Episode 5

Posted on Monday, Sep 24, 2018
This week we look at some details of the 43 unique CVEs addressed across the supported Ubuntu releases and talk about the recently announced Extended Security Maintenance support for Ubuntu 14.04 Trusty Tahr.

Show Notes

Overview

This week we look at some details of the 43 unique CVEs addressed across the supported Ubuntu releases and talk about the recently announced Extended Security Maintenance support for Ubuntu 14.04 Trusty Tahr.

This week in Ubuntu Security Updates

43 unique CVEs addressed across the various supported releases of Ubuntu (Bionic, Xenial, Trusty and Precise ESM)

[USN-3762-1, USN-3762-2] Linux kernel vulnerabilities

  • 2 CVEs addressed in Bionic and corresponding HWE kernel for Xenial
  • Both information disclosure vulnerabilities which could allow exposure of kernel addresses
    • Not directly an issue but could be used to defeat ASLR when combined with another vulnerability

[USN-3763-1] Linux kernel vulnerability

  • 1 CVEs addressed in Precise ESM
  • SegmentSmack (see episode 0)

[LSN-0043-1] Linux kernel vulnerability

  • Livepatch to fix multiple vulnerabilities fixed in previous kernel package updates

[USN-3764-1] Zsh vulnerabilities

  • 3 CVEs addressed in Trusty, Xenial, Bionic
  • 2 issues in shebang / hashbang handling
    • shebang lines longer than 64 bytes truncated - could execute wrong interpreter
    • mishandling of some particular formatted shebang lines which could execute interpreter from second line of file
  • Stack based buffer-overflow allowing code execution in the context of a different user

[USN-3747-2] OpenJDK 10 regression

[USN-3761-2, USN-3761-3] Firefox regressions

[USN-3765-1, USN-3765-2] curl vulnerability

  • 1 CVEs addressed in Trusty, Xenial, Bionic and Precise ESM
  • Similar to previous CVE-2017-8816 - integer overflow in calculations during NTLM authentication could allow heap buffer overflow and hence RCE
  • Uses the password length in this calculation (which is supplied by the attacker) so relatively easy to trigger

[USN-3722-5] ClamAV regression

[USN-3766-1, USN-3766-2] PHP vulnerabilities

  • 3 CVEs addressed in Trusty, Xenial, Bionic and Precise ESM
  • Integer overflows in JPEG and EXIF handlers leading to out-of-bounds reads and hence crash - DoS
  • php-fpm (FastCGI process manager) - alternative FastCGI implementation for PHP - could cause DoS since didn’t restart child processes correctly - then consume CPU and disk space (via logging) - only fixed in Bionic for now

[USN-3722-6] ClamAV vulnerabilities

[USN-3767-1, USN-3767-2] GLib vulnerabilities

[USN-3768-1] Ghostscript vulnerabilities

[USN-3769-1] Bind vulnerability

  • 1 CVEs addressed in Trusty, Xenial, Bionic
  • Trigger assertion failure from specific input from remote server to cause crash and hence DoS
    • In deny-answer-aliases feature which is not enabled by default so not so high impact

[USN-3770-1, USN-3770-2] Little CMS vulnerabilities

  • 2 CVEs addressed in Trusty, Xenial, Bionic and Precise ESM
  • 1 CVEs addressed in Precise ESM only
  • Multiple issues in handling of ICC colour profiles (integer overflow leading to stack and heap buffer overflows on reads an writes)
  • Little CMS often used in webapps which do image processing - in this case allows remote DoS or possibly remote code execution

Goings on in Ubuntu Security Community

Ubuntu 14.04 ESM Announced

Hiring

Ubuntu Security Manager

Ubuntu Security Engineer

Get in contact