To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Artwork

Alex Murray Ubuntu Security Team Linux Tech Operating Systems Alex and Joe Security Software Development
Content provided by Alex Murray and Ubuntu Security Team. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Alex Murray and Ubuntu Security Team or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

Similar to Ubuntu Security Podcast

Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Ubuntu Security Podcast « »
Episode 59

19:55
 
Play
Playing
Share
 

MP3Episode home
Manage episode 251314584 series 2423058
Content provided by Alex Murray and Ubuntu Security Team. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Alex Murray and Ubuntu Security Team or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

Overview

After a weeks break we are back to look at updates for ClamAV, GnuTLS, nginx, Samba and more, plus we briefly discuss the current 20.04 Mid-Cycle Roadmap Review sprint for the Ubuntu Security Team

This week in Ubuntu Security Updates

73 unique CVEs addressed

[USN-4230-1] ClamAV vulnerability [01:16]

  • 1 CVEs addressed in Xenial, Bionic, Disco, Eoan
  • Backport latest upstream release (0.102.1) from focal
  • CPU based DoS when scanning crafted emails - parsing of MIME components in particular

[USN-4232-1] GraphicsMagick vulnerabilities [01:52]

[USN-4231-1] NSS vulnerability [03:04]

  • 1 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Disco, Eoan
  • UBSAN found possible buffer overflow due to failure to check lengths of inputs to various functions - so applications using libnss for crypto could be vulnerable to buffer overflow

[USN-4233-1] GnuTLS update [03:54]

  • Affecting Xenial, Bionic
  • Update marks SHA1 as being untrusted for digital signature operations - SHA1 has been broken in theory for a while and 2017 Google showed the first SHA1 collision - recently the first chosen-prefix attack was demonstrated against SHA1 as well - demonstrated by creating a GPG key which can impersonate another
  • As such GnuTLS will not trust SHA1 based digital signatures since these can relatively easily be forged now (but not for an arbitrary input)
  • As such libraries / applications which use GnuTLS (libsoup, Epiphany) will not trust SHA1 based digital signatures
  • https://sha-mbles.github.io/

[USN-4234-1] Firefox vulnerabilities [06:10]

[USN-4047-2] libvirt update vulnerability [06:48]

  • 1 CVEs addressed in Trusty ESM
  • Episode 40 libvirt updated for regular releases - various APIs which could cause effects were accessible to read-only users
  • Now backported for 14.04 ESM users / customers as well

[USN-4235-1, USN-4235-2] nginx vulnerability [07:18]

  • 1 CVEs addressed in Trusty ESM, Xenial, Bionic, Disco, Eoan
  • HTTP request smuggling (Episode 52) - allowed attacker to read unauthorized web pages where nginx is being fronted by a load balanced when used with certain error_page configurations

[USN-4236-1, USN-4236-2] Libgcrypt vulnerability [08:03]

  • 1 CVEs addressed in Xenial, Bionic, Disco, Eoan
  • ECDSA timing side-channel attack (Minerva)
    • observe timing of signature generation on known messages to indicate the bit-length of the random nonce scalar during scalar multiplication on an elliptic curve - full private key is able to be recovered using lattice techniques
  • https://minerva.crocs.fi.muni.cz/

[USN-4237-1, USN-4237-2] SpamAssassin vulnerabilities [09:04]

  • 2 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Disco, Eoan
  • DoS via excessive resource usage
  • RCE via crafted conf (CF) files - advised should only use trusted conf files

[USN-4238-1] SDL_image vulnerabilities [09:55]

[USN-4239-1] PHP vulnerabilities [10:32]

  • 4 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Disco, Eoan
  • 2 heap buffer over-reads in parsing EXIF information, 1 over-read in bcmath extension, and 1 issue with handling filenames with embedded NUL bytes

[USN-4221-2] libpcap vulnerability [11:28]

[USN-4240-1] Kamailio vulnerability [11:42]

  • 1 CVEs addressed in Xenial
  • SIP server written in C
  • Heap based buffer overflow when receiving a specially crafted REGISTER message

[USN-4241-1] Thunderbird vulnerabilities [11:59]

[USN-4225-2] Linux kernel (HWE) vulnerabilities [12:21]

[USN-4242-1] Sysstat vulnerabilities [13:07]

