Episode 82

Posted on Friday, Jul 17, 2020
With Ubuntu 19.10 going EOL, we have a special interview by Joe with Chris Coulson and Steve Beattie from the Ubuntu Security Team to talk TPMs and Ubuntu Core 20, plus Alex looks at some of the 71 CVEs addressed by the team and more.

Show Notes

Overview

With Ubuntu 19.10 going EOL, we have a special interview by Joe with Chris Coulson and Steve Beattie from the Ubuntu Security Team to talk TPMs and Ubuntu Core 20, plus Alex looks at some of the 71 CVEs addressed by the team and more.

This week in Ubuntu Security Updates

71 unique CVEs addressed

[USN-4407-1] LibVNCServer vulnerabilities [01:02]

  • 5 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
  • Used by gnome-remote-desktop, virtualbox and others
  • Provides both a server and client libraries
    • So some issues affect clients when connecting to a malicious server, others could be from a malicious client to the server
  • Issues when handling WebSocket frames, cursor shape updates, ServerCutText messages and decompression of zlib compressed data - crash -> DoS, info leak, RCE etc

[USN-4408-1] Firefox vulnerabilities [01:57]

[USN-4409-1] Samba vulnerabilities [03:00]

  • 3 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
  • 2 separate issues when handling LDAP queries -> both UAF -> crash -> DoS or RCE
  • CPU based DoS when processing NetBIOS over TCP/IP

[USN-4410-1] Net-SNMP vulnerability [03:44]

  • 1 CVEs addressed in Focal (20.04 LTS)
  • Double free -> heap memory corruption -> crash / RCE

[USN-4411-1] Linux kernel vulnerabilities [04:02]

[USN-4412-1] Linux kernel vulnerabilities [04:57]

  • 5 CVEs addressed in Bionic (18.04 LTS), Eoan (19.10)
  • 5.3 kernel (bionic HWE)
  • Most of above plus an SELinux failure to validate all parts of a multi-part netlink message - could then possibly bypass SELinux access controls - SELinux is not the default LSM in Ubuntu - AppArmor

[USN-4413-1] Linux kernel vulnerabilities [05:58]

[USN-4414-1] Linux kernel vulnerabilities [06:10]

[USN-4419-1] Linux kernel vulnerabilities [06:49]

[USN-4415-1] coTURN vulnerabilities [07:33]

  • 3 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
  • TURN / STUN server used to traverse VoIP media traffic over NAT with a telnet / HTTPS management interface
  • Info leak due to failure to zero memory used for response buffers
  • Improper handling of HTTP POST requests to the web interface -> DoS / info-leak etc

[USN-4416-1] GNU C Library vulnerabilities [08:04]

[USN-4417-1, USN-4417-2] NSS vulnerability [09:38]

  • 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
  • Possible RSA side-channel due to input-dependent code flow - would allow possible RSA private key extraction via electromagnetic-based side-channel measurements

[USN-4418-1] OpenEXR vulnerabilities [10:06]

  • 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
  • Heap buffer overflow and UAF

[USN-4420-1] Cinder and os-brick vulnerability [10:13]

  • 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
  • Possible exposure of credentials when using the Dell EMC ScaleIO or VxFlex OS backend storage drivers - credentials would be accessible via the connection_info element in various API calls - instead credentials get moved to a file on disk so may require some changes on various deployed environments as a result

[USN-4421-1] Thunderbird vulnerabilities [10:52]

[USN-4376-2] OpenSSL vulnerabilities [11:33]

[USN-4422-1] WebKitGTK+ vulnerabilities [11:40]

[USN-4423-1] Firefox vulnerability [11:52]

  • Affecting Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
  • 78.0.2
  • Possible click-jacking attack via crafted X-Frame-Options bypass when visiting a specially crafted website (no CVE..)

Goings on in Ubuntu Security Community

Joe talks TPMs and Ubuntu Core 20 with Chris Coulson and Steve Beattie [12:30]

Ubuntu 19.10 Eoan Ermine goes end-of-life [23:12]

Get in contact