Episode 78

Posted on Friday, Jun 12, 2020
SRBDS aka CrossTalk, the latest Intel speculative execution attack, is the big news this week in security updates for Ubuntu, as well as fixes for GnuTLS, Firefox and more, plus Alex and Joe talk about using STRIDE for threat modelling of software products.

Show Notes

Overview

SRBDS aka CrossTalk, the latest Intel speculative execution attack, is the big news this week in security updates for Ubuntu, as well as fixes for GnuTLS, Firefox and more, plus Alex and Joe talk about using STRIDE for threat modelling of software products.

This week in Ubuntu Security Updates

39 unique CVEs addressed

[USN-4381-2] Django vulnerabilities [01:00]

[USN-4382-1] FreeRDP vulnerabilities [01:28]

[USN-4383-1] Firefox vulnerabilities [02:09]

[USN-4384-1] GnuTLS vulnerability [02:54]

  • 1 CVEs addressed in Eoan (19.10), Focal (20.04 LTS)
  • Rare Friday update - high priority GnuTLS vulnerability - would use an all-zero key for encrypting TLS session ticket
  • TLS1.3 -> enables a middleperson attack against resumed sessions
  • TLS1.2 -> enables passive decryption of traffic to/from servers when the client supports session tickets

[USN-4386-1] libjpeg-turbo vulnerability [04:19]

  • 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
    • CVE-2020-13790
    • Heap buffer over-read via crafted PPM file -> info disclosure / crash

[USN-4385-1] Intel Microcode vulnerabilities [04:49]

  • 3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
  • Latest Intel microarchitectural cache side-channel vulnerabilities - L1D cache, vector registers, special registers
  • https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS
  • Special register buffer data sampling (SRBDS) -> RDRAND, RDSEED etc -> aka CrossTalk -> micro-arch buffer is shared across cores so old values could be read by other processors
  • microcode clears buffers -> performance decrease for RDRAND etc as a result -> kernel update contains support for a kernel command-line arg to disable this mitigation

[USN-4387-1] Linux kernel vulnerabilities [07:25]

  • 5 CVEs addressed in Bionic (18.04 LTS), Eoan (19.10)
  • 5.3
  • Kernel command-line option to disable SRBDS mitigation
  • F2FS bounds check fail on xattrs -> OOB read -> info leak
  • USB scatter-gather UAF -> malicious USB device -> crash / RCE
  • XDP socket fail to validate userspace metadata -> OOB write -> requires CAP_NET_ADMIN

[USN-4388-1] Linux kernel vulnerabilities [08:40]

[USN-4389-1] Linux kernel vulnerabilities [08:54]

[USN-4390-1] Linux kernel vulnerabilities [09:02]

[USN-4391-1] Linux kernel vulnerabilities [09:35]

[USN-4392-1] Linux kernel vulnerabilities [09:46]

[USN-4393-1] Linux kernel vulnerabilities [09:46]

Goings on in Ubuntu Security Community

Joe and Alex discuss Threat Modelling via STRIDE [10:12]

Get in contact