Alex and Joe discuss the big news of this week - the release of Ubuntu
19.10 Eoan Ermine - plus we look at updates for the Linux kernel, libxslt,
UW IMAP and more.
Show Notes
Overview
Alex and Joe discuss the big news of this week - the release of Ubuntu
19.10 Eoan Ermine - plus we look at updates for the Linux kernel, libxslt,
UW IMAP and more.
University of Washington IMAP toolkit (used by PHP for it’s IMAP implementation)
Used rsh to implement various operations - wouldn’t try and sanitize the
provided hostname - so if attacker could provide a hostname/mailbox to
php’s IMAP without any validation could execute arbitrary commands on the
host
Fixed by turning off the rsh based functionality by default in PHP - if
you still want this you can set imap.enable_insecure_rsh but this is
not advised…
possible heap buffer overflow as a result of a dangling pointer - so
same memory area could be reused for future memory operations -> fixed
to reset the pointer when done
2 low priority issues - both stack memory info disclosures
Integer overflow -> buffer overflow -> root privesc in binder
Reintroduction of Spectre v1 vulnerability in ptrace subsystem - Brad
Spengler - fixed properly in Linus’ tree but not when it got backported
to the stable tree - two lines of code got reordered - so load of
possible speculative value occurred _after_it had been used - so the
speculative load barrier had no effect - Ubuntu regularly backports fixes
from the latest stable tree so we ended up affected as well
Possible DoS (kernel crash) if users can write to /dev/kvm - by default
on Ubuntu users don’t have this privilege so generally not affected
2 different heap based buffer overflows in Marvell Wifi driver ->
occurred when setting parameters for the driver so could be triggered by
a local users -> crash, DoS or
possible code execution
SMB based buffer overread if try mounting a share with version specified
as 3.0 but the share itself is version 2.10 -> parameter size mismatch ->
read of too much memory -> info disclosure
UAF in RSI 91x Wi-Fi driver -> able to be triggered by a remote network
peer -> crash, DoS or possible RCE