This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Content provided by Alex Murray and Ubuntu Security Team. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Alex Murray and Ubuntu Security Team or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
Episode 24
MP3•Episode home
Manage episode 229566276 series 2423058
Content provided by Alex Murray and Ubuntu Security Team. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Alex Murray and Ubuntu Security Team or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Overview
A look at recent fixes for vulnerabilities in poppler, WALinuxAgent, the Linux kernel and more. We also talk about some listener feedback on Ubuntu hardening and the launch of Ubuntu 14.04 ESM.
This week in Ubuntu Security Updates
18 unique CVEs addressed
[USN-3905-1] poppler vulnerability
- 1 CVEs addressed in Trusty, Xenial, Bionic, Cosmic
- Heap-based buffer underwrite (index into array using negative index) - write into heap memory which preceeds the intended buffer - heap corruption - crash -> DoS, possible code execution
- Found by fuzzing and AddressSanitizer in clang
[USN-3906-1] LibTIFF vulnerabilities
- 6 CVEs addressed in Trusty, Xenial, Bionic, Cosmic
- All DoS, one possible code-execution:
- Dereference of an invalid address (read from invalid memory location)
- Heap buffer overread
- 2x NULL pointer dereferences
- Memory leak
- Heap buffer overflow - possible code execution
[USN-3907-1] WALinuxAgent vulnerability
- 1 CVEs addressed in Trusty, Xenial, Bionic, Cosmic
- WALinuxAgent used to manage instances of Ubuntu (and other Linux distributions) running on Azure
- Can be used to configure swap space for a given image
- would then create a swap file (/mnt/swapfile) BUT would make it world-readable
- so any local user could read it - if keys or other sensitive items were in memory that got swapped to disk could be read by all
- Fixed to make this readable only by root and to also correct the permissions on any existing swapfile as well
[USN-3902-2] PHP vulnerabilities
- 4 CVEs addressed in Precise ESM
- See last week’s Episode 23 - discussed for Xenial and Trusty - fixed now for Precise ESM as well
[USN-3910-1, USN-3910-2] Linux kernel vulnerabilities
- 5 CVEs addressed in Xenial and Trusty (Xenial HWE)
- 2 of these discussed in previous episodes Episode 23 (PolicyKit start time, DoS via mmaping a FUSE-backed file into processes memory containing command-line args)
- Trigger of BUG_ON() in kernel (like assert() for kernel code) due to integer overflow from large pgoff parameter to remap_file_pages() when used in conjuction with an existing mmap() -> crash -> DoS
- OOB read in USB driver for Option High Speed mobile devices - would read a descriptor from the USB device as a u8 and then index into an array with this without checking whether it fell within the array
- NULL pointer dereference in f2fs driver via use of noflush_merge mount option
[USN-3908-1, USN-3908-2] Linux kernel vulnerability
- 1 CVEs addressed in Trusty and Precise ESM (Trusty HWE)
- See last week’s Episode 23 - discussed for Bionic kernel - now for Trusty kernel (and the Trusty HWE kernel backported to Precise ESM)
- PolicyKit start time issue, fixed in kernel
[USN-3909-1] libvirt vulnerability
- 1 CVEs addressed in Xenial, Bionic, Cosmic
- NULL pointer dereference in libvirt if agent does not reply in time (say guest is being shutdown) - crash host libvirt -> DoS
Goings on in Ubuntu Security Community
Ubuntu Hardening Response
- Alexander Popov
- Responsible for getting STACKLEAK into the mainline kernel
- Pointed out his Linux Kernel Defence Map and kconfig hardened check
- We use kconfig hardened check internall and tyhicks has contributed various improvements which allow this to be used to check the various Ubuntu kernel configurations
Extended Security Maintenance for Ubuntu 14.04 (Trusty Tahr) begins April 25 2019
- https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-March/004800.html
- Ubuntu 14.04 LTS will transition to Extended Security Maintenance on Tuesday 25th April
- Encourage users to upgrade to Xenial (and then Bionic)
- ESM for 14.04 provided to customers via Ubuntu Advantage
- Further details regarding ESM
Hiring
Ubuntu Security Generalist
Robotics Security Engineer
Get in contact
231 episodes
MP3•Episode home
Manage episode 229566276 series 2423058
Content provided by Alex Murray and Ubuntu Security Team. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Alex Murray and Ubuntu Security Team or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Overview
A look at recent fixes for vulnerabilities in poppler, WALinuxAgent, the Linux kernel and more. We also talk about some listener feedback on Ubuntu hardening and the launch of Ubuntu 14.04 ESM.
