Episode 114

Episode 114

Update: 2021-05-06
Share

Description

Overview


This week we look at the response from the Linux Technical Advisory Board
to the UMN Linux kernel incident, plus we cover the 21Nails Exim
vulnerabilities as well as updates for Bind, Samba, OpenVPN and more.


This week in Ubuntu Security Updates


40 unique CVEs addressed


[USN-4928-1] GStreamer Good Plugins vulnerabilities [00:40 ]



  • 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)


  • UAF or heap corruption when handling crafted Matroska files - crash / RCE


[USN-4929-1] Bind vulnerabilities [01:18 ]



  • 3 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)


  • 2 possible crasher bugs (failed assertions) -> DoS, 1 buffer over-read or
    possible overflow -> crash / RCE


[USN-4930-1] Samba vulnerability [02:08 ]



  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)


  • Failed to properly handle negative idmap cache entries - could then end
    up with incorrect group entries and as such could possibly allow a user
    to access / modify files they should not have access to


[USN-4931-1] Samba vulnerabilities [02:51 ]



[LSN-0076-1] Linux kernel vulnerability [03:03 ]



  • 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)


  • 2 local user privesc vulns fixed:

    • BPF JIT branch displacement issue (Episode 112)

    • Overlayfs / file system capabilities interaction




[USN-4918-3] ClamAV regression [03:52 ]



  • 3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)


  • Previous clamav update (back in April ) introduced a regression where clamdscan
    would crash if called with –multiscan and –fdpass AND you had an
    ExcludePath configured in the configuration - backported the upstream
    commit from the development branch to fix this


[USN-4932-1] Django vulnerability [04:30 ]



  • 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)


  • Directory traversal via uploaded files with crafted names


[USN-4933-1] OpenVPN vulnerabilities [04:47 ]



  • 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)


  • Race condition in handling of data packets could allow an attacker to
    inject a packet using a victim’s peer-id before the crypto channel is
    properly initialised - could cause the victim’s connection to be dropped
    (DoS) but doesn’t appear to expose any sensitive info etc

  • Attackers could possibly bypass auth on control channel and hence leak info


[USN-4934-1] Exim vulnerabilities [05:39 ]



[USN-4935-1] NVIDIA graphics drivers vulnerabilities [07:58 ]



  • 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)


  • Not much detail from NVIDIA

    • improper access control -> DoS, infoleak or data corruption -> privesc etc

    • incorrect use of reference counting -> DoS (crash?) (UAF?)




Goings on in Ubuntu Security Community


Linux Technical Advisory Board response to UMN incident [08:56 ]



  • Covered in Episode 113

  • https://lore.kernel.org/lkml/202105051005.49BFABCE@keescook/

  • Kees Cook (previously inaugural Tech Lead of Ubuntu Security Team) posted
    to LKML the Tab’s report (various folks from across the Linux Kernel
    community, including from Red Hat, Google, Canonical and others)

  • Detailed timeline of events, identification of the “hypocrite” commits in
    question

  • Recommendations going forward

    • UMN must improve quality of their submissions since even for a lot of
      what were good-faith patches, they actually had issues and either
      didn’t fix the purported issue or tried to fix a non-issue

    • TAB will create a best-practices document for all research groups when
      working with the kernel or other open source projects




Hiring [11:36 ]


AppArmor Security Engineer



Linux Cryptography and Security Engineer



Security Engineer - Ubuntu



Get in contact


Comments 
In Channel
Episode 120

Episode 120

2021-06-1810:16

Episode 119

Episode 119

2021-06-1114:38

Episode 118

Episode 118

2021-06-0413:34

Episode 117

Episode 117

2021-05-2809:40

Episode 116

Episode 116

2021-05-2115:09

Episode 115

Episode 115

2021-05-1412:44

Episode 114

Episode 114

2021-05-0612:44

Episode 113

Episode 113

2021-04-3016:28

Episode 112

Episode 112

2021-04-1614:37

Episode 111

Episode 111

2021-04-0812:10

Episode 110

Episode 110

2021-04-0113:57

Episode 109

Episode 109

2021-03-2608:16

Episode 108

Episode 108

2021-03-1911:48

Episode 107

Episode 107

2021-03-1212:04

Episode 106

Episode 106

2021-03-0414:00

Episode 105

Episode 105

2021-02-2517:03

Episode 104

Episode 104

2021-02-1914:18

Episode 103

Episode 103

2021-02-1213:14

Episode 102

Episode 102

2021-02-0512:26

Episode 101

Episode 101

2021-01-2827:25

loading
Download from Google Play
Download from App Store
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Episode 114

Episode 114

Ubuntu Security Team