Overview
This week we cover security updates for NTP, Brotli, Spice, the Linux
kernel (including BleedingTooth) and a FreeType vulnerability which is
being exploited in-the-wild, plus we talk about the NSAs report into the
most exploited vulnerabilities as well as the release of Ubuntu 20.10
Groovy Gorilla.
This week in Ubuntu Security Updates
74 unique CVEs addressed
[USN-4559-1] Samba update [01:04]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- Follow up to USN-4510-1 for “ZeroLogon” - that updated changed default to
enable secure channel - this one adds support for specifying per-machine
insecure netlogon usage plus additional hardening to check for possible
attacks from the client-specified challenge if have manually enabled
insecure channel in configuration
[USN-4563-1] NTP vulnerability [01:48]
- 2 CVEs addressed in Bionic (18.04 LTS)
- Fix for previous CVE-2018-7182 introduced a possible NULL ptr deref that
could be triggered by a malicious client -> DoS
[USN-4568-1] Brotli vulnerability [02:12]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- Compression library / tool from Google designed for text compression,
especially for web fonts etc
- Buffer overflow due to an integer overflow when using the one-shot
decompression option on attacker controlled data
[USN-4570-1] urllib3 vulnerability [03:00]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- Possible CRLF injection if an attacker can control the request method
used in a call to urllib3 - can specify additional parameters such as
Host and Remainder after an injected CRLF to cause the request to
misbehave
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- Protocol for doing remote VM access - multiple buffer overflows in
decoding of QUIC image compression algorithm - and this affected both the
client and server side - DoS, RCE etc
[USN-4576-1] Linux kernel vulnerabilities [04:36]
- 6 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-4577-1] Linux kernel vulnerabilities
- 2 CVEs addressed in Bionic (18.04 LTS)
[USN-4578-1] Linux kernel vulnerabilities
- 7 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS)
[USN-4579-1] Linux kernel vulnerabilities
- 4 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS)
[USN-4580-1] Linux kernel vulnerability
-
1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM)
-
DCCP protocol mishandled reuse of sockets, leading to a UAF - since can
be done by a local user could lead to root code execution, priv esc etc -
was reported to Canonical and we worked with upstream kernel devs on
resolving this etc
[LSN-0072-1] Linux kernel vulnerability
- 7 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- DCCP UAF
- AF_PACKET buffer overflow (Episode 90)
- Livepatched in the following kernels:
- Ubuntu 18.04 LTS
- aws - 72.1
- generic - 72.1
- lowlatency - 72.1
- oem - 72.1
- Ubuntu 20.04 LTS
- aws - 72.1
- aws - 72.2
- azure - 72.1
- azure - 72.2
- gcp - 72.1
- gcp - 72.2
- generic - 72.1
- generic - 72.2
- lowlatency - 72.1
- lowlatency - 72.2
- Ubuntu 16.04 LTS
- aws - 72.1
- generic - 72.1
- lowlatency - 72.1
- Ubuntu 14.04 ESM
- generic - 72.1
- lowlatency - 72.1
[USN-4591-1] Linux kernel vulnerabilities [06:20]
- 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-4592-1] Linux kernel vulnerabilities
- 3 CVEs addressed in Bionic (18.04 LTS)
- BleedingTooth vulnerability
- Announced by Intel, discovered by a security researcher at Google - not
much heads up to distros, kernel team worked quickly to respin affected
kernels (>= 4.8) over the weekend
- Originally was mention on twitter that Google were going to publish a
blog post with more details but this got held back to give time for
distros etc to patch
[USN-4593-1] FreeType vulnerability [07:30]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- Integer overflow -> heap buffer overflow
- Reported by Google to Freetype upstream with the comment that it was
being exploited in the wild
- The patch simply moves a check that was added originally to fix another
CVE a few lines higher since it still provided the chance of an integer
overflow -> heap buffer overflow
- Update released for Ubuntu within 16h of the original report to the
upstream FreeType developers
[USN-4558-1] libapreq2 vulnerabilities
- 1 CVEs addressed in Bionic (18.04 LTS)
[USN-4557-1] Tomcat vulnerabilities
- 7 CVEs addressed in Xenial (16.04 LTS)
[USN-4560-1] Gon gem vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS)
[USN-4561-1] Rack vulnerabilities
- 2 CVEs addressed in Bionic (18.04 LTS)
[USN-4562-1] kramdown vulnerability
- 1 CVEs addressed in Focal (20.04 LTS)
[USN-4569-1] Yaws vulnerabilities
- 2 CVEs addressed in Bionic (18.04 LTS)
[USN-4571-1] rack-cors vulnerability
- 1 CVEs addressed in Xenial (16.04 LTS)
[USN-4564-1] Apache Tika vulnerabilities
- 2 CVEs addressed in Xenial (16.04 LTS)
[USN-4565-1] OpenConnect vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS)
[USN-4566-1] Cyrus IMAP Server vulnerabilities
- 2 CVEs addressed in Bionic (18.04 LTS)
[USN-4567-1] OpenDMARC vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS)
[USN-4573-1] Vino vulnerabilities
- 7 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-4574-1] libseccomp-golang vulnerability
- 1 CVEs addressed in Xenial (16.04 LTS)
[USN-4575-1] dom4j vulnerability
- 1 CVEs addressed in Xenial (16.04 LTS)
[USN-4581-1] Python vulnerability
- 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS)
[USN-4582-1] Vim vulnerabilities
- 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)
[USN-4583-1] PHP vulnerabilities
- 2 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-4589-1] containerd vulnerability
- 1 CVEs addressed in Xenial (16.04 LTS)
[USN-4589-2] Docker vulnerability
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-4585-1] Newsbeuter vulnerabilities
- 2 CVEs addressed in Xenial (16.04 LTS)
[USN-4584-1] HtmlUnit vulnerability
- 1 CVEs addressed in Xenial (16.04 LTS)
[USN-4546-2] Firefox regressions
- Affecting Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-4590-1] Collabtive vulnerability
- 1 CVEs addressed in Xenial (16.04 LTS)
[USN-4586-1] PHP ImageMagick vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS)
[USN-4594-1] Quassel vulnerabilities
- 2 CVEs addressed in Bionic (18.04 LTS)
[USN-4595-1] Grunt vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS)
Goings on in Ubuntu Security Community
NSA Report on 25 most exploited CVEs by Chinese State-Sponsored Actors [09:51]
Ubuntu 20.10 Groovy Gorilla Release [13:50]
Get in contact