Episode 93

Episode 93

Update: 2020-10-23
Share

Description

Overview


This week we cover security updates for NTP, Brotli, Spice, the Linux
kernel (including BleedingTooth) and a FreeType vulnerability which is
being exploited in-the-wild, plus we talk about the NSAs report into the
most exploited vulnerabilities as well as the release of Ubuntu 20.10
Groovy Gorilla.


This week in Ubuntu Security Updates


74 unique CVEs addressed


[USN-4559-1] Samba update [01:04 ]



  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)


  • Follow up to USN-4510-1 for “ZeroLogon” - that updated changed default to
    enable secure channel - this one adds support for specifying per-machine
    insecure netlogon usage plus additional hardening to check for possible
    attacks from the client-specified challenge if have manually enabled
    insecure channel in configuration


[USN-4563-1] NTP vulnerability [01:48 ]



[USN-4568-1] Brotli vulnerability [02:12 ]



  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)


  • Compression library / tool from Google designed for text compression,
    especially for web fonts etc

  • Buffer overflow due to an integer overflow when using the one-shot
    decompression option on attacker controlled data


[USN-4570-1] urllib3 vulnerability [03:00 ]



  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)


  • Possible CRLF injection if an attacker can control the request method
    used in a call to urllib3 - can specify additional parameters such as
    Host and Remainder after an injected CRLF to cause the request to
    misbehave


[USN-4572-1, USN-4572-2] Spice vulnerability [03:41 ]



  • 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)


  • Protocol for doing remote VM access - multiple buffer overflows in
    decoding of QUIC image compression algorithm - and this affected both the
    client and server side - DoS, RCE etc


[USN-4576-1] Linux kernel vulnerabilities [04:36 ]



[USN-4577-1] Linux kernel vulnerabilities



[USN-4578-1] Linux kernel vulnerabilities



[USN-4579-1] Linux kernel vulnerabilities



[USN-4580-1] Linux kernel vulnerability




  • 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM)





  • DCCP protocol mishandled reuse of sockets, leading to a UAF - since can
    be done by a local user could lead to root code execution, priv esc etc -
    was reported to Canonical and we worked with upstream kernel devs on
    resolving this etc




[LSN-0072-1] Linux kernel vulnerability



  • 7 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)


  • DCCP UAF

  • AF_PACKET buffer overflow (Episode 90)

  • Livepatched in the following kernels:

    • Ubuntu 18.04 LTS

      • aws - 72.1

      • generic - 72.1

      • lowlatency - 72.1

      • oem - 72.1



    • Ubuntu 20.04 LTS

      • aws - 72.1

      • aws - 72.2

      • azure - 72.1

      • azure - 72.2

      • gcp - 72.1

      • gcp - 72.2

      • generic - 72.1

      • generic - 72.2

      • lowlatency - 72.1

      • lowlatency - 72.2



    • Ubuntu 16.04 LTS

      • aws - 72.1

      • generic - 72.1

      • lowlatency - 72.1



    • Ubuntu 14.04 ESM

      • generic - 72.1

      • lowlatency - 72.1






[USN-4591-1] Linux kernel vulnerabilities [06:20 ]



[USN-4592-1] Linux kernel vulnerabilities



  • 3 CVEs addressed in Bionic (18.04 LTS)


  • BleedingTooth vulnerability

  • Announced by Intel, discovered by a security researcher at Google - not
    much heads up to distros, kernel team worked quickly to respin affected
    kernels (>= 4.8) over the weekend

  • Originally was mention on twitter that Google were going to publish a
    blog post with more details but this got held back to give time for
    distros etc to patch


[USN-4593-1] FreeType vulnerability [07:30 ]



  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)


  • Integer overflow -> heap buffer overflow

  • Reported by Google to Freetype upstream with the comment that it was
    being exploited in the wild

  • The patch simply moves a check that was added originally to fix another
    CVE a few lines higher since it still provided the chance of an integer
    overflow -> heap buffer overflow

  • Update released for Ubuntu within 16h of the original report to the
    upstream FreeType developers


[USN-4558-1] libapreq2 vulnerabilities



[USN-4557-1] Tomcat vulnerabilities



[USN-4560-1] Gon gem vulnerability



[USN-4561-1] Rack vulnerabilities



[USN-4562-1] kramdown vulnerability



[USN-4569-1] Yaws vulnerabilities



[USN-4571-1] rack-cors vulnerability



[USN-4564-1] Apache Tika vulnerabilities



[USN-4565-1] OpenConnect vulnerability



[USN-4566-1] Cyrus IMAP Server vulnerabilities



[USN-4567-1] OpenDMARC vulnerability



[USN-4573-1] Vino vulnerabilities



[USN-4574-1] libseccomp-golang vulnerability



[USN-4575-1] dom4j vulnerability



[USN-4581-1] Python vulnerability



  • 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS)



[USN-4582-1] Vim vulnerabilities



[USN-4583-1] PHP vulnerabilities



  • 2 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)



[USN-4589-1] containerd vulnerability



[USN-4589-2] Docker vulnerability



  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)



[USN-4585-1] Newsbeuter vulnerabilities



[USN-4584-1] HtmlUnit vulnerability



[USN-4546-2] Firefox regressions



  • Affecting Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)


[USN-4590-1] Collabtive vulnerability



[USN-4586-1] PHP ImageMagick vulnerability



[USN-4594-1] Quassel vulnerabilities



[USN-4595-1] Grunt vulnerability



Goings on in Ubuntu Security Community


NSA Report on 25 most exploited CVEs by Chinese State-Sponsored Actors [09:51 ]



Ubuntu 20.10 Groovy Gorilla Release [13:50 ]



Get in contact


Comments 
In Channel
Episode 115

Episode 115

2021-05-1412:44

Episode 114

Episode 114

2021-05-0612:44

Episode 113

Episode 113

2021-04-3016:28

Episode 112

Episode 112

2021-04-1614:37

Episode 111

Episode 111

2021-04-0812:10

Episode 110

Episode 110

2021-04-0113:57

Episode 109

Episode 109

2021-03-2608:16

Episode 108

Episode 108

2021-03-1911:48

Episode 107

Episode 107

2021-03-1212:04

Episode 106

Episode 106

2021-03-0414:00

Episode 105

Episode 105

2021-02-2517:03

Episode 104

Episode 104

2021-02-1914:18

Episode 103

Episode 103

2021-02-1213:14

Episode 102

Episode 102

2021-02-0512:26

Episode 101

Episode 101

2021-01-2827:25

Episode 100

Episode 100

2020-12-1117:46

Episode 99

Episode 99

2020-12-0418:35

Episode 98

Episode 98

2020-11-2713:54

Episode 97

Episode 97

2020-11-2115:11

Episode 96

Episode 96

2020-11-1307:41

loading
Download from Google Play
Download from App Store
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Episode 93

Episode 93

Ubuntu Security Team