This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Content provided by Alex Murray and Ubuntu Security Team. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Alex Murray and Ubuntu Security Team or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
Episode 50
MP3•Episode home
Manage episode 244953762 series 2423058
Content provided by Alex Murray and Ubuntu Security Team. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Alex Murray and Ubuntu Security Team or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Overview
Alex and Joe discuss the big news of this week - the release of Ubuntu 19.10 Eoan Ermine - plus we look at updates for the Linux kernel, libxslt, UW IMAP and more.
This week in Ubuntu Security Updates
51 unique CVEs addressed
[USN-4156-2] SDL vulnerabilities [00:37]
- 11 CVEs addressed in Precise ESM, Trusty ESM
- Covered in Episode 49 and Episode 48
[USN-4160-1] UW IMAP vulnerability [01:04]
- 1 CVEs addressed in Xenial, Bionic, Disco
- University of Washington IMAP toolkit (used by PHP for it’s IMAP implementation)
- Used rsh to implement various operations - wouldn’t try and sanitize the provided hostname - so if attacker could provide a hostname/mailbox to php’s IMAP without any validation could execute arbitrary commands on the host
- Fixed by turning off the rsh based functionality by default in PHP - if you still want this you can set imap.enable_insecure_rsh but this is not advised…
[USN-4158-1] LibTIFF vulnerabilities [02:17]
- 2 CVEs addressed in Xenial, Bionic, Disco
- Integer overflow -> heap based buffer overflow -> crash, DoS or code execution
- (Low) Integer overflow due to undefined behaviour in existing overflow checking code when multiplying various elements -> no known way to exploit
[USN-4155-2] Aspell vulnerability [03:13]
- 1 CVEs addressed in Eoan
- Episode 49 covered for older releases - Eoan is now out so updated there too
[USN-4159-1] Exiv2 vulnerability [03:31]
- 1 CVEs addressed in Xenial, Bionic, Disco, Eoan
- OOB read -> crash, DoS
[USN-4164-1] Libxslt vulnerabilities [03:44]
- 3 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Disco, Eoan
- OSS-Fuzz found 3 issues
- possible heap buffer overflow as a result of a dangling pointer - so same memory area could be reused for future memory operations -> fixed to reset the pointer when done
- 2 low priority issues - both stack memory info disclosures
[USN-4157-1, USN-4157-2] Linux kernel vulnerabilities [04:59]
- 9 CVEs addressed in Bionic (HWE) and Disco
- Integer overflow -> buffer overflow -> root privesc in binder
- Reintroduction of Spectre v1 vulnerability in ptrace subsystem - Brad Spengler - fixed properly in Linus’ tree but not when it got backported to the stable tree - two lines of code got reordered - so load of possible speculative value occurred _after_it had been used - so the speculative load barrier had no effect - Ubuntu regularly backports fixes from the latest stable tree so we ended up affected as well
- Possible DoS (kernel crash) if users can write to /dev/kvm - by default on Ubuntu users don’t have this privilege so generally not affected
- 2 different heap based buffer overflows in Marvell Wifi driver -> occurred when setting parameters for the driver so could be triggered by a local users -> crash, DoS or possible code execution
[USN-4161-1] Linux kernel vulnerability [07:40]
- 1 CVEs addressed in Eoan
- Eoan kernel “0-day” - will discuss with Joe later
[USN-4162-1] Linux kernel vulnerabilities [07:58]
- 10 CVEs addressed in Trusty ESM (Azure), Xenial (HWE), Bionic
- SMB based buffer overread if try mounting a share with version specified as 3.0 but the share itself is version 2.10 -> parameter size mismatch -> read of too much memory -> info disclosure
- UAF in RSI 91x Wi-Fi driver -> able to be triggered by a remote network peer -> crash, DoS or possible RCE
- ptrace spectrev1 reissue, KVM crash, Marvell Wifi Driver issues from above
- USB audio issues from Episode 48 (Disco kernel -> now fixed in Bionic kernel as well)
[USN-4163-1, USN-4163-2] Linux kernel vulnerabilities [09:29]
- 10 CVEs addressed in Xenial and Trusty ESM (HWE)
- Spectrev1 reissue, USB Audio, KVM crash, Marvell and RSI 91x WiFi Driver issues all covered earlier
- Serial attached SCSI implementation mishandled error condition leading to deadlock -> local user could possibly trigger this leading to a DoS
[LSN-0058-1] Linux kernel vulnerability [10:09]
- 22 CVEs addressed in Bionic and Xenial + Xenial (HWE)
- CVE-2019-14835
- CVE-2019-14821
- CVE-2019-14816
- CVE-2019-14815
- CVE-2019-14814
- CVE-2019-14284
- CVE-2019-14283
- CVE-2019-12614
- CVE-2019-11833
- CVE-2019-11478
- CVE-2019-11477
- CVE-2019-10207
- CVE-2019-10126
- CVE-2019-3846
- CVE-2019-2181
- CVE-2019-2054
- CVE-2019-0136
- CVE-2018-21008
- CVE-2018-20976
- CVE-2018-20961
- CVE-2018-20856
- CVE-2016-10905
- Most all covered in previous episodes or previously in this episode
- 2 high priority issues
- vhost_net issue from Episode 47
- SACKPanic from Episode 37
Goings on in Ubuntu Security Community
Joe and Alex on Ubuntu 19.10 (Eoan Ermine) released but with possible local user kernel DoS bug [11:02]
- https://twitter.com/sylvia_ritter
- https://www.phoronix.com/scan.php?page=news_item&px=Ubuntu-19.10-Kernel-Bug
- Mitigate by installing the latest eoan kernel update or by disabling user namspaces: sysctl user.max_user_namespaces=0
Get in contact
230 episodes
MP3•Episode home
Manage episode 244953762 series 2423058
Content provided by Alex Murray and Ubuntu Security Team. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Alex Murray and Ubuntu Security Team or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Overview
Alex and Joe discuss the big news of this week - the release of Ubuntu 19.10 Eoan Ermine - plus we look at updates for the Linux kernel, libxslt, UW IMAP and more.
