This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Content provided by Alex Murray and Ubuntu Security Team. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Alex Murray and Ubuntu Security Team or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Similar to Ubuntu Security Podcast
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Episode 24
Manage episode 229566276 series 2423058
Content provided by Alex Murray and Ubuntu Security Team. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Alex Murray and Ubuntu Security Team or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Overview
A look at recent fixes for vulnerabilities in poppler, WALinuxAgent, the Linux kernel and more. We also talk about some listener feedback on Ubuntu hardening and the launch of Ubuntu 14.04 ESM.
This week in Ubuntu Security Updates
18 unique CVEs addressed
[USN-3905-1] poppler vulnerability
- 1 CVEs addressed in Trusty, Xenial, Bionic, Cosmic
- Heap-based buffer underwrite (index into array using negative index) - write into heap memory which preceeds the intended buffer - heap corruption - crash -> DoS, possible code execution
- Found by fuzzing and AddressSanitizer in clang
[USN-3906-1] LibTIFF vulnerabilities
- 6 CVEs addressed in Trusty, Xenial, Bionic, Cosmic
- All DoS, one possible code-execution:
- Dereference of an invalid address (read from invalid memory location)
- Heap buffer overread
- 2x NULL pointer dereferences
- Memory leak
- Heap buffer overflow - possible code execution
[USN-3907-1] WALinuxAgent vulnerability
- 1 CVEs addressed in Trusty, Xenial, Bionic, Cosmic
- WALinuxAgent used to manage instances of Ubuntu (and other Linux distributions) running on Azure
- Can be used to configure swap space for a given image
- would then create a swap file (/mnt/swapfile) BUT would make it world-readable
- so any local user could read it - if keys or other sensitive items were in memory that got swapped to disk could be read by all
- Fixed to make this readable only by root and to also correct the permissions on any existing swapfile as well
[USN-3902-2] PHP vulnerabilities
- 4 CVEs addressed in Precise ESM
- See last week’s Episode 23 - discussed for Xenial and Trusty - fixed now for Precise ESM as well
[USN-3910-1, USN-3910-2] Linux kernel vulnerabilities
- 5 CVEs addressed in Xenial and Trusty (Xenial HWE)
- 2 of these discussed in previous episodes Episode 23 (PolicyKit start time, DoS via mmaping a FUSE-backed file into processes memory containing command-line args)
- Trigger of BUG_ON() in kernel (like assert() for kernel code) due to integer overflow from large pgoff parameter to remap_file_pages() when used in conjuction with an existing mmap() -> crash -> DoS
- OOB read in USB driver for Option High Speed mobile devices - would read a descriptor from the USB device as a u8 and then index into an array with this without checking whether it fell within the array
- NULL pointer dereference in f2fs driver via use of noflush_merge mount option
[USN-3908-1, USN-3908-2] Linux kernel vulnerability
- 1 CVEs addressed in Trusty and Precise ESM (Trusty HWE)
- See last week’s Episode 23 - discussed for Bionic kernel - now for Trusty kernel (and the Trusty HWE kernel backported to Precise ESM)
- PolicyKit start time issue, fixed in kernel
[USN-3909-1] libvirt vulnerability
- 1 CVEs addressed in Xenial, Bionic, Cosmic
- NULL pointer dereference in libvirt if agent does not reply in time (say guest is being shutdown) - crash host libvirt -> DoS
Goings on in Ubuntu Security Community
Ubuntu Hardening Response
- Alexander Popov
- Responsible for getting STACKLEAK into the mainline kernel
- Pointed out his Linux Kernel Defence Map and kconfig hardened check
- We use kconfig hardened check internall and tyhicks has contributed various improvements which allow this to be used to check the various Ubuntu kernel configurations
Extended Security Maintenance for Ubuntu 14.04 (Trusty Tahr) begins April 25 2019
- https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-March/004800.html
- Ubuntu 14.04 LTS will transition to Extended Security Maintenance on Tuesday 25th April
- Encourage users to upgrade to Xenial (and then Bionic)
- ESM for 14.04 provided to customers via Ubuntu Advantage
- Further details regarding ESM
Hiring
Ubuntu Security Generalist
Robotics Security Engineer
Get in contact
231 episodes
Share
Manage episode 229566276 series 2423058
Content provided by Alex Murray and Ubuntu Security Team. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Alex Murray and Ubuntu Security Team or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Overview
A look at recent fixes for vulnerabilities in poppler, WALinuxAgent, the Linux kernel and more. We also talk about some listener feedback on Ubuntu hardening and the launch of Ubuntu 14.04 ESM.
