This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Content provided by Alex Murray and Ubuntu Security Team. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Alex Murray and Ubuntu Security Team or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Similar to Ubuntu Security Podcast
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Episode 22
Manage episode 228494537 series 2423058
Content provided by Alex Murray and Ubuntu Security Team. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Alex Murray and Ubuntu Security Team or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Overview
This week we cover security updates including Firefox, Thunderbird, OpenSSL and another Ghostscript regression, plus we look at a recent report from Capsule8 comparing Linux hardening features across various distributions and we answer some listener questions.
This week in Ubuntu Security Updates
16 unique CVEs addressed
[USN-3893-2] Bind vulnerabilities
- 2 CVEs addressed in Precise ESM
- Covered last week in Episode 21 for regular Ubuntu releases
[USN-3866-3] Ghostscript regression
- Affecting Trusty, Xenial, Bionic, Cosmic
- Mentioned last week briefly
- Previous update to Ghostscript introduced a regression (blue background)
- See later for information
[USN-3894-1] GNOME Keyring vulnerability
- 1 CVEs addressed in Trusty, Xenial
- Already fixed upstream (hence doesn’t apply to Bionic / Cosmic etc)
- User’s login password kept in memory of child process after pam session is opened
- Could be dumped by root user or captured in crash dump etc and possibly exposed
- Other tools exist to try and extract from memory as well (minipenguin etc)
- Fix is to simply reset this after pam session is opened
[USN-3895-1] LDB vulnerability
- 1 CVEs addressed in Trusty, Xenial, Bionic, Cosmic
- LDAP-like embedded database (used by Samba and others)
- Authenticated user can cause OOB read when searching LDAP backend of AD DC with a search string containing multiple wildcards - crash -> DoS
[USN-3896-1] Firefox vulnerabilities
- 3 CVEs addressed in Trusty, Xenial, Bionic, Cosmic
- Firefox 65
- Use-after-free and integer overflow in Skia library (vector graphics library, similar to cairo)
- Cross-origin image theft - able to read from canvas element in violation of same-origin policy using transferFromImageBitmap() method
[USN-3897-1] Thunderbird vulnerabilities
- 7 CVEs addressed in Trusty, Xenial, Bionic, Cosmic
- Thunderbird 60.5.1
- Use-after-free and integer overflow in Skia library (vector graphics library, similar to cairo)
- Show messages with an invalid (reused) S/MIME signature as being verified
- UAF parsing HTML5 stream with custom HTML elements
- UAF in embedded libical via a crafted ICS file
[USN-3898-1, USN-3898-2] NSS vulnerability
- 1 CVEs addressed in Precise ESM, Trusty, Xenial, Bionic, Cosmic
- Several NULL pointer dereferences -> crash -> DoS
[USN-3899-1] OpenSSL vulnerability
- 1 CVEs addressed in Xenial, Bionic, Cosmic
- Possible padding oracle (an application which uses OpenSSL could behave differently based on whether a record contained valid padding or not)
- Attacker can learn plaintext by modifying ciphertext and observing different behaviour
[USN-3900-1] GD vulnerabilities
- 2 CVEs addressed in Trusty, Xenial, Bionic, Cosmic
- Double free if failed to properly extract image file - crash -> DoS
- Heap-based buffer overflow in color matching (able to be triggered by a specially crafted image) - crash -> DoS, possible code execution
Goings on in Ubuntu Security Community
Comparison of Linux Hardening across distributions
- https://capsule8.com/blog/millions-of-binaries-later-a-look-into-linux-hardening-in-the-wild/
- Analyses binaries from various Linux distributions looking for hardening features (OpenSUSE, Debian, CentOS, RHEL & Ubuntu)
- Compare kernel configuration vs KSPP recommendations
- Ubuntu 18.04 ranks highest, due to proactive hardening features baked into toolchain and newer kernel taking advantage of KSPP upstream features
- gcc is patched so anyone building on Ubuntu gets these features
- build.snapcraft.io too
- however is missing stack clash mitigation
- Plan to add more hardening features for 19.10 (stack clash and control-flow integrity support via gcc) and review kernel options cf. KSPP
Q&A
Does numerous bugs and regressions in Ghostscript indicate it is reaching it’s EOL?
- doc-E-brown via twitter
- Lots of recent focus -> finds bugs
- ghostscript codebase is old and gnarly and some fixes have been quite invasive
- Any new code could introduce new bugs - particularly complicated fixes -> creates more bugs (regressions)
- (as doc-E-brown suggests, regressions indicate old code-base)
- Tavis (and others) seem to be looking elsewhere but likely still more bugs to be found
- Would be great if GS could either be made safer or a safer alternative but no-one is stepping up
- Sadly No good viable alternative currently
Hiring
Ubuntu Security Generalist
Robotics Security Engineer
Security Automation Engineer
Get in contact
231 episodes
Share
Manage episode 228494537 series 2423058
Content provided by Alex Murray and Ubuntu Security Team. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Alex Murray and Ubuntu Security Team or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Overview
This week we cover security updates including Firefox, Thunderbird, OpenSSL and another Ghostscript regression, plus we look at a recent report from Capsule8 comparing Linux hardening features across various distributions and we answer some listener questions.
