This week we cover Mark Esler’s keynote address from UbuCon Asia 2022 on Improving FOSS Security, plus we look at security vulnerabilities and updates for snapd, the Linux kernel, ca-certificates and more.
42 unique CVEs addressed
/tmp
so that its disk
usage etc gets accounted for as part of the normal /tmp
/tmp
is world writable so it is trivial for a user to create the expected
per-snap directory and place their own contents inside that such that they can
have this be executed by snap-confine
during the process of creating this
private /tmp
namespace for the snap - and hence get privilege escalation to root as snap-confine
is suidrename()
systemd-tmpfiles
to create a /tmp/snap-private-tmp/
directory on boot with the appropriate restrictive permissionssnap-confine
can create the per-snap private /tmp
within this without
fear of being interfered with by unprivileged usersio_uring
-> UAF (from Pwn2Own 2022)
ca-certificates
to
mark something as distrusted after a particular date - so instead we have
removed it entirely so all things signed by TrustCor would now not be trusted#ubuntu-security
for discussing this with the team