Sveriges mest populära poddar

Ubuntu Security Podcast

Episode 90

11 min • 11 september 2020

Overview

This week we look at security updates for the X server, the Linux kernel and GnuTLS plus we preview the upcoming AppArmor3 release that is slated for Ubuntu 20.10 (Groovy Gorilla).

This week in Ubuntu Security Updates

20 unique CVEs addressed

[USN-4487-1, USN-4487-2] libx11 vulnerabilities [00:58]

  • 2 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
  • 2 privilege escalation attacks
    • integer overflow -> double free -> memory corruption
    • integer overflow -> heap buffer overflow
    • privilege escalation may be possible since in both cases could cause arbitrary code exec with a binary that is using libX11 and running with root privileges (setuid / sudo etc) - this is why we often advise don’t run graphical applications via sudo etc

[USN-4488-1, USN-4490-1] X.Org X Server vulnerabilities [02:29]

[USN-4449-2] Apport vulnerabilities [03:28]

[USN-4474-2] Firefox regressions [03:38]

[USN-4489-1] Linux kernel vulnerability [04:09]

  • 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
  • AF_PACKET (layer 2) socket did not perform bounds checks in some places - requires CAP_NET_RAW or root - BUT can be root in a user namespace and these are enabled by default in Ubuntu and other Linux distros -> can disable by sysctl `kernel.unprivileged_userns_clone=0`

[USN-4491-1] GnuTLS vulnerability [06:01]

  • 1 CVEs addressed in Focal (20.04 LTS)
  • Malicious server can trigger a NULL ptr deref in client during TLS 1.3 negotiation - DoS

Goings on in Ubuntu Security Community

AppArmor3 slated for Ubuntu 20.10 [06:32]

  • Beta version of AppArmor3 is being prepared for Ubuntu 20.10 Groovy Gorilla - should land in -proposed next week and then main soon after
  • Provides ABI feature pinning - so upgrading to kernels with newer additional features will not break existing profiles
  • Rewrites of a number of tools into different languages to make their use and packaging easier
  • Support for new kernel features such as v8 ABI network socket rules, xattr attachment conditionals, PERFMON and BPF capabilities
  • Improved compilar warnings and semantic checks
  • Improved support for kernels that support LSM stacking
  • Profile modes - enforce (default), kill and unconfined

Get in contact

Kategorier
Förekommer på
00:00 -00:00