Overview
This week we look at security updates for GUPnP, OpenJPEG, bsdiff and more.
This week in Ubuntu Security Updates
24 unique CVEs addressed
[USN-4488-2] X.Org X Server vulnerabilities [00:31]
- 5 CVEs addressed in Trusty ESM (14.04 ESM)
- Episode 90
[LSN-0071-1] Linux kernel vulnerability [00:50]
- 1 CVEs addressed in Bionic (18.04 LTS)
- Episode 90 (AF_PACKET OOB write - crash / code exec)
- Also affects Focal (20.04 LTS) but livepatch is still being prepared
[USN-4494-1] GUPnP vulnerability [01:29]
- 1 CVEs addressed in Focal (20.04 LTS)
- GNOME UPnP impl, used by Rygel for media sharing on GNOME (standard
Ubuntu) desktop and many other applications
- Callstranger Vulnerability - vuln in UPnP protocol - callback header in
UPnP SUBSCRIBE can contain arbitrary delivery URL - so this could be on a
different network segment than the event subscription URL - so you can
SUBSCRIBE to events and supply one or more URLs for delivery of the
messages. Can then make this point anywhere and so can get the device to
send HTTP traffic to any arbitrary destination - and so can be used for
data exfil or DDoS attacks etc. Fixed to check the destination host is
either a link-local address or the address mask matches - either way,
check is on the same network segment.
[USN-4495-1] Apache Log4j vulnerability [03:21]
- 1 CVEs addressed in Bionic (18.04 LTS)
- Failed to properly deserialise data - so if is listening to untrusted log
data from the network could be exploited to run arbitrary code
[USN-4496-1] Apache XML-RPC vulnerability [03:42]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)
- Similarly failed to properly deserialize data - a malicious XML-RPC
server could cause code execution on the client as a result
[USN-4497-1] OpenJPEG vulnerabilities [03:58]
- 7 CVEs addressed in Xenial (16.04 LTS)
- Usual mix of memory safety issues in image handling libraries written in
C - DoS, RCE etc via crafted image data
[USN-4499-1] MilkyTracker vulnerabilities [04:27]
- 3 CVEs addressed in Xenial (16.04 LTS)
- Failed to properly validate files - 2 different heap and 1 stack based
buffer overflows - RCE if loading untrusted files
[USN-4498-1] Loofah vulnerability [04:52]
- 1 CVEs addressed in Xenial (16.04 LTS)
- ruby module for manipulation and transformation of HTML/XML etc
- Possible XSS - failed to sanitize JS when handling crafted SVG
[USN-4500-1] bsdiff vulnerabilities [05:16]
- 1 CVEs addressed in Xenial (16.04 LTS)
- (Oldest CVE of the week!)
- Failed to properly validate input patch file -> integer overflow -> heap
based buffer overflow -> code exec / DoS
[USN-4501-1] LuaJIT vulnerability [05:40]
- 1 CVEs addressed in Xenial (16.04 LTS)
- OOB read -> crash / info leak
[USN-4502-1] websocket-extensions vulnerability [05:49]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- ruby websockets extension - used regex with backtracking to properly
parse headers, could be sent crafted input which is very computationally
intensive to parse as a result -> CPU based DoS
[USN-4503-1] Perl DBI module vulnerability [06:21]
- 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS)
- Perl DB interface - underlying code would potentially allocate the stack
and hence result in invalid pointers to object that were previously on
the stack - could be manipulated by a remote user to result in memory
corruption etc -> crash
Get in contact