Episode 89

Posted on Thursday, Sep 3, 2020
This week we farewell Joe McManus plus we look at security updates for Firefox, Chrony, Squid, Django, the Linux kernel and more.

Show Notes

Overview

This week we farewell Joe McManus plus we look at security updates for Firefox, Chrony, Squid, Django, the Linux kernel and more.

This week in Ubuntu Security Updates

59 unique CVEs addressed

[USN-4473-1] libmysofa vulnerabilities [01:01]

[USN-4474-1] Firefox vulnerabilities [01:30]

[USN-4446-2] Squid regression [02:31]

[USN-4475-1] Chrony vulnerability [02:51]

  • 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
  • pid file is created as root before drops privileges and was susceptible to a symlink attack -> could be used to overwrite arbitrary files on the system

[USN-4476-1] NSS vulnerability [03:45]

  • 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
  • OOB read for CHACHA20 decryption with undersized tag

[USN-4477-1] Squid vulnerabilities

[USN-4478-1] Python-RSA vulnerability [04:15]

  • 1 CVEs addressed in Trusty ESM (14.04 ESM)
  • Ignores leading NUL/zero byte in decryption of ciphertext - fixed to check length matches block size

[USN-4479-1] Django vulnerabilities [04:40]

  • 2 CVEs addressed in Focal (20.04 LTS)
  • Incorrect handling of permissions on directories in caches - caused by a behavioural change in python 3.7 - so only affects Python Django when used with python 3.7 and hence say bionic (which uses python 3.6) is not affected

[USN-4480-1] OpenStack Keystone vulnerabilities [05:25]

  • 4 CVEs addressed in Bionic (18.04 LTS)
  • Incorrect handling of EC2 permissions could allow an authenticated attacker to create EC2 credentials with elevated permissions
  • Incorrect handling of OAUTH1 roles could give an authenticated attacker more role assignments than intended
  • Incorrect handling of EC2 signature TTL checks could allow reuse of authorisation headers

[USN-4471-2] Net-SNMP regression [05:51]

  • 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS)
  • Previous update (Episode 87) caused `nsExtendCacheTime` to be not settable as MIB attribute - instead add cacheTime feature flag to set this

[USN-4481-1] FreeRDP vulnerabilities [06:23]

[USN-4482-1] Ark vulnerability [06:54]

  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
  • Crafted TAR with symlinks outside of working directory -> overwrite or creation of arbitrary files (zipslip but for tar - tarslip?)

[USN-4483-1] Linux kernel vulnerabilities [07:22]

[USN-4484-1] Linux kernel vulnerability

  • 1 CVEs addressed in Bionic (18.04 LTS)
  • 5.3 gke/HWE kernel
  • cgroupv2 issue

[USN-4485-1] Linux kernel vulnerabilities

[USN-4486-1] Linux kernel vulnerability

  • 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS)
  • 4.4 (xenial / trusy esm hwe)
  • XFS metadata DoS

Goings on in Ubuntu Security Community

Farewell Joe McManus [09:04]

  • Thanks for being the best co-host a bloke could wish for

Get in contact