Episode 16

Posted on Monday, Dec 17, 2018
Last episode for 2018! This week we look at CVEs in lxml, CUPS, pixman, FreeRDP & more, plus we discuss the security of home routers as evaluated by C-ITL.

Show Notes

Overview

Last episode for 2018! This week we look at CVEs in lxml, CUPS, pixman, FreeRDP & more, plus we discuss the security of home routers as evaluated by C-ITL.

This week in Ubuntu Security Updates

21 unique CVEs addressed

[USN-3841-1, USN-3841-2] lxml vulnerability

  • 1 CVEs addressed in Precise ESM, Trusty, Xenial, Bionic
  • Popular XML/HTML parser for Python
  • Tries to remove clean input document and remove links (to say embedded javascript code) - but doesn’t account for links containing escaped characters - so link could persist
  • Similar to CVE-2014-3146
    • In this case tried to account for whitespace in links but didn’t include all possible whitespace characters

[USN-3842-1] CUPS vulnerability

  • 1 CVEs addressed in Trusty, Xenial, Bionic, Cosmic
  • Session cookies used for authentication to CUPS web interface used only the current time in seconds as a seed for the relatively predictable PRNG
    • Easy to bruteforce / guess
    • Fix ensures to use current time value including microseconds
    • Still using relatively predictable PRNG - should use /dev/urandom etc

[USN-3837-2] poppler regression

  • 2 CVEs addressed in Trusty, Xenial, Bionic, Cosmic
  • Previous poppler update (Episode 15) - fix missed a previous commit and so regressed (crash on opening certain PDF files)

[USN-3843-1, USN-3843-2] pixman vulnerability

  • 1 CVEs addressed in Precise ESM, Trusty
  • Low level library for pixel manipulation (used by X, Wayland, Qemu etc)
  • Pointer overflow leading to stack-based buffer overflow in computing bounds of pixel buffers
    • Did include a check to see if was inside bounds, BUT didn’t account for possible overflow in arithmetic before the check
    • Need to check for possible overflow before doing arithmetic and comparison

[USN-3844-1] Firefox vulnerabilities

[USN-3845-1] FreeRDP vulnerabilities

Goings on in Linux Security Community

Linux on MIPS and home routers

  • Cyber-ITL (Independent Testing Lab) analysed a number of home routers for basic security hardening features

Final episode for 2018

  • This is the last episode for 2018, on leave for the next 3 weeks
  • Next episode will be from Cape Town in 2019 during week of 14th January with some special guests… :)

Get in contact