Episode 55

Show Notes

Overview

This week we cover security updates for NSS, SQLite, the Linux kernel and more, plus Joe and Alex discuss a recent FBI advisory warning about possible dangers of Smart TVs.

This week in Ubuntu Security Updates

49 unique CVEs addressed

[USN-4203-1, USN-4203-2] NSS vulnerability [00:59]

• 1 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Disco, Eoan
  • CVE-2019-11745
• OOB write if using an output buffer smaller than the block size (since used block size instead of buffer size) when writing output for NSC_EncryptUpdate()

[USN-4204-1] psutil vulnerability [02:05]

• 1 CVEs addressed in Xenial, Bionic, Disco, Eoan
  • CVE-2019-18874
• Double free due to mishandling of reference counting when handling errors during conversion of system data into Python objects - could be triggered when using a malicious disk partition label with an invalid character that fails to decode - so triggers error than fails to cleanup properly and results in a double free

[USN-4205-1] SQLite vulnerabilities [02:59]

• 6 CVEs addressed in Precise ESM, Xenial, Bionic, Disco, Eoan
  • CVE-2019-5827
  • CVE-2019-5018
  • CVE-2019-19244
  • CVE-2019-19242
  • CVE-2019-16168
  • CVE-2018-8740
• Various robustness updates for SQLite related to CVEs from other applications that misuse SQLite - so this makes SQLite more tolerant if it is misused in the future - plus a fix of a possible crash (DoS) under certain usage scenarios.

[USN-4208-1] Linux kernel vulnerabilities [03:42]

• 12 CVEs addressed in Bionic (gcp-edge), Eoan (5.3 kernel)
  • CVE-2019-17075
  • CVE-2019-19083
  • CVE-2019-19075
  • CVE-2019-19069
  • CVE-2019-19067
  • CVE-2019-19065
  • CVE-2019-19061
  • CVE-2019-19060
  • CVE-2019-19048
  • CVE-2019-18810
  • CVE-2019-17133
  • CVE-2019-15794
• Buffer overflow in wifi driver stack - able to be triggered by a remote user in wifi range
• Ubuntu specific OverlayFS and ShiftFS memory mapped reference counting issue - can be triggered when combined with that when combined with AUFS by a local attacker.
• Memory leak based denial of service issues in various drivers (usually during error conditions so unlikely to ever be hit in real use or able to be easily triggered by malicious local users):
  • AMD Display Engine
  • Qualcomm FastRPC
  • Cascoda CA8210 SPI 802.15.4 wireless controller
  • AMD Audio CoProcessor
  • Intel OPA Gen1 Infiniband
  • ADIS16400 IIO IMU
  • VirtualBox guest
  • ARM Komeda display

[USN-4209-1] Linux kernel vulnerabilities [06:07]

• 3 CVEs addressed in Bionic (HWE), Disco (5.0 kernel)
  • CVE-2019-19076
  • CVE-2019-16746
  • CVE-2019-15794
• Memory leak in Netronome NFP4000/NFP6k000 driver
• Buffer overflow via 802.11 wifi config interface - local user onlu
• OverlayFS/ShiftFS issue above

[USN-4210-1] Linux kernel vulnerabilities [06:47]

• 6 CVEs addressed in Xenial (HWE), Bionic (4.15)
  • CVE-2019-17075
  • CVE-2019-19075
  • CVE-2019-19065
  • CVE-2019-19060
  • CVE-2019-17133
  • CVE-2019-16746
• See above:
  • Wifi stack buffer overflow from remote user
  • Wifi config buffer overflow from local user
  • Memory leaks above:
    • Cascoda CA8210 SPI 802.15.4 wireless controller
    • Intel OPA Gen1 Infiniband
    • ADIS16400 IIO IMU

[USN-4211-1, USN-4211-2] Linux kernel vulnerabilities [07:22]

• 3 CVEs addressed in Xenial, Trusty ESM (Xenial HWE)
  • CVE-2019-17075
  • CVE-2019-17133
  • CVE-2018-20784
• Wifi stack remote user buffer overflow
• Infinite loop in the CFS scheduler able to be triggered by a local user -> DoS

[USN-4206-1] GraphicsMagick vulnerabilities [07:55]

• 10 CVEs addressed in Xenial
  • CVE-2017-6335
  • CVE-2017-14042
  • CVE-2017-13147
  • CVE-2017-11637
  • CVE-2017-11636
  • CVE-2017-11403
  • CVE-2017-11140
  • CVE-2017-11102
  • CVE-2017-10799
  • CVE-2017-10794
• Usual sorts of memory mismanagement issues seen in large C codebases (most resulting in crash -> DoS)
  • OOB read
  • Various memory allocation failure issues - trigger crash -> DoS
  • NULL pointer dereference
  • Heap buffer overflow for RGB images with multiple frames with non-identical widths
  • UAF via a crafted MNG image
  • Resource consumption via crafted JPEG which specifies invalid scanlines
  • Memory leaks -> memory exhaustion -> crash -> DoS

[USN-4207-1] GraphicsMagick vulnerabilities [09:18]

• 13 CVEs addressed in Bionic
  • CVE-2019-11506
  • CVE-2019-11505
  • CVE-2019-11474
  • CVE-2019-11473
  • CVE-2019-11010
  • CVE-2019-11009
  • CVE-2019-11008
  • CVE-2019-11007
  • CVE-2019-11006
  • CVE-2019-11005
  • CVE-2018-20189
  • CVE-2018-20185
  • CVE-2018-20184

[USN-4194-2] postgresql-common vulnerability [09:29]

• 1 CVEs addressed in Trusty ESM
  • CVE-2019-3466
• Episode 54 - Debian specific package - privesc

[USN-4182-3, USN-4182-4] Intel Microcode regression [09:44]

• 2 CVEs addressed in Trusty ESM, Xenial, Bionic, Disco, Eoan
  • CVE-2019-11139
  • CVE-2019-11135
• Previous microcode update resulted in some Skylake processors hanging on a warm reboot - not Ubuntu specific and is tracked upstream by Intel https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21 - so this update reverts the microcode only for those specific processor models

Goings on in Ubuntu Security Community

Joe and Alex discuss a recent FBI Advisory concerning SmartTVs [10:50]

• https://threatpost.com/smart-tvs-cyberthreat-living-room-feds/150713/

Get in contact

• security@ubuntu.com
• #ubuntu-security on the Libera.Chat IRC network
• ubuntu-hardened mailing list
• Security section on discourse.ubuntu.com
• @ubuntu_sec on twitter