To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Artwork

Alex Murray Ubuntu Security Team Linux Tech Operating Systems Alex and Joe Security Software Development
Content provided by Alex Murray and Ubuntu Security Team. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Alex Murray and Ubuntu Security Team or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

Similar to Ubuntu Security Podcast

Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Ubuntu Security Podcast « »
Episode 91

8:07
 
Play
Playing
Share
 

MP3Episode home
Manage episode 272340954 series 2423058
Content provided by Alex Murray and Ubuntu Security Team. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Alex Murray and Ubuntu Security Team or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

Overview

This week we look at security updates for GUPnP, OpenJPEG, bsdiff and more.

This week in Ubuntu Security Updates

24 unique CVEs addressed

[USN-4488-2] X.Org X Server vulnerabilities [00:31]

[LSN-0071-1] Linux kernel vulnerability [00:50]

  • 1 CVEs addressed in Bionic (18.04 LTS)
  • Episode 90 (AF_PACKET OOB write - crash / code exec)
  • Also affects Focal (20.04 LTS) but livepatch is still being prepared

[USN-4494-1] GUPnP vulnerability [01:29]

  • 1 CVEs addressed in Focal (20.04 LTS)
  • GNOME UPnP impl, used by Rygel for media sharing on GNOME (standard Ubuntu) desktop and many other applications
  • Callstranger Vulnerability - vuln in UPnP protocol - callback header in UPnP SUBSCRIBE can contain arbitrary delivery URL - so this could be on a different network segment than the event subscription URL - so you can SUBSCRIBE to events and supply one or more URLs for delivery of the messages. Can then make this point anywhere and so can get the device to send HTTP traffic to any arbitrary destination - and so can be used for data exfil or DDoS attacks etc. Fixed to check the destination host is either a link-local address or the address mask matches - either way, check is on the same network segment.

[USN-4495-1] Apache Log4j vulnerability [03:21]

  • 1 CVEs addressed in Bionic (18.04 LTS)
  • Failed to properly deserialise data - so if is listening to untrusted log data from the network could be exploited to run arbitrary code

[USN-4496-1] Apache XML-RPC vulnerability [03:42]

  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)
  • Similarly failed to properly deserialize data - a malicious XML-RPC server could cause code execution on the client as a result

[USN-4497-1] OpenJPEG vulnerabilities [03:58]

[USN-4499-1] MilkyTracker vulnerabilities [04:27]

[USN-4498-1] Loofah vulnerability [04:52]

  • 1 CVEs addressed in Xenial (16.04 LTS)
  • ruby module for manipulation and transformation of HTML/XML etc
  • Possible XSS - failed to sanitize JS when handling crafted SVG

[USN-4500-1] bsdiff vulnerabilities [05:16]

  • 1 CVEs addressed in Xenial (16.04 LTS)
  • (Oldest CVE of the week!)
  • Failed to properly validate input patch file -> integer overflow -> heap based buffer overflow -> code exec / DoS

[USN-4501-1] LuaJIT vulnerability [05:40]

  • 1 CVEs addressed in Xenial (16.04 LTS)
  • OOB read -> crash / info leak

[USN-4502-1] websocket-extensions vulnerability [05:49]

  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
  • ruby websockets extension - used regex with backtracking to properly parse headers, could be sent crafted input which is very computationally intensive to parse as a result -> CPU based DoS

[USN-4503-1] Perl DBI module vulnerability [06:21]

  • 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS)
  • Perl DB interface - underlying code would potentially allocate the stack and hence result in invalid pointers to object that were previously on the stack - could be manipulated by a remote user to result in memory corruption etc -> crash

Get in contact

  continue reading

231 episodes

#Alex Murray #Ubuntu Security Team #Linux #Tech #Operating Systems #Alex and Joe #Security #Software Development
Artwork

Episode 91

Ubuntu Security Podcast

138 subscribers

published

Play Playing
iconShare
 
MP3Episode home
Manage episode 272340954 series 2423058
Content provided by Alex Murray and Ubuntu Security Team. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Alex Murray and Ubuntu Security Team or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

Overview

This week we look at security updates for GUPnP, OpenJPEG, bsdiff and more.

