This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Content provided by Alex Murray and Ubuntu Security Team. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Alex Murray and Ubuntu Security Team or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Similar to Ubuntu Security Podcast
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Episode 30
Manage episode 232792249 series 2423058
Content provided by Alex Murray and Ubuntu Security Team. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Alex Murray and Ubuntu Security Team or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Overview
Fixes for 19 different vulnerabilities across MySQL, Dovecot, Memcached and others, plus we talk to Joe McManus about the recent iLnkP2P IoT hack and the compromise of DockerHub’s credentials database and more.
This week in Ubuntu Security Updates
19 unique CVEs addressed
[USN-3957-1] MySQL vulnerabilities
- 8 CVEs addressed in Xenial, Bionic, Cosmic, Disco
- Latest upstream version 5.7.26 includes fixes for 8 different issues including:
- Unauthenticated remote attacker could gain complete access to all MySQL server data
- Multiple versions of privileged attacker could hang / crash MySQL server
[USN-3958-1] GStreamer Base Plugins vulnerability
- 1 CVEs addressed in Xenial, Bionic, Cosmic
- Heap based buffer overflow in RTSP connection parser - could allow a malicious server to gain remote code execution on the client - session id can contain attributes separated by semi-colons - would assume when encountering a semi-colon that this delimits the maximum size of the session id - however the session id has a maximum size of 512 bytes - would overflow by using the user-supplied session id length rather than sticking to the maximum structure length - changed to only parse up to the maximum size of the structure to ensure we then don’t overflow when copying
[USN-3959-1] Evince vulnerability
- 1 CVEs addressed in Xenial, Bionic, Cosmic, Disco
- Failed to check return values when calling functions for libTIFF - these return the pixel data from an embedded TIFF image - on failure would end up rendering uninitialised memory rather than the TIFF image - fixed to check return values and bail out on error
[USN-3960-1] WavPack vulnerability
- 1 CVEs addressed in Bionic, Cosmic, Disco
- Fuzzing via valgrind - found if no sample rate was specified then a stack declared but uninitialized value would be used - could cause a crash etc since could be anything - fixed to initialise it to 0 and to check if still zero before proceeding to process
[USN-3961-1] Dovecot vulnerabilities
- 2 CVEs addressed in Cosmic, Disco
- Two issues related to authentication in recent versions of dovecot - if client aborts authentication the serer could crash due to a NULL pointer dereference, and if using TLS but send an invalid authentication message could crash as well
[USN-3962-1] libpng vulnerability
- 1 CVEs addressed in Bionic, Cosmic
- Use after free in png image cleanup - originally was called under png_safe_execute() - this is an internal function which itself calls png_image_free() - so after freeing the image would free it a second time in certain conditions - changed to just call the free function directly rather than via png_safe_execute()
[USN-3963-1] Memcached vulnerability
- 1 CVEs addressed in Bionic, Cosmic, Disco
- Possible NULL pointer dereference via local command interface due to insufficient checks when parsing input - commands require 4 input tokens but only checked for 3 (off-by-one) - could allow an attacker with access to the command interface to crash memcached
[USN-3953-2] PHP vulnerabilities
- 2 CVEs addressed in Precise ESM, Trusty ESM
- Episode 29 covered these for standard supported releases - this update is for the ESM releases - two bugs in EXIF tag handling
[USN-3964-1] python-gnupg vulnerabilities
- 2 CVEs addressed in Bionic, Cosmic, Disco
- Possible to trick gnupg to decrypt ciphertext other than the intended one when an attacker can control the passphrase to gnupg and the ciphertext is assumed trusted - this uses the command-interface of gnupg and passes the passphrase directly to it - along with the ciphertext - so if attacker includes newlines in the supplied passphrase can then inject their own ciphertext (or plaintext in the context of encryption) - fixed to check passphrase does not contain line-feed or carriage return characters
- Possible to trick by including what looks like the return response from gnupg directly in the filename to be decrypted when using verbose output mode - fixed by sanitising this filename first
Discussion with Joe McManus about another IoT compromise and DockerHub
- https://krebsonsecurity.com/2019/04/p2p-weakness-exposes-millions-of-iot-devices/
- https://www.zdnet.com/article/over-two-million-iot-devices-vulnerable-because-of-p2p-component-flaws/
- https://www.zdnet.com/article/docker-hub-hack-exposed-data-of-190000-users/
Goings on in Ubuntu Security Community
Hiring
Robotics Security Engineer
Get in contact
231 episodes
Share
Manage episode 232792249 series 2423058
Content provided by Alex Murray and Ubuntu Security Team. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Alex Murray and Ubuntu Security Team or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Overview
Fixes for 19 different vulnerabilities across MySQL, Dovecot, Memcached and others, plus we talk to Joe McManus about the recent iLnkP2P IoT hack and the compromise of DockerHub’s credentials database and more.
