Episode 115

Episode 115

Update: 2021-05-14
Share

Description

Overview


This week we look at some details of the 90 unique CVEs addressed across the supported Ubuntu releases and more.


This week in Ubuntu Security Updates


90 unique CVEs addressed


[USN-4934-2] Exim vulnerabilities [00:41 ]



[USN-4937-1] GNOME Autoar vulnerability [01:00 ]



  • 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)


  • Directory traversal due to failure to properly handle symlinks (result of
    incomplete fix for previous CVE-2020-36241)


[USN-4936-1] Thunderbird vulnerabilities [01:47 ]



  • 5 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)


  • 78.8.1

  • If used a PGP key but then a failure occurred, TB would keep the
    decrypted key in memory - on Ubuntu we enable Yama ptrace restrictions
    (ptrace_scope) - so this means processes can only ptrace their
    descendents by default and hence even other user-level processes cannot
    dump the memory of another process to say extract this private key

  • Various other CVEs inherited from Firefox


[USN-4938-1] Unbound vulnerabilities [03:21 ]



[USN-4939-1] WebKitGTK vulnerabilities [03:48 ]



[USN-4940-1] PyYAML vulnerability [04:12 ]



  • 1 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)


  • RCE when processing untrusted YAML - due to incomplete fix for previous
    CVE-2020-1747 - that CVE not specifically patched in Ubuntu as either the
    versions of pyyaml were too old to be affected or were based on upstream
    releases that had already patched it


[USN-4941-1] Exiv2 vulnerabilities [04:35 ]



  • 4 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)


  • EXIF/IPTC/XMP metadata manipulation tool

  • Heap buffer overflow or OOB read when writing metadata - so not so likely
    to be triggered by applications that are just extracting metadata etc

  • Heap buffer overflow for handling EXIF in JPG images


[USN-4942-1] Firefox vulnerability [05:09 ]



  • 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)


  • 88.0.1

  • Race condition on destruction of WebRender components -> UAF? -> possible RCE


[USN-4943-1] XStream vulnerabilities [05:32 ]



[USN-4944-1] MariaDB vulnerabilities [06:04 ]



  • Affecting Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)

  • Latest upstream point releases rolling in a large number of security fixes:

    • Ubuntu 18.04 LTS has been updated to MariaDB 10.1.48.

    • Ubuntu 20.04 LTS has been updated to MariaDB 10.3.29.

    • Ubuntu 20.10 has been updated to MariaDB 10.3.29.

    • Ubuntu 21.04 has been updated to MariaDB 10.5.10.

    • Thanks to Otto Kekäläinen from the MariaDB foundation for contributing
      and preparing these updates




[USN-4945-1] Linux kernel vulnerabilities [06:33 ]



[USN-4946-1] Linux kernel vulnerabilities



[USN-4947-1] Linux kernel (OEM) vulnerabilities



[USN-4948-1] Linux kernel (OEM) vulnerabilities



[USN-4949-1] Linux kernel vulnerabilities



[USN-4950-1] Linux kernel vulnerabilities



  • 3 CVEs addressed in Hirsute (21.04)


  • 5.11

  • Plus CAN ISOTP race condition - discovered by a Norbert Slusarek (high
    school student in Germany) - local privilege escalation

    • Introduced via recent broadcast mode support (normally a CAN socket
      registers a particular CAN ID to receive and only gets those frames -
      was only in 5.11 kernel so only affected hirsute) - this support has
      been removed from the hirsute kernel until a proper fix comes from
      upstream




[USN-4951-1] Flatpak vulnerability [10:16 ]



  • 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)


  • File forwarding issue which could allow an attacker to get access to
    files that are not normally provided by the permissions granted to an app

  • Use special tokens in the Exec line of the desktop file for an app could
    trick flatpak runtime into providing access to a file as though this had
    been explicitly granted by the user

    • snapd generates desktop files so less likely to be affected by this
      sort of issue - less untrusted input in general (but perhaps also less
      flexible)




Goings on in Ubuntu Security Community


Hiring [11:47 ]


Linux Cryptography and Security Engineer



Security Engineer - Ubuntu



Get in contact


Comments 
loading
In Channel
Episode 120

Episode 120

2021-06-1810:16

Episode 119

Episode 119

2021-06-1114:38

Episode 118

Episode 118

2021-06-0413:34

Episode 117

Episode 117

2021-05-2809:40

Episode 116

Episode 116

2021-05-2115:09

Episode 115

Episode 115

2021-05-1412:44

Episode 114

Episode 114

2021-05-0612:44

Episode 113

Episode 113

2021-04-3016:28

Episode 112

Episode 112

2021-04-1614:37

Episode 111

Episode 111

2021-04-0812:10

Episode 110

Episode 110

2021-04-0113:57

Episode 109

Episode 109

2021-03-2608:16

Episode 108

Episode 108

2021-03-1911:48

Episode 107

Episode 107

2021-03-1212:04

Episode 106

Episode 106

2021-03-0414:00

Episode 105

Episode 105

2021-02-2517:03

Episode 104

Episode 104

2021-02-1914:18

Episode 103

Episode 103

2021-02-1213:14

Episode 102

Episode 102

2021-02-0512:26

Episode 101

Episode 101

2021-01-2827:25

loading
Download from Google Play
Download from App Store
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Episode 115

Episode 115

Ubuntu Security Team