This week in Ubuntu Security Updates
16 unique CVEs addressed
[USN-3893-2] Bind vulnerabilities
- 2 CVEs addressed in Precise ESM
- Covered last week in Episode 21 for regular Ubuntu releases
[USN-3866-3] Ghostscript regression
- Affecting Trusty, Xenial, Bionic, Cosmic
- Mentioned last week briefly
- Previous update to Ghostscript introduced a regression (blue background)
- See later for information
[USN-3894-1] GNOME Keyring vulnerability
- 1 CVEs addressed in Trusty, Xenial
- Already fixed upstream (hence doesn’t apply to Bionic / Cosmic etc)
- User’s login password kept in memory of child process after pam session is opened
- Could be dumped by root user or captured in crash dump etc and possibly exposed
- Other tools exist to try and extract from memory as well (minipenguin etc)
- Fix is to simply reset this after pam session is opened
[USN-3895-1] LDB vulnerability
- 1 CVEs addressed in Trusty, Xenial, Bionic, Cosmic
- LDAP-like embedded database (used by Samba and others)
- Authenticated user can cause OOB read when searching LDAP backend of AD DC with a search string containing multiple wildcards - crash -> DoS
[USN-3896-1] Firefox vulnerabilities
- 3 CVEs addressed in Trusty, Xenial, Bionic, Cosmic
- Firefox 65
- Use-after-free and integer overflow in Skia library (vector graphics library, similar to cairo)
- Cross-origin image theft - able to read from canvas element in violation of same-origin policy using transferFromImageBitmap() method
[USN-3897-1] Thunderbird vulnerabilities
- 7 CVEs addressed in Trusty, Xenial, Bionic, Cosmic
- Thunderbird 60.5.1
- Use-after-free and integer overflow in Skia library (vector graphics library, similar to cairo)
- Show messages with an invalid (reused) S/MIME signature as being verified
- UAF parsing HTML5 stream with custom HTML elements
- UAF in embedded libical via a crafted ICS file
[USN-3898-1, USN-3898-2] NSS vulnerability
- 1 CVEs addressed in Precise ESM, Trusty, Xenial, Bionic, Cosmic
- Several NULL pointer dereferences -> crash -> DoS
[USN-3899-1] OpenSSL vulnerability
- 1 CVEs addressed in Xenial, Bionic, Cosmic
- Possible padding oracle (an application which uses OpenSSL could behave differently based on whether a record contained valid padding or not)
- Attacker can learn plaintext by modifying ciphertext and observing different behaviour
[USN-3900-1] GD vulnerabilities
- 2 CVEs addressed in Trusty, Xenial, Bionic, Cosmic
- Double free if failed to properly extract image file - crash -> DoS
- Heap-based buffer overflow in color matching (able to be triggered by a specially crafted image) - crash -> DoS, possible code execution
Goings on in Ubuntu Security Community
Comparison of Linux Hardening across distributions
- https://capsule8.com/blog/millions-of-binaries-later-a-look-into-linux-hardening-in-the-wild/
- Analyses binaries from various Linux distributions looking for hardening features (OpenSUSE, Debian, CentOS, RHEL & Ubuntu)
- Compare kernel configuration vs KSPP recommendations
- Ubuntu 18.04 ranks highest, due to proactive hardening features baked into toolchain and newer kernel taking advantage of KSPP upstream features
- gcc is patched so anyone building on Ubuntu gets these features
- build.snapcraft.io too
- however is missing stack clash mitigation
- Plan to add more hardening features for 19.10 (stack clash and control-flow integrity support via gcc) and review kernel options cf. KSPP
Q&A
Does numerous bugs and regressions in Ghostscript indicate it is reaching it’s EOL?
- doc-E-brown via twitter
- Lots of recent focus -> finds bugs
- ghostscript codebase is old and gnarly and some fixes have been quite invasive
- Any new code could introduce new bugs - particularly complicated fixes -> creates more bugs (regressions)
- (as doc-E-brown suggests, regressions indicate old code-base)
- Tavis (and others) seem to be looking elsewhere but likely still more bugs to be found
- Would be great if GS could either be made safer or a safer alternative but no-one is stepping up
- Sadly No good viable alternative currently
Hiring
Ubuntu Security Generalist
Robotics Security Engineer
Security Automation Engineer
Get in contact
231 episodes
All episodes
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to Ubuntu Security Podcast
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
