Episode 198

Posted on Friday, Jun 9, 2023
This week we investigate the mystery of failing GPG signatures for the 16.04 ISO images, plus we look at security updates for CUPS, Avahi, the Linux kernel, FRR, Go and more.

Show Notes

Overview

This week we investigate the mystery of failing GPG signatures for the 16.04 ISO images, plus we look at security updates for CUPS, Avahi, the Linux kernel, FRR, Go and more.

This week in Ubuntu Security Updates

58 unique CVEs addressed

[USN-6128-1, USN-6128-2] CUPS vulnerability (00:56)

  • 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)
  • Heap buffer overflow when printing debug messages - apparently requires cupsd.conf to have LogLevel as debug which is not usually the case

[USN-6129-1] Avahi vulnerability (01:39)

  • 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)
  • DoS -> if called with an unknown service name, would result in a NULL pointer dereference and crash - found via dfuzzer - a fuzzer for D-Bus services

[USN-6130-1] Linux kernel vulnerabilities (02:23)

[USN-6127-1] Linux kernel vulnerabilities (04:41)

  • 5 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
  • 5.15
    • 22.10 GA (virtual, raspi, generic, aws, lowlatency, ibm, azure, gcp, oracle, kvm, aws)
    • 22.04 HWE (ditto)
    • 20.04 HWE (ditto + OEMs)
  • Same as above plus a race condition in shiftfs -> kernel deadlock -> DoS

[USN-6135-1] Linux kernel (Azure CVM) vulnerabilities (05:06)

[USN-6131-1] Linux kernel vulnerabilities (05:18)

[USN-6132-1] Linux kernel vulnerabilities (05:30)

[USN-6133-1] Linux kernel (Intel IoTG) vulnerabilities (05:42)

[USN-6134-1] Linux kernel (Intel IoTG) vulnerabilities

[USN-6112-2] Perl vulnerability (05:54)

[USN-6136-1] FRR vulnerabilities (06:19)

  • 2 CVEs addressed in Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)
  • Implements BGP, OSPF, RIP, IS-IS, PIM and more - successor to Quagga
  • Two issues in BGP handling - both OOB reads due to failing to use the right lengths when reading packet structures, implemented in C

[USN-6137-1] LibRaw vulnerabilities (06:43)

  • 2 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)
  • Heap buffer overflow and stack buffer overflow (mitigated by stack protector etc)

[USN-6138-1] libssh vulnerabilities (07:01)

  • 2 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)
  • NULL ptr deref during re-keying - already authenticated user could trigger a DoS
  • Possible for a client to avoid having its signature fully verified IF during the verification process there is insufficient memory - fails, leaves in error state that then falls though to an OK state

[USN-6139-1] Python vulnerability (07:37)

[USN-6140-1] Go vulnerabilities (07:57)

[USN-6141-1] xfce4-settings vulnerability (08:31)

  • 1 CVEs addressed in Jammy (22.04 LTS), Kinetic (22.10)
  • MIME helper failed to properly parse input - is called via xdg-open - so could call xdg-open with crafted input that would then get passed through to whatever application (like say the browser / file manager etc) and hence could run these other applications with arbitrary arguments - e.g. could embed a link in a PDF and when the user clicks this can then get say the browser to be launched with arbitrary arguments
  • e.g. could set the --remote-allow-origins flag to specify an attacker controlled domain which is then allowed to connect to the local debugging port and hence execute arbitrary JS on any other domain - steal creds etc

[USN-6142-1] nghttp2 vulnerability (10:16)

  • 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS)
  • C library for HTTP/2
  • Overly large SETTINGS frames would cause a CPU-based DoS - mitigated by setting a max limit for these frame types and rejecting if too large

[USN-6143-1] Firefox vulnerabilities (10:50)

[USN-6144-1] LibreOffice vulnerabilities (10:59)

  • 2 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
  • Array index underflow in handling of crafted formulas in Calc - memory corruption -> RCE
  • Failed to prompt user before loading a document into an IFrame - document can then contain other elements like JS etc that get executed

[USN-6028-2] libxml2 vulnerabilities (11:35)

Goings on in Ubuntu Security Community

Recent report of invalid GPG signatures on 16.04 ISOs (12:04)

  • https://discourse.ubuntu.com/t/is-ubuntu-vulnerable-to-fake-keys/21997/4
  • User reported that the SHA256SUMS file for 16.04 ISOs on old-releases.ubuntu.com failed to validate
  • Sounds scary - has the server been hacked and the ISOs (and hence SHA256SUMS file) been tampered with?
  • We don’t sign the ISOs directly - instead (like apt) we take a hash of the ISO file and then sign the file containing that list of hashes - for performance
  • So in this case, it would appear that the SHA256SUMS file has been modified and so does not validate properly
  • One other thing to note, this report was made in a follow-up comment to an older thread where someone mentioned that they are able to upload arbitrary keys to the ubuntu keyserver that mimic the archive / CD image signing keys etc - this is the nature of key servers - anyone can upload any key with any arbitrary identifiers - but since keys are generated from randomness, it is theoretically impossible to generate a key with the same underlying cryptographic fingerprint (even if it has the same name / email address associated with it)
  • Always important to make sure you use the right keys - as identified by their fingerprint - these are listed on the wiki https://wiki.ubuntu.com/SecurityTeam/FAQ#GPG_Keys_used_by_Ubuntu
  • These keys are also contained on all Ubuntu installs within the /usr/share/keyrings/ubuntu-archive-keyring.gpg file from the ubuntu-keyring package
  • Able to easily verify this behaviour locally:
wget -q https://old-releases.ubuntu.com/releases/xenial/SHA256SUMS{,.gpg}
gpg --verify --no-default-keyring --keyring=/usr/share/keyrings/ubuntu-archive-keyring.gpg --verbose SHA256SUMS.gpg SHA256SUMS
gpg: Signature made Fri 01 Mar 2019 02:56:07 ACDT
gpg:                using DSA key 46181433FBB75451
gpg: Can't check signature: No public key
gpg: Signature made Fri 01 Mar 2019 02:56:07 ACDT
gpg:                using RSA key D94AA3F0EFE21092
gpg: using pgp trust model
gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>" [unknown]
gpg: binary signature, digest algorithm SHA512, key algorithm rsa4096
  • So far so scary - it really does look like the SHA256SUMS file was modified
  • But if we look closer, we can see GPG says the signature was made on 28th February 2019 - this corresponds with the 16.04.6 point release - yet the most recent point release was 16.04.7 from 13th August 2020 for BootHole (Alex and Joe take an in-depth and behind-the-scenes look at BootHole / GRUB from Episode 84) - so it appears that perhaps the various signature files were not regenerated when the 16.04.7 point release was made (yet the various SUMS files were)
  • Marc went asking around, vorlon from Foundations confirmed this was the case
  • Simply had to run the script to resign this and push it to the server - now all is good as can be seen below
gpg: Signature made Fri 09 Jun 2023 00:38:30 ACST
gpg:                using RSA key 843938DF228D22F7B3742BC0D94AA3F0EFE21092
gpg: using pgp trust model
gpg: Good signature from "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8439 38DF 228D 22F7 B374  2BC0 D94A A3F0 EFE2 1092
gpg: binary signature, digest algorithm SHA512, key algorithm rsa4096
  • Thanks to the anonymous user in the Ubuntu Discourse for bringing this to our attention

Get in contact