
[USN-3802-1] X.Org X server vulnerability
- 1 CVEs addressed in Xenial, Bionic, Cosmic
- Incorrect permissions check for 2 command-line arguments (-modulepath and -logfile)
- On some platforms (not Ubuntu) Xorg itself is setuid
- Can then use these command-line options to overwrite arbitrary files etc -> privilege escalation to root via say overwrite of /etc/shadow
- Generated a lot of press - BUT missed the distinction that Xorg is not really setuid on Ubuntu
- We use Xorg.wrap as setuid to first run and drop permissions if using KMS driver
- This is the case for the vast majority of drivers, and for almost all free drivers
- So most Ubuntu users unaffected by this vulnerability
- Special Friday release :)
Goings on in Ubuntu Security Community
Hiring
Ubuntu Security Engineer
Get in contact