Episode 127
Posted on Friday, Aug 20, 2021
This week we look at security updates for Firefox, PostgreSQL, MariaDB,
HAProxy, the Linux kernel and more, plus we cover some current openings on
the team - come join us ☺
Show Notes
Overview
This week we look at security updates for Firefox, PostgreSQL, MariaDB, HAProxy, the Linux kernel and more, plus we cover some current openings on the team - come join us ☺
This week in Ubuntu Security Updates
35 unique CVEs addressed
[USN-5037-1] Firefox vulnerabilities [00:39]
- 10 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
- 91.0
- Better support for clearing cookies to stop possible hidden data leaks as part of the Total Cookie Protection
- Private browsing to use attempt HTTPS by default than fallback to HTTP
- Various security fixes:
- race condition on DNS resolution specific to Linux -> memory corruption -> crash / RCE
- also specific to Linux - subsequent permissions dialogs would accept input in the location of the original one - so could possibly trick a user into accepting a permission without their direct knowledge
- various other memory corruption issues in JIT etc
[USN-3809-2] OpenSSH regression [02:54]
- 2 CVEs addressed in Bionic (18.04 LTS)
- Episode 11 - possible user enumeration since as a result of patching CVE-2018-15473 the behaviour when trying to log in changed depending on whether the specific user account existed or not - due to a mistake made when backporting the upstream patch
[USN-5038-1] PostgreSQL vulnerabilities [03:38]
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
- 2 possible remote crasher bugs - one through just sending a crafted TLS ClientHello message -> NULL ptr deref -> crash, the other via the planner which is used to try and optimise SQL queries - possible OOB read
[USN-5022-2] MariaDB vulnerabilities [04:19]
- 2 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04)
- Episode 124 in MySQL - only 2 of these also were relevant to MariaDB
- Like MySQL, update to latest point release in each series - 10.5.12 for hirsute, 10.3.31 for focal - includes both bug and security fixes
[USN-5042-1] HAProxy vulnerabilities [05:07]
- Affecting Focal (20.04 LTS), Hirsute (21.04)
- HTTP/2 handling issues in HAProxy
- Researchers investigated HTTP/2 handling in various gateway / proxies and found multiple issues - HTTP/2 desync attacks - allow to possibly hijack clients, poison caches, and steal credentials
- Initially HAProxy upstream thought they were safe but then found after
more analysis they were vulnerable to a few of the possible issues
- Can be mitigated by disabling HTTP/2 or just install these updates :)
[USN-5043-1] Exiv2 vulnerabilities [06:04]
- 11 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
- Slew of issues discovered by Kevin Backhouse from Github security team
- C++ - so usual mix of issues - OOB read, NULL ptr deref, floating point exception (div/0), infinte loop, assertion failure - all DoS
[USN-5039-1] Linux kernel vulnerability [06:49]
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
- netfilter setsockopt()
[LSN-0080-1] Linux kernel vulnerability [07:08]
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5044-1] Linux kernel vulnerabilities [07:39]
- 3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
- 4.15 bionic + ESM HWE
- 2 bluetooth UAF and 1 NFC NULL ptr deref
[USN-5045-1] Linux kernel vulnerabilities [08:06]
- 4 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- 5.4 focal + bionic hwe
- same as above plus CAN BCM uninitialised memory - info leak to local attacker
[USN-5046-1] Linux kernel vulnerabilities [08:31]
- 6 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04)
- 5.11 hirsute + focal hwe
- bluetooth UAF, NFC NULL ptr deref, access control issue in bluetooth - could allow a local attacker in range to expose info, xen PV issue - attacker in guest could DoS/RCE on host