This week in Ubuntu Security Updates
51 unique CVEs addressed
[USN-4156-2] SDL vulnerabilities [00:37]
- 11 CVEs addressed in Precise ESM, Trusty ESM
- Covered in Episode 49 and Episode 48
[USN-4160-1] UW IMAP vulnerability [01:04]
- 1 CVEs addressed in Xenial, Bionic, Disco
- University of Washington IMAP toolkit (used by PHP for it’s IMAP implementation)
- Used rsh to implement various operations - wouldn’t try and sanitize the provided hostname - so if attacker could provide a hostname/mailbox to php’s IMAP without any validation could execute arbitrary commands on the host
- Fixed by turning off the rsh based functionality by default in PHP - if you still want this you can set imap.enable_insecure_rsh but this is not advised…
[USN-4158-1] LibTIFF vulnerabilities [02:17]
- 2 CVEs addressed in Xenial, Bionic, Disco
- Integer overflow -> heap based buffer overflow -> crash, DoS or code execution
- (Low) Integer overflow due to undefined behaviour in existing overflow checking code when multiplying various elements -> no known way to exploit
[USN-4155-2] Aspell vulnerability [03:13]
- 1 CVEs addressed in Eoan
- Episode 49 covered for older releases - Eoan is now out so updated there too
[USN-4159-1] Exiv2 vulnerability [03:31]
- 1 CVEs addressed in Xenial, Bionic, Disco, Eoan
- OOB read -> crash, DoS
[USN-4164-1] Libxslt vulnerabilities [03:44]
- 3 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Disco, Eoan
- OSS-Fuzz found 3 issues
- possible heap buffer overflow as a result of a dangling pointer - so same memory area could be reused for future memory operations -> fixed to reset the pointer when done
- 2 low priority issues - both stack memory info disclosures
[USN-4157-1, USN-4157-2] Linux kernel vulnerabilities [04:59]
- 9 CVEs addressed in Bionic (HWE) and Disco
- Integer overflow -> buffer overflow -> root privesc in binder
- Reintroduction of Spectre v1 vulnerability in ptrace subsystem - Brad Spengler - fixed properly in Linus’ tree but not when it got backported to the stable tree - two lines of code got reordered - so load of possible speculative value occurred _after_it had been used - so the speculative load barrier had no effect - Ubuntu regularly backports fixes from the latest stable tree so we ended up affected as well
- Possible DoS (kernel crash) if users can write to /dev/kvm - by default on Ubuntu users don’t have this privilege so generally not affected
- 2 different heap based buffer overflows in Marvell Wifi driver -> occurred when setting parameters for the driver so could be triggered by a local users -> crash, DoS or possible code execution
[USN-4161-1] Linux kernel vulnerability [07:40]
- 1 CVEs addressed in Eoan
- Eoan kernel “0-day” - will discuss with Joe later
[USN-4162-1] Linux kernel vulnerabilities [07:58]
- 10 CVEs addressed in Trusty ESM (Azure), Xenial (HWE), Bionic
- SMB based buffer overread if try mounting a share with version specified as 3.0 but the share itself is version 2.10 -> parameter size mismatch -> read of too much memory -> info disclosure
- UAF in RSI 91x Wi-Fi driver -> able to be triggered by a remote network peer -> crash, DoS or possible RCE
- ptrace spectrev1 reissue, KVM crash, Marvell Wifi Driver issues from above
- USB audio issues from Episode 48 (Disco kernel -> now fixed in Bionic kernel as well)
[USN-4163-1, USN-4163-2] Linux kernel vulnerabilities [09:29]
- 10 CVEs addressed in Xenial and Trusty ESM (HWE)
- Spectrev1 reissue, USB Audio, KVM crash, Marvell and RSI 91x WiFi Driver issues all covered earlier
- Serial attached SCSI implementation mishandled error condition leading to deadlock -> local user could possibly trigger this leading to a DoS
[LSN-0058-1] Linux kernel vulnerability [10:09]
- 22 CVEs addressed in Bionic and Xenial + Xenial (HWE)
- CVE-2019-14835
- CVE-2019-14821
- CVE-2019-14816
- CVE-2019-14815
- CVE-2019-14814
- CVE-2019-14284
- CVE-2019-14283
- CVE-2019-12614
- CVE-2019-11833
- CVE-2019-11478
- CVE-2019-11477
- CVE-2019-10207
- CVE-2019-10126
- CVE-2019-3846
- CVE-2019-2181
- CVE-2019-2054
- CVE-2019-0136
- CVE-2018-21008
- CVE-2018-20976
- CVE-2018-20961
- CVE-2018-20856
- CVE-2016-10905
- Most all covered in previous episodes or previously in this episode
- 2 high priority issues
- vhost_net issue from Episode 47
- SACKPanic from Episode 37
Goings on in Ubuntu Security Community
Joe and Alex on Ubuntu 19.10 (Eoan Ermine) released but with possible local user kernel DoS bug [11:02]
- https://twitter.com/sylvia_ritter
- https://www.phoronix.com/scan.php?page=news_item&px=Ubuntu-19.10-Kernel-Bug
- Mitigate by installing the latest eoan kernel update or by disabling user namspaces: sysctl user.max_user_namespaces=0
Get in contact
230 episodes
All episodes
×Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.