Episode 60
Security updates for python-apt, GnuTLS, tcpdump, the Linux kernel and more, plus we look at plans to integrate Ubuntu Security Notices within the main ubuntu.com website.
Ubuntu Security Podcast · Ubuntu Security Team
January 30, 202013m 39s
Audio is streamed directly from the publisher (people.canonical.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Overview
Security updates for python-apt, GnuTLS, tcpdump, the Linux kernel and more, plus we look at plans to integrate Ubuntu Security Notices within the main ubuntu.com website.
This week in Ubuntu Security Updates
91 unique CVEs addressed
[USN-4247-1, USN-4247-2, USN-4247-3] python-apt vulnerabilities [00:42]
- 2 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Disco, Eoan
- Could still use md5 to validate downloads - md5 has been broken for a while now so if md5 hashes were available for a repo then these would be trusted - instead, verify all hashes
- Ensure repository is trusted before downloading from it - in some cases, could configure repositories that were not trusted and python-apt based clients would not check trust - so would use it - now always check and verify unless the repository is specifically configured as trusted
[USN-4248-1] GraphicsMagick vulnerabilities [02:31]
- 10 CVEs addressed in Xenial
- Episode 59, Episode 57, Episode 55 etc
[USN-4246-1] zlib vulnerabilities [02:55]
- 4 CVEs addressed in Xenial
- Trail of Bits security audit of zlib found various instances of undefined behaviour in the implementation - pointer increment operations on undefined memory ranges, shifts by negative indices etc. Unlikely to have any real world impact.
[USN-4249-1] e2fsprogs vulnerability [03:55]
- 1 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Disco, Eoan
- Stack buffer overflow when e2fsck’ing a specially crafted ext4 file-system image
[USN-4233-2] GnuTLS update [04:34]
- Affecting Xenial, Bionic
- Episode 59 - disabled SHA1 for digital signatures in GnuTLS - this update adds VERIFY_ALLOW_BROKEN and VERIFY_ALLOW_SIGN_WITH_SHA1 priority strings so can still use sha1 if really needed
[USN-4230-2] ClamAV vulnerability [05:16]
- 1 CVEs addressed in Precise ESM, Trusty ESM
- Episode 59
[USN-4250-1] MySQL vulnerabilities [05:34]
- 14 CVEs addressed in Xenial, Bionic, Eoan
- New upstream release (5.7.29 - xenial, bionic) (8.0.19 - eoan)
[USN-4251-1] Tomcat vulnerabilities [06:02]
- 2 CVEs addressed in Xenial
[USN-4252-1, USN-4252-2] tcpdump vulnerabilities [06:05]
- 28 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic
- CVE-2019-15167
- CVE-2019-15166
- CVE-2019-1010220
- CVE-2018-19519
- CVE-2018-16452
- CVE-2018-16451
- CVE-2018-16300
- CVE-2018-16230
- CVE-2018-16229
- CVE-2018-16228
- CVE-2018-16227
- CVE-2018-14882
- CVE-2018-14881
- CVE-2018-14880
- CVE-2018-14879
- CVE-2018-14470
- CVE-2018-14469
- CVE-2018-14468
- CVE-2018-14467
- CVE-2018-14466
- CVE-2018-14465
- CVE-2018-14464
- CVE-2018-14463
- CVE-2018-14462
- CVE-2018-14461
- CVE-2018-10105
- CVE-2018-10103
- CVE-2017-16808
- Usual mix of buffer overflows and the like in various tcpdump dissectors - in general you should not run tcpdump on untrusted data - when run as root, by default tcpdump will drop permissions to the tcpdump user after opening the capture device so this makes it somewhat safer
[USN-4253-1, USN-4253-2] Linux kernel vulnerability [07:30]
- 1 CVEs addressed in Bionic (HWE), Eoan (5.3 kernel)
- Intel GPU would fail to clear state during context switch - could allow an info leak between local users - so update driver to forcibly clear state
[USN-4255-1, USN-4255-2] Linux kernel vulnerabilities [08:07]
- 2 CVEs addressed in Xenial (HWE), Bionic (4.15 kernel)
- Intel GPU state info leak
- Intel GPU driver (i915) UAF - crash / code execution
[USN-4258-1] Linux kernel vulnerabilities [08:40]
- 15 CVEs addressed in Bionic (AWS, GCP, GKE) (5.0 kernel)
- OOB write in KVM hypervisor via /dev/kvm
- Virtual console could allow writes via unimplemented unicode devices - out of bounds memory access - crash etc
- 2 separate memory leaks in crypto subsystem on certain failure paths - local user accessible - DoS via memory exhaustion
- NULL ptr deref in Atheros wireless USB driver
[USN-4254-1, USN-4254-2] Linux kernel vulnerabilities [09:54]
- 9 CVEs addressed in Trusty ESM (HWE), Xenial (4.4 kernel)
- OOB write in KVM hypervisor via /dev/kvm
- Crypto memory leak
- Intel GPU info leak
[USN-4256-1] Cyrus SASL vulnerability [10:24]
- 1 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Eoan
- OOB write due to off-by-one error - originally reported against OpenLDAP which uses cyrus-sasl and was able to be crashed by an unauthenticated remote user due to this
[USN-4236-3] Libgcrypt vulnerability [10:57]
- 1 CVEs addressed in Precise ESM, Trusty ESM
- Episode 59 - ECDSA side-channel timing attack
[USN-4257-1] OpenJDK vulnerabilities [11:15]
- 8 CVEs addressed in Xenial, Bionic, Eoan
- Latest upstream release (11.0.6)
Goings on in Ubuntu Security Community
Moving Ubuntu Security Notices to ubuntu.com/security [11:34]
- mpt put out a call for feedback on plans to move USNs from usn.ubuntu.com to ubuntu.com/security/
- originally announced as a plan back in October on the ubuntu-hardened mailing list
- posted a mock-up of the resulting page and called for feedback
- this is expected to land in the next few weeks
- https://discourse.ubuntu.com/t/security-notices-on-ubuntu-com/14159