Episode 54

Posted on Sunday, Nov 24, 2019
Security updates for DPDK, Linux kernel, QEMU, ImageMagick, Ghostscript and more, plus Joe and Alex talk about how to get into information security.

Show Notes

Overview

Security updates for DPDK, Linux kernel, QEMU, ImageMagick, Ghostscript and more, plus Joe and Alex talk about how to get into information security.

This week in Ubuntu Security Updates

89 unique CVEs addressed

[USN-4189-1] DPDK vulnerability [01:00]

  • 1 CVEs addressed in Bionic, Disco, Eoan
  • Data Plane Development Kit - Memory and file-descriptor leak, able to be triggered by a malicious master or a container with access to the vhost_user socket

[USN-4190-1] libjpeg-turbo vulnerabilities [01:41]

[USN-4183-2] Linux kernel vulnerability [02:48]

[USN-4184-2] Linux kernel vulnerability and regression [04:37]

[USN-4185-3] Linux kernel vulnerability and regression [05:05]

[USN-4186-3] Linux kernel vulnerability [05:22]

[USN-4191-1, USN-4191-2] QEMU vulnerabilities [05:32]

  • 5 CVEs addressed in Trusty ESM, Xenial, Bionic, Disco, Eoan
  • Heap buffer overflow and UAF in SLiRP networking implementation - DoS + possible code exec
  • Bridge helper didn't validate interface names to be within IFNAMSIZ - could be used to bypass ACL restrictions
  • NULL pointer dereference in qxl paravirtual graphics driver - DoS
  • Possible CPU based DoS via an infinite loop able to be triggered in the LSI SCSI adaptor emulator

[USN-4192-1] ImageMagick vulnerabilities [06:48]

[USN-4193-1] Ghostscript vulnerability [08:13]

  • 1 CVEs addressed in Xenial, Bionic, Disco, Eoan
  • Another -dSAFER bypass - newest Ghostscript is not affected since it rewrote the SAFER sandbox - but older versions are - allows a malicious postscript file to bypass the sandbox and access files or execute commands etc.

[USN-4194-1] postgresql-common vulnerability [09:17]

  • 1 CVEs addressed in Xenial, Bionic, Disco, Eoan
  • Privesc via arbitrary directory creation through the pg_ctlcluster command - allows to create a dir as postgres user - say /usr/lib/sudo/haswell - then dump a shared lib there which will be loaded by sudo to gain a root shell - by specifying this as the stats_temp_directory in the config
  • Interesting but requires ability to configure and run as postgres

[USN-4195-1] MySQL vulnerabilities [11:07]

[USN-4196-1] python-ecdsa vulnerabilities [11:42]

  • 2 CVEs addressed in Xenial, Bionic, Disco, Eoan
  • Issues in handling DER encoding of signatures - failed to verify proper DER encoding but also might raise exceptions unexpectedly on valid input so would cause a DoS

Goings on in Ubuntu Security Community

Joe and Alex discuss how to get into infosec [12:18]

Get in contact