This week in Ubuntu Security Updates
19 unique CVEs addressed
[USN-3957-1] MySQL vulnerabilities
- 8 CVEs addressed in Xenial, Bionic, Cosmic, Disco
- Latest upstream version 5.7.26 includes fixes for 8 different issues including:
- Unauthenticated remote attacker could gain complete access to all MySQL server data
- Multiple versions of privileged attacker could hang / crash MySQL server
[USN-3958-1] GStreamer Base Plugins vulnerability
- 1 CVEs addressed in Xenial, Bionic, Cosmic
- Heap based buffer overflow in RTSP connection parser - could allow a malicious server to gain remote code execution on the client - session id can contain attributes separated by semi-colons - would assume when encountering a semi-colon that this delimits the maximum size of the session id - however the session id has a maximum size of 512 bytes - would overflow by using the user-supplied session id length rather than sticking to the maximum structure length - changed to only parse up to the maximum size of the structure to ensure we then don’t overflow when copying
[USN-3959-1] Evince vulnerability
- 1 CVEs addressed in Xenial, Bionic, Cosmic, Disco
- Failed to check return values when calling functions for libTIFF - these return the pixel data from an embedded TIFF image - on failure would end up rendering uninitialised memory rather than the TIFF image - fixed to check return values and bail out on error
[USN-3960-1] WavPack vulnerability
- 1 CVEs addressed in Bionic, Cosmic, Disco
- Fuzzing via valgrind - found if no sample rate was specified then a stack declared but uninitialized value would be used - could cause a crash etc since could be anything - fixed to initialise it to 0 and to check if still zero before proceeding to process
[USN-3961-1] Dovecot vulnerabilities
- 2 CVEs addressed in Cosmic, Disco
- Two issues related to authentication in recent versions of dovecot - if client aborts authentication the serer could crash due to a NULL pointer dereference, and if using TLS but send an invalid authentication message could crash as well
[USN-3962-1] libpng vulnerability
- 1 CVEs addressed in Bionic, Cosmic
- Use after free in png image cleanup - originally was called under png_safe_execute() - this is an internal function which itself calls png_image_free() - so after freeing the image would free it a second time in certain conditions - changed to just call the free function directly rather than via png_safe_execute()
[USN-3963-1] Memcached vulnerability
- 1 CVEs addressed in Bionic, Cosmic, Disco
- Possible NULL pointer dereference via local command interface due to insufficient checks when parsing input - commands require 4 input tokens but only checked for 3 (off-by-one) - could allow an attacker with access to the command interface to crash memcached
[USN-3953-2] PHP vulnerabilities
- 2 CVEs addressed in Precise ESM, Trusty ESM
- Episode 29 covered these for standard supported releases - this update is for the ESM releases - two bugs in EXIF tag handling
[USN-3964-1] python-gnupg vulnerabilities
- 2 CVEs addressed in Bionic, Cosmic, Disco
- Possible to trick gnupg to decrypt ciphertext other than the intended one when an attacker can control the passphrase to gnupg and the ciphertext is assumed trusted - this uses the command-interface of gnupg and passes the passphrase directly to it - along with the ciphertext - so if attacker includes newlines in the supplied passphrase can then inject their own ciphertext (or plaintext in the context of encryption) - fixed to check passphrase does not contain line-feed or carriage return characters
- Possible to trick by including what looks like the return response from gnupg directly in the filename to be decrypted when using verbose output mode - fixed by sanitising this filename first
Discussion with Joe McManus about another IoT compromise and DockerHub
- https://krebsonsecurity.com/2019/04/p2p-weakness-exposes-millions-of-iot-devices/
- https://www.zdnet.com/article/over-two-million-iot-devices-vulnerable-because-of-p2p-component-flaws/
- https://www.zdnet.com/article/docker-hub-hack-exposed-data-of-190000-users/
Goings on in Ubuntu Security Community
Hiring
Robotics Security Engineer
Get in contact
231 episodes
所有剧集
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to Ubuntu Security Podcast
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
