Episode 223

Posted on Friday, Mar 22, 2024
This week we bring you a sneak peak of how Ubuntu 23.10 fared at Pwn2Own Vancouver 2024, plus news of malicious themes in the KDE Store and we cover security updates for the Linux kernel, X.Org X Server, TeX Live, Expat, Bash and more.

Show Notes

Overview

This week we bring you a sneak peak of how Ubuntu 23.10 fared at Pwn2Own Vancouver 2024, plus news of malicious themes in the KDE Store and we cover security updates for the Linux kernel, X.Org X Server, TeX Live, Expat, Bash and more.

This week in Ubuntu Security Updates

61 unique CVEs addressed

[USN-6681-3] Linux kernel vulnerabilities (00:54)

[USN-6686-2] Linux kernel vulnerabilities (01:42)

[USN-6699-1] Linux kernel vulnerabilities (01:52)

[USN-6700-1] Linux kernel vulnerabilities (02:40)

[USN-6701-1] Linux kernel vulnerabilities

[USN-6680-3] Linux kernel (AWS) vulnerabilities

[USN-6681-4] Linux kernel (AWS) vulnerabilities

[USN-6686-3] Linux kernel (Oracle) vulnerabilities

[USN-6702-1] Linux kernel vulnerabilities

[USN-6587-5] X.Org X Server vulnerabilities (03:34)

[USN-6673-2] python-cryptography vulnerability (04:21)

[USN-6695-1] TeX Live vulnerabilities (04:28)

  • 3 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10)
  • Heap buffer overflow via a crafted TTF file
  • LuaTeX specific issue - allowed a document to make arbitrary network requests since it didn’t disable access to the underlying lua socket library
  • Misused sprint() resulting in a buffer overflow in the axohelp - helper program for the LaTeX axodraw2 package when used with pdflatex

[USN-6694-1] Expat vulnerabilities (05:24)

  • 2 CVEs addressed in Jammy (22.04 LTS), Mantic (23.10)
  • C library for parsing xml
    • used by many other applications like gdb, dbus, audacity, git, python, polkit, squid and more
  • CPU/memory-based DoS since would do many full reparsings of a document in some cases
  • XML Entity Expansion attack
    • billion laughs attack / XML bomb - 10 entities which each comprise 10 of the previous entity with the document containing a single instance of the largest entity - 1 billion copies of the original entity

[USN-6696-1] OpenJDK 8 vulnerabilities (06:40)

[USN-6697-1] Bash vulnerability (07:01)

  • 1 CVEs addressed in Jammy (22.04 LTS)
  • Heap buffer overflow on a valid parameter transformation - can then unexpectedly lead to possible code execution

[USN-6698-1] Vim vulnerability (07:30)

  • 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10)
  • stack buffer overflow when parsing a crafted command file - ie. the user has to load a crafted file to be sourced by vim

[USN-6703-1] Firefox vulnerabilities (07:48)

Goings on in Ubuntu Security Community

Summary of Pwn2Own Vancouver 2024 results against Ubuntu 23.10 (08:05)

Reports of malicious themes in KDE Store (10:27)

Get in contact