This week in Ubuntu Security Updates
18 unique CVEs addressed
[USN-3905-1] poppler vulnerability
- 1 CVEs addressed in Trusty, Xenial, Bionic, Cosmic
- Heap-based buffer underwrite (index into array using negative index) - write into heap memory which preceeds the intended buffer - heap corruption - crash -> DoS, possible code execution
- Found by fuzzing and AddressSanitizer in clang
[USN-3906-1] LibTIFF vulnerabilities
- 6 CVEs addressed in Trusty, Xenial, Bionic, Cosmic
- All DoS, one possible code-execution:
- Dereference of an invalid address (read from invalid memory location)
- Heap buffer overread
- 2x NULL pointer dereferences
- Memory leak
- Heap buffer overflow - possible code execution
[USN-3907-1] WALinuxAgent vulnerability
- 1 CVEs addressed in Trusty, Xenial, Bionic, Cosmic
- WALinuxAgent used to manage instances of Ubuntu (and other Linux distributions) running on Azure
- Can be used to configure swap space for a given image
- would then create a swap file (/mnt/swapfile) BUT would make it world-readable
- so any local user could read it - if keys or other sensitive items were in memory that got swapped to disk could be read by all
- Fixed to make this readable only by root and to also correct the permissions on any existing swapfile as well
[USN-3902-2] PHP vulnerabilities
- 4 CVEs addressed in Precise ESM
- See last week’s Episode 23 - discussed for Xenial and Trusty - fixed now for Precise ESM as well
[USN-3910-1, USN-3910-2] Linux kernel vulnerabilities
- 5 CVEs addressed in Xenial and Trusty (Xenial HWE)
- 2 of these discussed in previous episodes Episode 23 (PolicyKit start time, DoS via mmaping a FUSE-backed file into processes memory containing command-line args)
- Trigger of BUG_ON() in kernel (like assert() for kernel code) due to integer overflow from large pgoff parameter to remap_file_pages() when used in conjuction with an existing mmap() -> crash -> DoS
- OOB read in USB driver for Option High Speed mobile devices - would read a descriptor from the USB device as a u8 and then index into an array with this without checking whether it fell within the array
- NULL pointer dereference in f2fs driver via use of noflush_merge mount option
[USN-3908-1, USN-3908-2] Linux kernel vulnerability
- 1 CVEs addressed in Trusty and Precise ESM (Trusty HWE)
- See last week’s Episode 23 - discussed for Bionic kernel - now for Trusty kernel (and the Trusty HWE kernel backported to Precise ESM)
- PolicyKit start time issue, fixed in kernel
[USN-3909-1] libvirt vulnerability
- 1 CVEs addressed in Xenial, Bionic, Cosmic
- NULL pointer dereference in libvirt if agent does not reply in time (say guest is being shutdown) - crash host libvirt -> DoS
Goings on in Ubuntu Security Community
Ubuntu Hardening Response
- Alexander Popov
- Responsible for getting STACKLEAK into the mainline kernel
- Pointed out his Linux Kernel Defence Map and kconfig hardened check
- We use kconfig hardened check internall and tyhicks has contributed various improvements which allow this to be used to check the various Ubuntu kernel configurations
Extended Security Maintenance for Ubuntu 14.04 (Trusty Tahr) begins April 25 2019
- https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-March/004800.html
- Ubuntu 14.04 LTS will transition to Extended Security Maintenance on Tuesday 25th April
- Encourage users to upgrade to Xenial (and then Bionic)
- ESM for 14.04 provided to customers via Ubuntu Advantage
- Further details regarding ESM
Hiring
Ubuntu Security Generalist
Robotics Security Engineer
Get in contact
231 episodes
All episodes
×Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.