Episode 100

Episode 100

Update: 2020-12-11
Share

Description

Overview


For the last episode of 2020, we look back at the most “popular”
packages on this podcast for this year as well as the biggest
vulnerabilities from 2020, plus a BootHole presentation at Ubuntu Masters
as well as vulnerability fixes from the past week too.


This week in Ubuntu Security Updates


21 unique CVEs addressed


[USN-4660-1] Linux kernel vulnerabilities [01:04 ]



[USN-4661-1] Snapcraft vulnerability [01:36 ]



  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)


  • itszn reported via Launchpad - LD_LIBRARY_PATH as generated by snapcraft
    would contain an empty element - so cwd would be included - if an
    attacker can drop a malicious library that will be loaded by a snap
    (eg. libc.so) into your home dir (and since home plug is used by almost
    all snaps - and is autoconnected on non-Ubuntu Core systems) would allow
    the attacker to get code-execution in the context of any snap

  • Fixed in snapcraft - as part of the snap USN notification service -
    notified all affected snap publishers just need to rebuild their snaps
    and users will get protected via snap refresh


[USN-4656-2] X.Org X Server vulnerabilities [04:20 ]



[USN-4662-1] OpenSSL vulnerability [04:34 ]



  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)


  • NULL pointer dereference when comparing two GENERAL_NAMEs with an
    EDIPARTYNAME - so if an attacker can cause this they can cause a crash ->
    DoS in any application which uses openssl for TLS handling etc - this can
    be done if an attacker can get a client to check a malicious cert against
    a malicious CRL - and since some apps auto-download CRLs based on URLs
    presented in the cert itself this is not an unreasonable scenario - hence
    high priority as the attack complexity is not high in this case


[USN-4663-1] GDK-PixBuf vulnerability [05:53 ]



  • 1 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)


  • infinite loop when handling crafted LZW compression code in gifs -> DoS


[USN-4664-1] Aptdaemon vulnerabilities [06:31 ]



  • 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)


  • Kevin Backhouse from Github reported via Launchpad

  • aptdaemon provides dbus API for installing packages - provides an
    InstallFile method to install a local .deb - and uses policykit to ensure
    that unprivileged users cannot use this to install packages - however,
    that check only occurs after the deb has been parsed - so if there were
    vulns in the parsing (which is provided by apt itself) - since aptd runs
    as root could use these to get RCE - fixed by moving auth checks to occur
    before parsing anything


[USN-4665-1] curl vulnerabilities [08:32 ]



  • 4 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)


  • Various issues:

    • memory leak in handling of FTP wildcard matchings -> DoS

    • failure to properly validate OCSP responses

    • incorrect handling of CONNECT_ONLY option -> could end up connecting to
      wrong host -> info leak

    • incorrect handling of FTP PASV responses - server can respond with
      alternate IP address + port to connect to -> could then trick clients
      into doing port-scanning on their behalf or other info gathering etc




Goings on in Ubuntu Security Community


Look back over 2020 of the Ubuntu Security Podcast


Top 20 most featured packages [10:09 ]



  • 81 Linux kernel

  • 16 Firefox

  • 7 PHP

  • 6 Thunderbird

  • 6 Samba

  • 6 NSS

  • 6 Django

  • 5 WebKitGTK+

  • 5 Tomcat

  • 5 Squid

  • 5 QEMU

  • 5 OpenLDAP

  • 5 MySQL

  • 5 ClamAV

  • 4 X.Org X Server

  • 4 SQLite

  • 4 Python

  • 4 ppp

  • 4 OpenSSL

  • 4 OpenJDK


Most high profile vulnerabilities [12:53 ]



Ubuntu Masters 4 - Together We Sink or Swim: Plugging the BootHole [14:12 ]



Hiring [15:58 ]


AppArmor Security Engineer



Engineering Director - Ubuntu Security



Engineering Manager - Ubuntu Security



Get in contact


Comments 
loading
In Channel
Episode 120

Episode 120

2021-06-1810:16

Episode 119

Episode 119

2021-06-1114:38

Episode 118

Episode 118

2021-06-0413:34

Episode 117

Episode 117

2021-05-2809:40

Episode 116

Episode 116

2021-05-2115:09

Episode 115

Episode 115

2021-05-1412:44

Episode 114

Episode 114

2021-05-0612:44

Episode 113

Episode 113

2021-04-3016:28

Episode 112

Episode 112

2021-04-1614:37

Episode 111

Episode 111

2021-04-0812:10

Episode 110

Episode 110

2021-04-0113:57

Episode 109

Episode 109

2021-03-2608:16

Episode 108

Episode 108

2021-03-1911:48

Episode 107

Episode 107

2021-03-1212:04

Episode 106

Episode 106

2021-03-0414:00

Episode 105

Episode 105

2021-02-2517:03

Episode 104

Episode 104

2021-02-1914:18

Episode 103

Episode 103

2021-02-1213:14

Episode 102

Episode 102

2021-02-0512:26

Episode 101

Episode 101

2021-01-2827:25

loading
Download from Google Play
Download from App Store
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Episode 100

Episode 100

Ubuntu Security Team