Episode 64

Show Notes

Overview

This week we look at security updates for ppp, Squid, rsync + more, and Joe and Alex discuss the wide scope of the Ubuntu Security Team including some current open positions.

This week in Ubuntu Security Updates

19 unique CVEs addressed

[LSN-0063-1] Linux kernel vulnerability [00:43]

• 5 CVEs addressed in Xenial, Bionic
  • CVE-2020-7053
  • CVE-2019-20096
  • CVE-2019-19050
  • CVE-2019-14615
  • CVE-2019-5108
• i915 UAF (Episode 60), DCCP memory leak -> DoS (Episode 63), crypto subsystem memory leaks (Episode 60), i915 info leak (Episode 60, Episode 53), WiFi AP mode DoS (Episode 53)

[USN-4279-2] PHP regression [01:51]

• 3 CVEs addressed in Xenial
  • CVE-2020-7060
  • CVE-2020-7059
  • CVE-2015-9253
• Episode 63 - Upstream fix for CVE-2015-9253 contained a memory leak - this fix was backed-out in this update

[USN-4288-1] ppp vulnerability [02:16]

• 1 CVEs addressed in Xenial, Bionic, Eoan
  • CVE-2020-8597
• Included a check for possible buffer overflow a an rhostname but the check was incorrect :( so could still overflow - fixed by making the correct check

[USN-4289-1] Squid vulnerabilities [02:41]

• 4 CVEs addressed in Xenial, Bionic, Eoan
  • CVE-2020-8517
  • CVE-2020-8450
  • CVE-2020-8449
  • CVE-2019-12528
• Buffer overflow in NTLM credentials parser - out-of-process so would just result in a DoS
• Buffer overflow when acting as a reverse proxy
• Incorrect input validation leading to access to server resources which should have been prohibited
• Info disclosure due to heap buffer over-read when acting as an FTP client from a malicious FTP server

[USN-4290-1] libpam-radius-auth vulnerability [03:26]

• 1 CVEs addressed in Xenial, Bionic, Eoan
  • CVE-2015-9542
• Stack overflow in password field handling -> crash, DoS

[USN-4291-1] mod-auth-mellon vulnerability [03:49]

• 1 CVEs addressed in Bionic, Eoan
  • CVE-2019-13038
• SAML 2.0 authentication module for Apache
• Open redirect - didn’t properly validate the ReturnTo substring of the login API endpoint - could allow to launch possible phishing attacks etc by masquerading as another domain via the redirect

[USN-4292-1] rsync vulnerabilities [04:33]

• 4 CVEs addressed in Xenial, Bionic
  • CVE-2016-9843
  • CVE-2016-9842
  • CVE-2016-9841
  • CVE-2016-9840
• All issues with the vendored copy of zlib contained within rsync - various low-level memory management issues (discussed back in Episode 60 in the context of zlib - as a result of a security audit a few years ago by Trail of Bits )

Goings on in Ubuntu Security Community

Alex and Joe discuss the larger scope of the Ubuntu Security Team and current open positions [05:05]

Kyle Fazzari’s ROS and Ubuntu Video Series

• https://ubuntu.com/blog/from-ros-prototype-to-production-on-ubuntu-core
• https://ubuntu.com/blog/your-first-robot-a-beginners-guide-to-ros-and-ubuntu-core-1-5

Robotics Security Engineer

• https://canonical.com/careers/1550997

Security Engineer - Certifications (FIPS, Common Criteria)

• https://canonical.com/careers/2085468

Ubuntu Security Engineer

• https://canonical.com/careers/2085023

Get in contact

• security@ubuntu.com
• #ubuntu-security on the Libera.Chat IRC network
• ubuntu-hardened mailing list
• Security section on discourse.ubuntu.com
• @ubuntu_sec on twitter