Show Notes
Overview
This week we look at some details of the 43 unique CVEs addressed across the
supported Ubuntu releases and talk about the recently announced Extended
Security Maintenance support for Ubuntu 14.04 Trusty Tahr.
This week in Ubuntu Security Updates
43 unique CVEs addressed across the various supported releases of Ubuntu
(Bionic, Xenial, Trusty and Precise ESM)
[USN-3762-1, USN-3762-2] Linux kernel vulnerabilities
- 2 CVEs addressed in Bionic and corresponding HWE kernel for Xenial
- Both information disclosure vulnerabilities which could allow exposure of kernel addresses
- Not directly an issue but could be used to defeat ASLR when combined with another vulnerability
[USN-3763-1] Linux kernel vulnerability
- 1 CVEs addressed in Precise ESM
- SegmentSmack (see episode 0)
[LSN-0043-1] Linux kernel vulnerability
- Livepatch to fix multiple vulnerabilities fixed in previous kernel package updates
[USN-3764-1] Zsh vulnerabilities
- 3 CVEs addressed in Trusty, Xenial, Bionic
- 2 issues in shebang / hashbang handling
- shebang lines longer than 64 bytes truncated - could execute wrong interpreter
- mishandling of some particular formatted shebang lines which could execute
interpreter from second line of file
- Stack based buffer-overflow allowing code execution in the context of a different user
[USN-3747-2] OpenJDK 10 regression
- 4 CVEs addressed in Bionic
[USN-3761-2, USN-3761-3] Firefox regressions
- 5 CVEs addressed in Trusty, Xenial, Bionic
- Previous update to latest firefox resulted in issues due to language packs
missing (and hence missing spellcheck dictionaries) and use of wrong search
provider
- 1 CVEs addressed in Trusty, Xenial, Bionic and Precise ESM
- Similar to previous CVE-2017-8816 - integer overflow in calculations during
NTLM authentication could allow heap buffer overflow and hence RCE
- Uses the password length in this calculation (which is supplied by the attacker) so relatively easy to trigger
- 2 CVEs addressed in Trusty, Xenial, Bionic
[USN-3766-1, USN-3766-2] PHP vulnerabilities
- 3 CVEs addressed in Trusty, Xenial, Bionic and Precise ESM
- Integer overflows in JPEG and EXIF handlers leading to out-of-bounds reads and hence crash - DoS
- php-fpm (FastCGI process manager) - alternative FastCGI implementation for
PHP - could cause DoS since didn’t restart child processes correctly - then
consume CPU and disk space (via logging) - only fixed in Bionic for now
[USN-3722-6] ClamAV vulnerabilities
- 2 CVEs addressed in Precise ESM
- 2 CVEs addressed in Trusty, Xenial, Bionic and Precise ESM
- Issues with markup parsing
[USN-3768-1] Ghostscript vulnerabilities
- 16 CVEs addressed in Trusty, Xenial, Bionic
- Ghostscript is used to process Postscript (and other formats) - PS is Turing
Complete so in general is unsafe
- Hence Ghostscript includes a sandbox (-dSAFER) to try and prevent issues with
handling of untrusted files
- Tavis Ormandy previously found a number of issues in the SAFER sandbox which
allowed escape from it and execution of commands (ie. CVE-2016-7977 etc.)
- Recently discovered more - including ability to execute arbitrary code.
[USN-3769-1] Bind vulnerability
- 1 CVEs addressed in Trusty, Xenial, Bionic
- Trigger assertion failure from specific input from remote server to cause crash and hence DoS
- In deny-answer-aliases feature which is not enabled by default so not so high impact
[USN-3770-1, USN-3770-2] Little CMS vulnerabilities
- 2 CVEs addressed in Trusty, Xenial, Bionic and Precise ESM
- 1 CVEs addressed in Precise ESM only
- Multiple issues in handling of ICC colour profiles (integer overflow leading
to stack and heap buffer overflows on reads an writes)
- Little CMS often used in webapps which do image processing - in this case
allows remote DoS or possibly remote code execution
Ubuntu 14.04 ESM Announced
Hiring
Ubuntu Security Manager
Ubuntu Security Engineer