PLAY PODCASTS
Episode 233

Episode 233

This week we take a look at the recent Crowdstrike outage and what we can learn from it compared to the testing and release process for security updates in Ubuntu, plus we cover details of vulnerabilities in poppler, phpCAS, EDK II,...

Ubuntu Security Podcast · Ubuntu Security Team

August 2, 202424m 7s

Audio is streamed directly from the publisher (people.canonical.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Original episode page

Show Notes

Overview

This week we take a look at the recent Crowdstrike outage and what we can learn from it compared to the testing and release process for security updates in Ubuntu, plus we cover details of vulnerabilities in poppler, phpCAS, EDK II, Python, OpenJDK and one package with over 300 CVE fixes in a single update.

This week in Ubuntu Security Updates

462 unique CVEs addressed

[USN-6915-1] poppler vulnerability (01:35)

  • 1 CVEs addressed in Jammy (22.04 LTS), Noble (24.04 LTS)
  • Installed by default in Ubuntu due to use by cups
  • PDF document format describes a Catalog which has a tree of destinations - essentially hyperlinks within the document. These can be either a page number etc or a named location within the document. If open a crafted document with a missing name property for a destination - name would then be NULL and would trigger a NULL ptr deref -> crash -> DoS

[USN-6913-1] phpCAS vulnerability (02:26)

  • 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
  • Authentication library for PHP to allow PHP applications to authenticates users against a Central Authentication Server (ie. SSO).
  • When used for SSO, a client who is trying to use a web application gets directed to the CAS. The CAS then authenticates the user and returns a service ticket - the client then needs to validate this ticket with the CAS since it could have possibly been injected via the application. To do this, pass the ticket along with its own service identifier to CAS - and if this succeeds is provided with the details of which user was authenticated etc.
  • For clients, previously would use HTTP headers to determine where the CAS server was to authenticate the ticket. Since these can be manipulated by a malicious application, could essentially redirect the client to send the ticket to the attacker who could then use that to impersonate the client and login as the user.
  • Fix requires a refactor to include an additional API parameter which specifies either a fixed CAS server for the client to use, or a mechanism to auto-discover this in a secure way - either way, applications using phpCAS now need to be updated.

[USN-6914-1] OCS Inventory vulnerability

  • 1 CVEs addressed in Jammy (22.04 LTS)
  • Same as above since has an embedded copy of phpCAS

[USN-6916-1] Lua vulnerabilities (04:44)

  • 2 CVEs addressed in Jammy (22.04 LTS)
  • Heap buffer over-read and a possible heap buffer over-flow via recursive error handling - looks like both require to be interpreting malicious code

[USN-6920-1] EDK II vulnerabilities (05:04)

[USN-6928-1] Python vulnerabilities (05:49)

  • 2 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
  • Memory race in the ssl module - can call into various functions to get certificate information at the same time as certs are loaded if happening to be doing a TLS handshake with a certificate directory configured - all via different threads. Python would then possibly return inconsistent results leading to various issues
  • Occurs since ssl module is implemented in C to interface with openssl and did not properly lock access to the certificate store

[USN-6929-1, USN-6930-1] OpenJDK 8 and OpenJDK 11 vulnerabilities (06:52)

[USN-6931-1, USN-6932-1] OpenJDK 17 and OpenJDK 21 vulnerabilities (07:11)

[USN-6934-1] MySQL vulnerabilities (07:29)

[USN-6917-1] Linux kernel vulnerabilities (07:57)

[USN-6918-1] Linux kernel vulnerabilities

[USN-6919-1] Linux kernel vulnerabilities

← All episodes of Ubuntu Security Podcast