Episode 106

Episode 106

Update: 2021-03-04
Share

Description

Overview


This week we talk about more BootHole-like vulnerabilities in GRUB2, a
Spectre exploit found in-the-wild, security updates for xterm, screen,
Python, wpa_supplicant and more.


This week in Ubuntu Security Updates


52 unique CVEs addressed


[USN-4698-2] Dnsmasq regression [00:44 ]



[USN-4746-1] xterm vulnerability [01:14 ]



  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)


  • taviso - crafted UTF-8 could cause a crash - related to very similar bug
    in screen


[USN-4747-1, USN-4747-2] GNU Screen vulnerability



  • 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)


  • Crash in screen from crafted UTF-8 - found by users crashing a minecraft
    server with this crafted content - ? - server was running under screen so
    would log this crafted content - screen dies, minecraft server dies -
    lots of tutorials for running a minecraft server mention to run it under
    screen so this is a common thing apparently


[USN-4748-1] Linux kernel vulnerabilities [02:54 ]



[USN-4749-1] Linux kernel vulnerabilities



[USN-4750-1] Linux kernel vulnerabilities



[USN-4751-1] Linux kernel vulnerabilities



[USN-4752-1] Linux kernel (OEM) vulnerabilities



[USN-4753-1] Linux kernel (OEM) vulnerability



[USN-4754-1] Python vulnerabilities [03:07 ]



  • 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)


  • unsafe sprintf() call to format doubles - heap buffer overflow - BUT on
    Ubuntu Python (like the vast majority of the archive) is compiled with
    FORTIFY_SOURCE - just one of various hardening features - so can detect
    some buffer overflows at runtime - turns this into a DoS

  • test code calls eval on content received via HTTP - so if ran the tests
    and someone could interpose on connection, could get RCE


[USN-4754-2] Python regression



[USN-4754-4] Python 2.7 vulnerability



[USN-4755-1] LibTIFF vulnerabilities [04:21 ]



  • 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)


  • Heap buffer overflow in tiff2pdf tool and integer overflow -> buffer
    overflow from crafted tiff file input


[USN-4737-2] Bind vulnerability [04:39 ]



[USN-4757-1] wpa_supplicant and hostapd vulnerability [04:53 ]



  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)


  • When using P2P could result in a UAF -> crash or possible RCE from a
    remote user within local radio range


Goings on in Ubuntu Security Community


GRUB2 Secure Boot Bypass 2021 [05:31 ]



First Spectre Exploit discovered in the wild [09:47 ]



  • https://dustri.org/b/spectre-exploits-in-the-wild.html

  • Uploaded to VT last month - not the first artefacts the use Spectre to be
    uploaded - back in 2018 the original PoCs and various variants thereof
    were uploaded to VT but these were all benign.

  • This one is a real exploit with versions targeting Windows and Linux -
    the Linux variant reads /etc/shadow by default - it does this by spawning
    a call to su to get the file paged into memory, then by walking in-kernel
    file-system structures through their spec exec read gadget to eventually
    read and dump out the file

  • Was developed by Immunity as part of their CANVAS tool
    (https://vimeo.com/271127615)


Linux Mint to more forcefully encourage security updates be installed [12:02 ]



  • https://blog.linuxmint.com/?p=4037

  • Update manager will track metrics, can then detect cases where updates
    are overlooked, remind or even insist to apply updates

  • Focus on not getting in the way, here to help, employ smart patters and
    usages, will be configurable etc

  • Still forming strategies but space to watch


Get in contact


Comments 
In Channel
Episode 113

Episode 113

2021-04-3016:28

Episode 112

Episode 112

2021-04-1614:37

Episode 111

Episode 111

2021-04-0812:10

Episode 110

Episode 110

2021-04-0113:57

Episode 109

Episode 109

2021-03-2608:16

Episode 108

Episode 108

2021-03-1911:48

Episode 107

Episode 107

2021-03-1212:04

Episode 106

Episode 106

2021-03-0414:00

Episode 105

Episode 105

2021-02-2517:03

Episode 104

Episode 104

2021-02-1914:18

Episode 103

Episode 103

2021-02-1213:14

Episode 102

Episode 102

2021-02-0512:26

Episode 101

Episode 101

2021-01-2827:25

Episode 100

Episode 100

2020-12-1117:46

Episode 99

Episode 99

2020-12-0418:35

Episode 98

Episode 98

2020-11-2713:54

Episode 97

Episode 97

2020-11-2115:11

Episode 96

Episode 96

2020-11-1307:41

Episode 95

Episode 95

2020-11-0610:26

Episode 94

Episode 94

2020-10-3013:35

loading
Download from Google Play
Download from App Store
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Episode 106

Episode 106

Ubuntu Security Team