Episode 103

Episode 103

Update: 2021-02-12
Share

Description

Overview


This week we take a deep dive look at 2 recent vulnerabilities in the
popular application containerisation frameworks, snapd and flatpak, plus we
cover security updates for MiniDLNA, PHP-PEAR, the Linux kernel and more.


This week in Ubuntu Security Updates


26 unique CVEs addressed


[USN-4720-2] Apport vulnerabilities [00:53 ]



[USN-4721-1] Flatpak vulnerability [01:06 ]



  • 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)


  • Flatpak sandbox escape - Flatpak isolates applications inside their own
    mount / user / etc namespaces - allows sandboxed applications to
    communicate with the host via various portals - ie. open a file via a
    file chooser portal (aka powerbox)

  • Portal D-Bus service provides the ability to launch other subprocesses in
    a new sandbox instance, following a NNP model (ie same or less privileges
    as caller) (eg. used by sandboxed webbrowers to process untrusted content
    inside less privileged subprocesses)

  • Would previous allow a confined process to specify various environment
    variables which would then get passed to the `flatpak run` command to
    launch the new subprocess in its own sandbox - so fix is to sanitize
    environment variables


[USN-4722-1] ReadyMedia (MiniDLNA) vulnerabilities [01:11 ]



  • 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)


  • Possible RCE via malicious UPnP requests - could send with chunked
    encoding, this would exploit a signdness bug leading to a heap buffer
    overflow

  • Episode 91 - “CallStranger” - UPnP spec didn’t forbid subscription
    requests with a URL on a different network segment - could allow an
    attacker to cause a miniDLNA server to DoS a different endpoint


[USN-4723-1] PEAR vulnerability [02:30 ]



  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)


  • Improper handling of symlinks in archives could result in arbitrary file
    overwrite via directory traversal - since PHP PEAR runs installer as
    root, could then overwrite arbitrary files as root and priv esc / code
    execution etc


[USN-4724-1] OpenLDAP vulnerabilities [03:14 ]



[USN-4725-1] QEMU vulnerabilities [03:20 ]



[USN-4717-2] Firefox regression [03:55 ]



  • Affecting Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)

  • Upstream Firefox regression - 85.0.1


[USN-4726-1] OpenJDK vulnerability [04:04 ]



  • Affecting Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)

  • Not much info from upstream on this one - “incorrectly handled direct
    buffering of characters” -> DoS or other unspecified impact


[USN-4713-2] Linux kernel vulnerability [04:22 ]



[USN-4727-1] Linux kernel vulnerability [04:36 ]



  • 1 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)


  • AF_VSOCK race conditions - local user could get code execution as root via memory corruption


[USN-4728-1] snapd vulnerability [05:11 ]



  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)


  • Gilad Reti & Nimrod Stoler from CyberArk

  • Thanks to Ian Johnson from snapd team for working on the fix


Get in contact


Comments 
loading
In Channel
Episode 115

Episode 115

2021-05-1412:44

Episode 114

Episode 114

2021-05-0612:44

Episode 113

Episode 113

2021-04-3016:28

Episode 112

Episode 112

2021-04-1614:37

Episode 111

Episode 111

2021-04-0812:10

Episode 110

Episode 110

2021-04-0113:57

Episode 109

Episode 109

2021-03-2608:16

Episode 108

Episode 108

2021-03-1911:48

Episode 107

Episode 107

2021-03-1212:04

Episode 106

Episode 106

2021-03-0414:00

Episode 105

Episode 105

2021-02-2517:03

Episode 104

Episode 104

2021-02-1914:18

Episode 103

Episode 103

2021-02-1213:14

Episode 102

Episode 102

2021-02-0512:26

Episode 101

Episode 101

2021-01-2827:25

Episode 100

Episode 100

2020-12-1117:46

Episode 99

Episode 99

2020-12-0418:35

Episode 98

Episode 98

2020-11-2713:54

Episode 97

Episode 97

2020-11-2115:11

Episode 96

Episode 96

2020-11-1307:41

loading
Download from Google Play
Download from App Store
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Episode 103

Episode 103

Ubuntu Security Team