Episode 63

Posted on Thursday, Feb 20, 2020
Security updates for Firefox, QEMU, Linux kernel, ClamAV and more, plus we discuss our recommended reading list for getting into infosec and farewell long-time member of the Ubuntu Security Team / community Tyler Hicks.

Show Notes

Overview

Security updates for Firefox, QEMU, Linux kernel, ClamAV and more, plus we discuss our recommended reading list for getting into infosec and farewell long-time member of the Ubuntu Security Team / community Tyler Hicks.

This week in Ubuntu Security Updates

54 unique CVEs addressed

[USN-4278-1] Firefox vulnerabilities [00:55]

[USN-4279-1] PHP vulnerabilities [01:26]

  • 3 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Eoan
  • Buffer overread when converting multibyte characters via mbstring functions and when reading data whilst stripping tags via fgetss() - crash / info disc
  • Fix for a CPU and disk-based DoS when PHP FPM (FastCGI Process Manager) would endlessly restart a child process - busy CPU loop and large error logs -> DoS

[USN-4280-1, USN-4280-2] ClamAV vulnerability [02:27]

  • 1 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Eoan
  • OOB read in Data-Loss-Prevention (DLP) module (scans for CC or social security numbers) - crafted email would cause OOB read -> crash -> DoS

[USN-4281-1] WebKitGTK+ vulnerabilities [03:04]

  • 5 CVEs addressed in Bionic, Eoan
  • Various issues able to be triggered by malicious websites
    • DoS via poor memory handling
    • Wrong secrity origin for particular DOM objects
    • Top-level DOM object incorrectly considered secure
    • Logic issue leading to a universal XSS flaw
    • Poor memory handling leading to RCE

[USN-4282-1] PostgreSQL vulnerability [03:50]

  • 1 CVEs addressed in Bionic, Eoan
  • Missing authorization checks on ALTER … DEPENDS ON EXTENSION sub-commands - could allow unprivileged users to drop any function, procedure, index etc under certain conditions

[USN-4283-1] QEMU vulnerabilities [04:10]

  • 3 CVEs addressed in Xenial, Bionic, Eoan
  • Buffer overflow in libslirp tcp emulation due to misuse of snprintf() return value - assumed snprintf() returns the number of bytes written - BUT returns the number of bytes which would have been written if the dest buffer was big enough - so if buffer is too small then returns a value larger than the buffer - so if that returned size is used later in a memcpy() or similar would overflow the buffer - so instead need to carefully track the return value if it is larger than the dest buffer
  • Separate buffer overflow in libslirp tcp emulation code due to missing size checks
  • Heap buffer OOB write in iSCSI block driver - malicious iSCSI server could trigger this and crash or possibly get code execution on QEMU host

[USN-4284-1] Linux kernel vulnerabilities [05:21]

[USN-4285-1] Linux kernel vulnerabilities [07:58]

[USN-4287-1, USN-4287-2] Linux kernel vulnerabilities [08:46]

[USN-4286-1, USN-4286-2] Linux kernel vulnerabilities [09:44]

Goings on in Ubuntu Security Community

  • Red Team Field Manual | Ben Clark
  • Head First Programming
  • Linux System Administrators Handbook | Nemeth, et al
  • Robert Seacord’s Secure Coding in C/C++
  • CERT Resilience Management Model (CERT-RMM)
  • The Code Book | Simon Singh
  • The Tao of Network Security Monitoring: Beyond Intrusion Detection | Richard Bejtlich
  • The Cuckoos Egg | Cliff Stoll
  • Linux Pro Magazine
  • Black Hat Python | Justin Seitz
  • Hacking: The Art Of Exploitation | Jon Erickson

Farewell and good luck Tyler Hicks (tyhicks) [25:05]

Get in contact