Episode 6

Posted on Tuesday, Oct 2, 2018
This week we look at some details of the 17 unique CVEs addressed across the supported Ubuntu releases and more.

Show Notes

Overview

This week we look at some details of the 17 unique CVEs addressed across the supported Ubuntu releases and more.

This week in Ubuntu Security Updates

17 unique CVEs addressed

[USN-3771-1] strongSwan vulnerabilities

  • 4 CVEs addressed in Trusty, Xenial, Bionic
  • 2 CVEs: flaws in RSA implementation allow Bleichenbacher-style attacks in parsing of the ASN.1 encoded digestInfo
  • strongSwan implementation was too lenient and would allow arbitrary random data to be contained following various elements in the ASN.1
  • Also would not check the correct amount of padding had been used
  • Allows attackers to potentially forge low-exponent signature forgery and hence authentication during IKE authentication
  • 2 CVEs for DoS due to missing length check and missing variable initialization

[USN-3772-1] UDisks vulnerability

  • 1 CVEs addressed in Bionic
  • Format string vulnerability which could be exploited via specially crafted disk label
  • udisks prints volume label via printf() passing the label as part of the format string
    • Simple fix to replace the label with a %s directive and then pass the label to that
    • ie. don’t interpret label as printf() directives directly

[USN-3719-3] Mutt vulnerabilities

Goings on in Ubuntu Security Community

LSM Stacking upstreaming

  • Casey Schaufler (Intel, SMACK maintainer) primary developer along with John Johansen and Kees Cook (Google) to upstream support for LSM stacking
  • Currently upstream allows use of one ‘major’ module (SELinux / AppArmor / Tomoyo) with a minor module (Yama etc)
  • Goal of stacking is to allow multiple major modules to be used in conjunction (AppArmor with SELinux)
    • Primary use-case is containers
  • Current stacking patches allow to stack Tomoyo with either SELinux / AppArmor
    • Eventually should be able to stack SELinux with AppArmor but still WIP
    • Ubuntu already carries these patches in Bionic etc
  • Likely to be merged in the near future

Evince AppArmor hardening LP #1788929

  • Jann Horn (GPZ) reported gaps in evince AppArmor profile
  • Clever use of GNOME thumbnailer infrastructure to specify a new ‘evil’ thumbnailer and the use of systemd via DBus to escape AppArmor confinement
  • Policy fixed in Cosmic, in process of updating for Bionic etc

New Ubuntu Security Manager

  • Joe McManus

Hiring

Ubuntu Security Engineer

Get in contact