This week in Ubuntu Security Updates

24 unique CVEs addressed

[USN-4488-2] X.Org X Server vulnerabilities [00:31]

[LSN-0071-1] Linux kernel vulnerability [00:50]

  • 1 CVEs addressed in Bionic (18.04 LTS)
  • Episode 90 (AF_PACKET OOB write - crash / code exec)
  • Also affects Focal (20.04 LTS) but livepatch is still being prepared

[USN-4494-1] GUPnP vulnerability [01:29]

  • 1 CVEs addressed in Focal (20.04 LTS)
  • GNOME UPnP impl, used by Rygel for media sharing on GNOME (standard Ubuntu) desktop and many other applications
  • Callstranger Vulnerability - vuln in UPnP protocol - callback header in UPnP SUBSCRIBE can contain arbitrary delivery URL - so this could be on a different network segment than the event subscription URL - so you can SUBSCRIBE to events and supply one or more URLs for delivery of the messages. Can then make this point anywhere and so can get the device to send HTTP traffic to any arbitrary destination - and so can be used for data exfil or DDoS attacks etc. Fixed to check the destination host is either a link-local address or the address mask matches - either way, check is on the same network segment.

[USN-4495-1] Apache Log4j vulnerability [03:21]

  • 1 CVEs addressed in Bionic (18.04 LTS)
  • Failed to properly deserialise data - so if is listening to untrusted log data from the network could be exploited to run arbitrary code

[USN-4496-1] Apache XML-RPC vulnerability [03:42]

  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)
  • Similarly failed to properly deserialize data - a malicious XML-RPC server could cause code execution on the client as a result

[USN-4497-1] OpenJPEG vulnerabilities [03:58]

[USN-4499-1] MilkyTracker vulnerabilities [04:27]

[USN-4498-1] Loofah vulnerability [04:52]

  • 1 CVEs addressed in Xenial (16.04 LTS)
  • ruby module for manipulation and transformation of HTML/XML etc
  • Possible XSS - failed to sanitize JS when handling crafted SVG

[USN-4500-1] bsdiff vulnerabilities [05:16]

  • 1 CVEs addressed in Xenial (16.04 LTS)
  • (Oldest CVE of the week!)
  • Failed to properly validate input patch file -> integer overflow -> heap based buffer overflow -> code exec / DoS

[USN-4501-1] LuaJIT vulnerability [05:40]

  • 1 CVEs addressed in Xenial (16.04 LTS)
  • OOB read -> crash / info leak

[USN-4502-1] websocket-extensions vulnerability [05:49]

  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
  • ruby websockets extension - used regex with backtracking to properly parse headers, could be sent crafted input which is very computationally intensive to parse as a result -> CPU based DoS

[USN-4503-1] Perl DBI module vulnerability [06:21]

  • 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS)
  • Perl DB interface - underlying code would potentially allocate the stack and hence result in invalid pointers to object that were previously on the stack - could be manipulated by a remote user to result in memory corruption etc -> crash

Get in contact

  continue reading

231 episodes

#Alex Murray #Ubuntu Security Team #Linux #Tech #Operating Systems #Alex and Joe #Security #Software Development

すべてのエピソード

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Similar to Ubuntu Security Podcast

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Quick Reference Guide

Top Podcasts
The Bill Simmons Podcast
PTI
First Take
Marketplace
Comedy of the Week
The Bugle
How Did This Get Made?
Doug Loves Movies
Planet Money
TED Talks Daily
NBC Nightly News with Lester Holt
The World This Hour
Daily Boost Motivation and Coaching
Radiolab
Science Friday
This American Life
Criminal
Sword and Scale
In The Dark
Player FM logo
Help/FAQ | Upgrade | Advertise
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2024 | Sitemap | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox