Episode 58

Show Notes

Overview

In the first episode for 2020, we look at security updates for Django and the Linux kernel, plus Alex and Joe discuss security and privacy aspects of smart assistant connected devices.

This week in Ubuntu Security Updates

34 unique CVEs addressed

[USN-4224-1] Django vulnerability [00:51]

• 1 CVEs addressed in Xenial, Bionic, Disco, Eoan
  • CVE-2019-19844
• Account takeover via password reset - when comparing email addresses, would not do a proper unicode comparison - and so could specify an email address which appears equal to an existing users email address (after unicode case and character transmformation) and would then get sent a token to reset their accounts password to your doppleganger email address. Fix includes doing both a proper unicode case comparison AND sending the password reset token to the email address to the one registered against the user account, not the one input to the password reset field.

[USN-4225-1] Linux kernel vulnerabilities [02:25]

• 5.3 kernel
• 18 CVEs addressed in Bionic (Azure and GCP edge), Eoan
  • CVE-2019-18813
  • CVE-2019-19807
    • UAF in ALSA timer implementation - local user - crash (DoS) / ACE
  • CVE-2019-19534
  • CVE-2019-19529
  • CVE-2019-19524
  • CVE-2019-19072
    • Memory leak in tracing subsystem -> DoS
  • CVE-2019-19055
  • CVE-2019-19052
  • CVE-2019-19051
  • CVE-2019-19047
  • CVE-2019-19045
  • CVE-2019-19044
  • CVE-2019-18660
    • SpectreRSB mitigations not properly enforced on PPC
  • CVE-2019-16231
  • CVE-2019-14897
  • CVE-2019-14896
    • 2 heap overflows in Marvell Libertas Wifi Driver - OTA - crash / ACE
  • CVE-2019-14901
  • CVE-2019-14895
    • 2 heap overflows in Marvell Wifi-Ex Driver - OTA - crash / ACE

[USN-4226-1] Linux kernel vulnerabilities [03:58]

• 5.0 kernel
• 28 CVEs addressed in Bionic (AWS & Oracle Edge, Azure, GKE), Disco
  • CVE-2019-18813
  • CVE-2019-17075
  • CVE-2019-2214
    • Binder IPC OOB write - crash, ACE
  • CVE-2019-19922
  • CVE-2019-19534
  • CVE-2019-19532
  • CVE-2019-19529
  • CVE-2019-19526
  • CVE-2019-19524
  • CVE-2019-19083
  • CVE-2019-19075
  • CVE-2019-19072
    • Memory leak in tracing subsystem -> DoS
  • CVE-2019-19067
  • CVE-2019-19065
  • CVE-2019-19060
  • CVE-2019-19055
  • CVE-2019-19052
  • CVE-2019-19048
    • Memory leak in virtualbox guest driver -> DoS
  • CVE-2019-19045
  • CVE-2019-18660
    • SpectreRSB mitigations not properly enforced on PPC
  • CVE-2019-17133
    • Wifi stack failed to validate SSID IE length - buffer overflow
  • CVE-2019-16233
  • CVE-2019-16231
  • CVE-2019-14897
  • CVE-2019-14896
    • 2 heap overflows in Marvell Libertas Wifi Driver - OTA - crash / ACE
  • CVE-2019-14901
  • CVE-2019-14895
    • 2 heap overflows in Marvell Wifi-Ex Driver - OTA - crash / ACE
  • CVE-2019-10220
    • Kernel CIFS impl failed to sanitize paths returned from SMB server - malicious server could overwrite arbitrary files on the client

[USN-4227-1, USN-4227-2] Linux kernel vulnerabilities [05:36]

• 14 CVEs addressed in Xenial, Bionic, Trusty ESM (Azure)
  • CVE-2019-19807
    • UAF in ALSA timer implementation - local user - crash (DoS) / ACE
  • CVE-2019-19534
  • CVE-2019-19529
  • CVE-2019-19524
  • CVE-2019-19083
  • CVE-2019-19052
  • CVE-2019-19045
  • CVE-2019-18660
    • SpectreRSB mitigations not properly enforced on PPC
  • CVE-2019-16233
  • CVE-2019-16231
  • CVE-2019-14897
  • CVE-2019-14896
    • 2 heap overflows in Marvell Libertas Wifi Driver - OTA - crash / ACE
  • CVE-2019-14901
  • CVE-2019-14895
    • 2 heap overflows in Marvell Wifi-Ex Driver - OTA - crash / ACE

[USN-4228-1, USN-4228-2] Linux kernel vulnerabilities [06:17]

• 8 CVEs addressed in Xenial, Trusty ESM (Xenial HWE)
  • CVE-2019-19534
  • CVE-2019-19524
  • CVE-2019-19052
  • CVE-2019-18660
    • SpectreRSB mitigations not properly enforced on PPC
  • CVE-2019-14897
  • CVE-2019-14896
    • 2 heap overflows in Marvell Libertas Wifi Driver - OTA - crash / ACE
  • CVE-2019-14901
  • CVE-2019-14895
    • 2 heap overflows in Marvell Wifi-Ex Driver - OTA - crash / ACE

[LSN-0061-1] Linux kernel vulnerability [06:38]

• 5 CVEs addressed in Bionic & Xenial
  • CVE-2019-15794
    • OverlayFS & ShiftFS reference counting issue - Episode 55
  • CVE-2019-14901
  • CVE-2019-14895
    • 2 heap overflows in Marvell Wifi-Ex Driver - OTA - crash / ACE
  • CVE-2019-14897
  • CVE-2019-14896
    • 2 heap overflows in Marvell Libertas Wifi Driver - OTA - crash / ACE

Goings on in Ubuntu Security Community

Alex and Joe discuss connected devices and smart assistants [07:25]

Get in contact

• security@ubuntu.com
• #ubuntu-security on the Libera.Chat IRC network
• ubuntu-hardened mailing list
• Security section on discourse.ubuntu.com
• @ubuntu_sec on twitter