  • 2 CVEs addressed in Xenial, Bionic, Disco, Eoan
  • Both issues occur when reading a crafted input file using the sadf utility - likely the original reported is fuzzing this
  • Double free - heap corruption but on Ubuntu we enable the glibc heap-protector so this is just a crash -> DoS
  • Integer overflow -> heap buffer overflow when reading crafted input file

[USN-4243-1] libbsd vulnerabilities [14:12]

  • 2 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Disco
  • Library providing common BSD C functions which are not available on Linux (strlcpy() etc)
    • OOB read (crash -> DoS)
    • Off-by-one in fgetwln() (get line of wide characters from a stream) -> heap buffer overflow -> crash / RCE (doesn’t appear to be used by any software in Ubuntu)

[USN-4244-1] Samba vulnerabilities [15:15]

  • 3 CVEs addressed in Xenial, Bionic, Disco, Eoan
  • UAF in DNS zone scavenging in AD DC
  • Crash if fail to convert characters at log level 3
  • Does not automatically replicate ACLs which are set to inherit down a subtree (unable to be easily backported to Xenial so only fixed on Bionic, Disco and Eoan - instead can workaround by manually replication ACLs from one DC to another for a given naming context)

[USN-4245-1] PySAML2 vulnerability [16:32]

  • 1 CVEs addressed in Xenial, Bionic, Disco, Eoan
  • May fail to properly validate signatures in a particularly crafted SAML document by using the wrong data - so could assert a document has been fully signed when only a part of it has

Goings on in Ubuntu Security Community

Mid cycle product roadmap sprint [17:18]

  • Security team presents progress on plans for Ubuntu 20.04 Focal Fossa - ie. ESM offerings, AppArmor features, snapd security features, Ubuntu Core security features, MIR security reviews progress etc
  • Represented by Joe McManus, Mark Morlino, Chris Coulson and John Johansen

Get in contact

  continue reading

231 episodes

#Alex Murray #Ubuntu Security Team #Linux #Tech #Operating Systems #Alex and Joe #Security #Software Development
Artwork

Episode 59

Ubuntu Security Podcast

139 subscribers

published

Play Playing
iconShare
 
MP3Episode home
Manage episode 251314584 series 2423058
Content provided by Alex Murray and Ubuntu Security Team. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Alex Murray and Ubuntu Security Team or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

Overview

After a weeks break we are back to look at updates for ClamAV, GnuTLS, nginx, Samba and more, plus we briefly discuss the current 20.04 Mid-Cycle Roadmap Review sprint for the Ubuntu Security Team

This week in Ubuntu Security Updates

73 unique CVEs addressed

[USN-4230-1] ClamAV vulnerability [01:16]

  • 1 CVEs addressed in Xenial, Bionic, Disco, Eoan
  • Backport latest upstream release (0.102.1) from focal
  • CPU based DoS when scanning crafted emails - parsing of MIME components in particular

[USN-4232-1] GraphicsMagick vulnerabilities [01:52]

[USN-4231-1] NSS vulnerability [03:04]

  • 1 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Disco, Eoan
  • UBSAN found possible buffer overflow due to failure to check lengths of inputs to various functions - so applications using libnss for crypto could be vulnerable to buffer overflow

[USN-4233-1] GnuTLS update [03:54]

  • Affecting Xenial, Bionic
  • Update marks SHA1 as being untrusted for digital signature operations - SHA1 has been broken in theory for a while and 2017 Google showed the first SHA1 collision - recently the first chosen-prefix attack was demonstrated against SHA1 as well - demonstrated by creating a GPG key which can impersonate another
  • As such GnuTLS will not trust SHA1 based digital signatures since these can relatively easily be forged now (but not for an arbitrary input)
  • As such libraries / applications which use GnuTLS (libsoup, Epiphany) will not trust SHA1 based digital signatures
  • https://sha-mbles.github.io/

[USN-4234-1] Firefox vulnerabilities [06:10]

[USN-4047-2] libvirt update vulnerability [06:48]

  • 1 CVEs addressed in Trusty ESM
  • Episode 40 libvirt updated for regular releases - various APIs which could cause effects were accessible to read-only users
  • Now backported for 14.04 ESM users / customers as well

[USN-4235-1, USN-4235-2] nginx vulnerability [07:18]

