Episode 97

Episode 97

Update: 2020-11-21
Share

Description

Overview


This week we look at vulnerabilities in MoinMoin, OpenLDAP, Kerberos,
Raptor (including a discussion of CVE workflows and the oss-security
mailing list) and more, whilst in community news we talk about the upcoming
AppArmor webinar, migration of Ubuntu CVE information to ubuntu.com and
reverse engineering of malware by the Canonical Sustaining Engineering
team.


This week in Ubuntu Security Updates


45 unique CVEs addressed


[USN-4629-1] MoinMoin vulnerabilities [00:50 ]



  • 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)


  • RCE via attachment upload - can upload an attachment which is then
    cached - a subsequent crafted request can exploit a vulnerability in the
    cache handling code to achieve directory traversal and a subsequent RCE


[USN-4630-1] Raptor vulnerability [01:40 ]



[USN-4622-2] OpenLDAP vulnerability [03:43 ]



  • 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM)


  • Episode 96 - NULL ptr deref for a remote unauthenticated user in slapd

  • Upstream dispute this as a real CVE - say that only unintended info
    disclosure is a security issue (what about RCE?)


[USN-4628-2] Intel Microcode regression [04:29 ]



  • 3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)


  • Episode 96 - Failed to boot on new Tiger Lake platforms

  • We took the decision to remove this MCU once we saw the regression and
    had updates out within 24h of initial release

  • Intel have now reverted this themselves upstream in a fixup release
    20201118


[USN-4171-6] Apport regression [05:40 ]



  • 5 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)


  • Previous update could possibly be used to crash Apport itself due to
    mishandling of dropping permissions when reading the user’s config file
    (note these don’t normally exist unless you manually create one so in
    general is not an issue) - this fixes that and introduces some more
    hardening measures to try and ensure permissions are always dropped
    correctly and this is more robust overall


[USN-4631-1] libmaxminddb vulnerability [06:50 ]



  • 1 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)


  • Heap based buffer overread -> DoS


[USN-4632-1] SLiRP vulnerabilities [07:03 ]



  • 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)


  • 2 different buffer overflows - 1 due to improper use of return value from
    snprintf() - the other due to mishandling of pointer arithmetic -> DoS,
    RCE?


[USN-4607-2] OpenJDK regressions



[USN-4633-1] PostgreSQL vulnerabilities [07:42 ]



  • 3 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)


  • 1 RCE, 1 arbitrary SQL execution but need to be an authenticated user and
    1 DoS via dropping of connection


[USN-4634-1] OpenLDAP vulnerabilities [08:03 ]



  • 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)


  • 2 more DoS bugs against OpenLDAP - both assertion failures able to be
    triggered by a remote attacker


[USN-4635-1] Kerberos vulnerability [08:29 ]



  • 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)


  • DoS via unbounded recursion in parsing of ASN.1 encoded message - BER can
    specify an indefinite length - so this was parsed recursively but since
    it never placed any limit on this if the nesting was deep enough, could
    overrun the stack an trigger an abort.


[USN-4636-1] LibVNCServer, Vino vulnerability [09:05 ]



  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)


  • Divide by zero -> DoS


[USN-4637-1] Firefox vulnerabilities [09:18 ]



Goings on in Ubuntu Security Community


Migration of Ubuntu CVE information from people.canonical.com to ubuntu.com [09:37 ]



  • Long time in the making - worked with the design team at Canonical to
    design and prototype display of CVEs in a more human friendly format (for
    machine friendly we have OVAL etc)

  • ubuntu.com/security/CVE-XXXX-XXXX

  • Still includes CVE description, priority, status per-release and other
    details - but focusses on the most salient ones rather than the more
    engineering style of the old ones

  • Redirects in place for old people.canonical.com URLs


Securing Linux Machines with AppArmor Webinar [11:18 ]



Analysis of the dovecat and hy4 Linux Malware [12:36 ]



Get in contact


Comments 
In Channel
Episode 115

Episode 115

2021-05-1412:44

Episode 114

Episode 114

2021-05-0612:44

Episode 113

Episode 113

2021-04-3016:28

Episode 112

Episode 112

2021-04-1614:37

Episode 111

Episode 111

2021-04-0812:10

Episode 110

Episode 110

2021-04-0113:57

Episode 109

Episode 109

2021-03-2608:16

Episode 108

Episode 108

2021-03-1911:48

Episode 107

Episode 107

2021-03-1212:04

Episode 106

Episode 106

2021-03-0414:00

Episode 105

Episode 105

2021-02-2517:03

Episode 104

Episode 104

2021-02-1914:18

Episode 103

Episode 103

2021-02-1213:14

Episode 102

Episode 102

2021-02-0512:26

Episode 101

Episode 101

2021-01-2827:25

Episode 100

Episode 100

2020-12-1117:46

Episode 99

Episode 99

2020-12-0418:35

Episode 98

Episode 98

2020-11-2713:54

Episode 97

Episode 97

2020-11-2115:11

Episode 96

Episode 96

2020-11-1307:41

loading
Download from Google Play
Download from App Store
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Episode 97

Episode 97

Ubuntu Security Team