Episode 67
Posted on Thursday, Mar 19, 2020
A big week in security updates, including the Linux kernel, Ceph, ICU,
Firefox, Dino and more, plus Joe and Alex discuss tips for securely working
from home in light of Coronavirus.
Show Notes
Overview
A big week in security updates, including the Linux kernel, Ceph, ICU, Firefox, Dino and more, plus Joe and Alex discuss tips for securely working from home in light of Coronavirus.
This week in Ubuntu Security Updates
38 unique CVEs addressed
[USN-4299-1] Firefox vulnerabilities [00:41]
- 12 CVEs addressed in Xenial, Bionic, Eoan
- 74.0 - usual sorts of fixes:
- Crafted website -> DoS, URL and other browser chrome spoofing, bypass content security policy protections, RCE etc
- Extensions with all-url permission could access local files
- Copy-as-cURL devtools feature failed to escape website-controlled data - possible command injection -> RCE if user tricked into using this on a crafted website
[USN-4300-1] Linux kernel vulnerabilities [02:02]
- 11 CVEs addressed in Bionic, Eoan
- 5.3 eoan, bionic hwe
- 2 KVM issues
- Nested KVM guest could access resources of parent -> sensitive info disclosure
- Guest VM could read memory from another guest VM since would sometimes miss deferred TLB flushes when switching guests
- Rest low priority
- Memory leaks in various network and other device drivers under particular error scenarios - not likely that a local or remote user could easily trigger these so hence low priority
[USN-4301-1] Linux kernel vulnerabilities [03:53]
- 8 CVEs addressed in Bionic
- 5.0 “cloud” specific kernel (oracle, aws, gke, gcp etc)
- Same issues as above just with a couple less of the driver memory leak fixes since these were already done in a previous update
[USN-4302-1] Linux kernel vulnerabilities [04:31]
- 10 CVEs addressed in Xenial, Bionic
- 4.15, bionic and xenial hwe
- CVE-2020-8832 - Ubuntu Intel i915 specific issue due to previous fix for CVE-2020-14615 being incomplete - so not completely mitigated in this kernel as expected
- KVM nested virt bug and various driver memory leak fixes (see above) and a NULL pointer deref if a malicious USB device was inserted to the system
[USN-4303-1, USN-4303-2] Linux kernel vulnerability [05:26]
- 1 CVEs addressed in Xenial and Trusty ESM (HWE)
- Nested KVM virt issue
[USN-4304-1] Ceph vulnerability [05:48]
- 1 CVEs addressed in Bionic, Eoan
- DoS able to be triggered by an authenticated user causing an unexpected disconnect to radosgw - sockets pile up and eventually exhaust resources -> DoS
[USN-4305-1] ICU vulnerability [06:26]
- 1 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Eoan
- C/C++ library for unicode handling - integer overflow -> heap buffer overflow - DoS/RCE?
[USN-4306-1] Dino vulnerabilities [07:05]
- 3 CVEs addressed in Bionic
- Thanks to Julian Andres Klode from Foundations
- Fixes for multiple failures to validate inputs - remote attacker could use to obtain, inject or remove info
- Also includes a change to accept IV of 12 bytes as well as 16 bytes since
this is what a lo t of other OMEMO clients are using
- OMEMO (OMEMO Multi-End Message and Object Encryption) - XMPP extension for multiclient E2E - so allows messages to be synchronised across multiple clients, even if some are offline
[USN-4171-5] Apport regression [08:14]
- 5 CVEs addressed in Xenial, Bionic, Eoan
- Thanks to Tiago Daitx and Michael Hudson-Doyle from Foundations Team
- Previous security update broke some autopkgtests and broke python2 compatibility for various parts of Apport