This week in Ubuntu Security Updates
18 unique CVEs addressed
[USN-3905-1] poppler vulnerability
- 1 CVEs addressed in Trusty, Xenial, Bionic, Cosmic
- Heap-based buffer underwrite (index into array using negative index) - write into heap memory which preceeds the intended buffer - heap corruption - crash -> DoS, possible code execution
- Found by fuzzing and AddressSanitizer in clang
[USN-3906-1] LibTIFF vulnerabilities
- 6 CVEs addressed in Trusty, Xenial, Bionic, Cosmic
- All DoS, one possible code-execution:
- Dereference of an invalid address (read from invalid memory location)
- Heap buffer overread
- 2x NULL pointer dereferences
- Memory leak
- Heap buffer overflow - possible code execution
[USN-3907-1] WALinuxAgent vulnerability
- 1 CVEs addressed in Trusty, Xenial, Bionic, Cosmic
- WALinuxAgent used to manage instances of Ubuntu (and other Linux distributions) running on Azure
- Can be used to configure swap space for a given image
- would then create a swap file (/mnt/swapfile) BUT would make it world-readable
- so any local user could read it - if keys or other sensitive items were in memory that got swapped to disk could be read by all
- Fixed to make this readable only by root and to also correct the permissions on any existing swapfile as well
[USN-3902-2] PHP vulnerabilities
- 4 CVEs addressed in Precise ESM
- See last week’s Episode 23 - discussed for Xenial and Trusty - fixed now for Precise ESM as well
[USN-3910-1, USN-3910-2] Linux kernel vulnerabilities
- 5 CVEs addressed in Xenial and Trusty (Xenial HWE)
- 2 of these discussed in previous episodes Episode 23 (PolicyKit start time, DoS via mmaping a FUSE-backed file into processes memory containing command-line args)
- Trigger of BUG_ON() in kernel (like assert() for kernel code) due to integer overflow from large pgoff parameter to remap_file_pages() when used in conjuction with an existing mmap() -> crash -> DoS
- OOB read in USB driver for Option High Speed mobile devices - would read a descriptor from the USB device as a u8 and then index into an array with this without checking whether it fell within the array
- NULL pointer dereference in f2fs driver via use of noflush_merge mount option
[USN-3908-1, USN-3908-2] Linux kernel vulnerability
- 1 CVEs addressed in Trusty and Precise ESM (Trusty HWE)
- See last week’s Episode 23 - discussed for Bionic kernel - now for Trusty kernel (and the Trusty HWE kernel backported to Precise ESM)
- PolicyKit start time issue, fixed in kernel
[USN-3909-1] libvirt vulnerability
- 1 CVEs addressed in Xenial, Bionic, Cosmic
- NULL pointer dereference in libvirt if agent does not reply in time (say guest is being shutdown) - crash host libvirt -> DoS
Goings on in Ubuntu Security Community
Ubuntu Hardening Response
- Alexander Popov
- Responsible for getting STACKLEAK into the mainline kernel
- Pointed out his Linux Kernel Defence Map and kconfig hardened check
- We use kconfig hardened check internall and tyhicks has contributed various improvements which allow this to be used to check the various Ubuntu kernel configurations
Extended Security Maintenance for Ubuntu 14.04 (Trusty Tahr) begins April 25 2019
- https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-March/004800.html
- Ubuntu 14.04 LTS will transition to Extended Security Maintenance on Tuesday 25th April
- Encourage users to upgrade to Xenial (and then Bionic)
- ESM for 14.04 provided to customers via Ubuntu Advantage
- Further details regarding ESM
Hiring
Ubuntu Security Generalist
Robotics Security Engineer
Get in contact
231 episodes
All episodes
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to Ubuntu Security Podcast
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
