Episode 9

Posted on Tuesday, Oct 30, 2018
This week we look at some details of the 61 unique CVEs addressed across the supported Ubuntu releases, with a particular focus on the recent Xorg vulnerability (CVE-2018-14665), plus Cosmic is now officially supported by the Security Team.

Show Notes

Overview

This week we look at some details of the 61 unique CVEs addressed across the supported Ubuntu releases, with a particular focus on the recent Xorg vulnerability (CVE-2018-14665), plus Cosmic is now officially supported by the Security Team.

This week in Ubuntu Security Updates

61 unique CVEs addressed

[USN-3790-2] Requests vulnerability

  • 1 CVEs addressed in Cosmic
  • Cosmic is now officially released and so is officially supported by the Security Team
  • This is the same vulnerability which we covered in Episode 8 for Trusty, Xenial, Bionic now fixed for Cosmic

[USN-3795-2] libssh vulnerability

  • 1 CVEs addressed in Cosmic
  • This is the same vulnerability which we covered in Episode 8 for Trusty, Xenial, Bionic now fixed for Cosmic

[USN-3792-3] Net-SNMP vulnerability

  • 1 CVEs addressed in Cosmic
  • This is the same vulnerability which we covered in Episode 8 for Trusty, Xenial & Bionic now fixed for Cosmic

[USN-3796-3] Paramiko vulnerability

  • 1 CVEs addressed in Cosmic
  • This is the same vulnerability which we covered in Episode 8 for Trusty, Xenial & Bionic now fixed for Cosmic

[USN-3788-2] Tex Live-bin vulnerability

  • 1 CVEs addressed in Cosmic
  • This is the same vulnerability which we covered in Episode 7 for Trusty, Xenial & Bionic now fixed for Cosmic

[USN-3797-1, USN-3797-2] Linux kernel vulnerabilities

  • 4 CVEs addressed in Xenial and Trusty for the Xenial HWE kernel for Trusty
  • Includes:
    • UAF in Infiniband -> DoS via crash
    • Integer overflow in CDROM -> info disclosure of kernel memory
    • Integer overflow in bluetooth HID -> buffer overflow -> DoS / possible arbitrary code execution
    • Remotely triggerable infinite loop in labelled network handler (CIPSO)
      • CIPSO used by SELinux / SMACK not AppArmor so unlikely Ubuntu users affected

[USN-3798-1] Linux kernel vulnerabilities

  • 8 CVEs addressed in Trusty and Precise ESM (for the Trusty HWE kernel for Precise ESM)
  • Includes:
    • Local DoS / code exec via insertion of an already existing key into kernel keyring
    • UAF in XCeive driver, local DoS / code exec (crash)
    • Race condition in generic SCSI -> Local DoS (crash) / code exec
    • NULL ptr dereference in ocfs2 -> Local DoS (crash)
    • Race condition in ALSA handling of ioctls -> Local DoS via deadlock
    • Race condition in ALSA -> UAF / out of bounds read -> Local DoS (crash) / code exec
    • Buffer overflow in NFC LLCP impl -> remote DoS / code exec

[USN-3777-3] Linux kernel (Azure) vulnerabilities

[USN-3799-1] MySQL vulnerabilities

[USN-3800-1] audiofile vulnerabilities

[USN-3801-1] Firefox vulnerabilities

[USN-3802-1] X.Org X server vulnerability

  • 1 CVEs addressed in Xenial, Bionic, Cosmic
  • Incorrect permissions check for 2 command-line arguments (-modulepath and -logfile)
  • On some platforms (not Ubuntu) Xorg itself is setuid
  • Can then use these command-line options to overwrite arbitrary files etc -> privilege escalation to root via say overwrite of /etc/shadow
  • Generated a lot of press - BUT missed the distinction that Xorg is not really setuid on Ubuntu
  • We use Xorg.wrap as setuid to first run and drop permissions if using KMS driver
    • This is the case for the vast majority of drivers, and for almost all free drivers
    • So most Ubuntu users unaffected by this vulnerability
  • Special Friday release :)

Goings on in Ubuntu Security Community

Hiring

Ubuntu Security Engineer

Get in contact