  • 1 CVEs addressed in Trusty ESM, Xenial, Bionic, Disco, Eoan
  • HTTP request smuggling (Episode 52) - allowed attacker to read unauthorized web pages where nginx is being fronted by a load balanced when used with certain error_page configurations

[USN-4236-1, USN-4236-2] Libgcrypt vulnerability [08:03]

  • 1 CVEs addressed in Xenial, Bionic, Disco, Eoan
  • ECDSA timing side-channel attack (Minerva)
    • observe timing of signature generation on known messages to indicate the bit-length of the random nonce scalar during scalar multiplication on an elliptic curve - full private key is able to be recovered using lattice techniques
  • https://minerva.crocs.fi.muni.cz/

[USN-4237-1, USN-4237-2] SpamAssassin vulnerabilities [09:04]

  • 2 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Disco, Eoan
  • DoS via excessive resource usage
  • RCE via crafted conf (CF) files - advised should only use trusted conf files

[USN-4238-1] SDL_image vulnerabilities [09:55]

[USN-4239-1] PHP vulnerabilities [10:32]

  • 4 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Disco, Eoan
  • 2 heap buffer over-reads in parsing EXIF information, 1 over-read in bcmath extension, and 1 issue with handling filenames with embedded NUL bytes

[USN-4221-2] libpcap vulnerability [11:28]

[USN-4240-1] Kamailio vulnerability [11:42]

  • 1 CVEs addressed in Xenial
  • SIP server written in C
  • Heap based buffer overflow when receiving a specially crafted REGISTER message

[USN-4241-1] Thunderbird vulnerabilities [11:59]

[USN-4225-2] Linux kernel (HWE) vulnerabilities [12:21]

[USN-4242-1] Sysstat vulnerabilities [13:07]

  • 2 CVEs addressed in Xenial, Bionic, Disco, Eoan
  • Both issues occur when reading a crafted input file using the sadf utility - likely the original reported is fuzzing this
  • Double free - heap corruption but on Ubuntu we enable the glibc heap-protector so this is just a crash -> DoS
  • Integer overflow -> heap buffer overflow when reading crafted input file

[USN-4243-1] libbsd vulnerabilities [14:12]

  • 2 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Disco
  • Library providing common BSD C functions which are not available on Linux (strlcpy() etc)
    • OOB read (crash -> DoS)
    • Off-by-one in fgetwln() (get line of wide characters from a stream) -> heap buffer overflow -> crash / RCE (doesn’t appear to be used by any software in Ubuntu)

[USN-4244-1] Samba vulnerabilities [15:15]

  • 3 CVEs addressed in Xenial, Bionic, Disco, Eoan
  • UAF in DNS zone scavenging in AD DC
  • Crash if fail to convert characters at log level 3
  • Does not automatically replicate ACLs which are set to inherit down a subtree (unable to be easily backported to Xenial so only fixed on Bionic, Disco and Eoan - instead can workaround by manually replication ACLs from one DC to another for a given naming context)

[USN-4245-1] PySAML2 vulnerability [16:32]

  • 1 CVEs addressed in Xenial, Bionic, Disco, Eoan
  • May fail to properly validate signatures in a particularly crafted SAML document by using the wrong data - so could assert a document has been fully signed when only a part of it has

Goings on in Ubuntu Security Community

Mid cycle product roadmap sprint [17:18]

  • Security team presents progress on plans for Ubuntu 20.04 Focal Fossa - ie. ESM offerings, AppArmor features, snapd security features, Ubuntu Core security features, MIR security reviews progress etc
  • Represented by Joe McManus, Mark Morlino, Chris Coulson and John Johansen

Get in contact

  continue reading

231 episodes

#Alex Murray #Ubuntu Security Team #Linux #Tech #Operating Systems #Alex and Joe #Security #Software Development

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Similar to Ubuntu Security Podcast

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Quick Reference Guide

Top Podcasts
The Bill Simmons Podcast
PTI
First Take
Marketplace
Comedy of the Week
The Bugle
How Did This Get Made?
Doug Loves Movies
Planet Money
TED Talks Daily
NBC Nightly News with Lester Holt
The World This Hour
Daily Boost Motivation and Coaching
Radiolab
Science Friday
This American Life
Criminal
Sword and Scale
In The Dark
Player FM logo
Help/FAQ | Upgrade | Advertise
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2024 | Sitemap | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox