Episode 65

Show Notes

Overview

Whilst avoiding Coronavirus, this week we look at updates for libarchive, OpenSMTPD, rake and more, plus Joe and Alex discuss ROS, the Robot Operating System and how the Ubuntu Security Team is involved in the ongoing development of secure foundations for robotics.

This week in Ubuntu Security Updates

7 unique CVEs addressed

[USN-4293-1] libarchive vulnerabilities [00:18]

2 CVEs addressed in Xenial, Bionic, Eoan
- CVE-2020-9308
- CVE-2019-19221
OSS-Fuzz: RAR unpacker would try and unpack a file with a corrupted / malformed header (ie. zero length etc) - OOB read - crash/DoS
OOB read due to use of wrong length parameter to mbtowc()

[USN-4294-1] OpenSMTPD vulnerabilities [02:00]

2 CVEs addressed in Bionic, Eoan
- CVE-2020-8793
- CVE-2020-8794
Remote code exec on both clients and server (as server reuses client-side code for debouncing)
Possible arbitrary file read due to race-condition in offline functionality - a user could create a hardlink to a root-owned file which opensmtpd would then read - mitigated on Ubuntu since we enable protected_hardlinks sysctl which stops regular users creating hardlinks to root-owned files

[USN-4288-2] ppp vulnerability [03:12]

1 CVEs addressed in Precise ESM, Trusty ESM
- CVE-2020-8597
Episode 64 (possible buffer overflow)

[USN-4290-2] libpam-radius-auth vulnerability [03:23]

1 CVEs addressed in Precise ESM, Trusty ESM
- CVE-2015-9542
Episode 64 (stack overflow in password field handling)

[USN-4295-1] Rake vulnerability [03:31]

1 CVEs addressed in Xenial, Bionic, Eoan
- CVE-2020-8130
Command injection vulnerability via Rake::FileList - used the Kernel open() method rather than File.open() - this supports launching a process if the file-name starts with a pipe `|` - so instead just use File.open()

Goings on in Ubuntu Security Community

Joe and Alex discuss ROS, the Robot Operating System [04:28]

Kyle Fazzari’s ROS and Ubuntu Video Series

Hiring