Episode 63

Security updates for Firefox, QEMU, Linux kernel, ClamAV and more, plus we discuss our recommended reading list for getting into infosec and farewell long-time member of the Ubuntu Security Team / community Tyler Hicks.

Ubuntu Security Podcast · Ubuntu Security Team

February 20, 202026m 51s

Audio is streamed directly from the publisher (people.canonical.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Original episode page

Show Notes

Overview

This week in Ubuntu Security Updates

54 unique CVEs addressed

[USN-4278-1] Firefox vulnerabilities [00:55]

4 CVEs addressed in Bionic, Eoan
Firefox 73.0
- Various memory safety issues
- Possible XSS if a site used a <template> tag within a <select> tag since could allow subsequent JavaScript parsing and execution

[USN-4279-1] PHP vulnerabilities [01:26]

3 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Eoan
Buffer overread when converting multibyte characters via mbstring functions and when reading data whilst stripping tags via fgetss() - crash / info disc
Fix for a CPU and disk-based DoS when PHP FPM (FastCGI Process Manager) would endlessly restart a child process - busy CPU loop and large error logs -> DoS

[USN-4280-1, USN-4280-2] ClamAV vulnerability [02:27]

1 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Eoan
- CVE-2020-3123
OOB read in Data-Loss-Prevention (DLP) module (scans for CC or social security numbers) - crafted email would cause OOB read -> crash -> DoS

[USN-4281-1] WebKitGTK+ vulnerabilities [03:04]

5 CVEs addressed in Bionic, Eoan
Various issues able to be triggered by malicious websites
- DoS via poor memory handling
- Wrong secrity origin for particular DOM objects
- Top-level DOM object incorrectly considered secure
- Logic issue leading to a universal XSS flaw
- Poor memory handling leading to RCE

[USN-4282-1] PostgreSQL vulnerability [03:50]

1 CVEs addressed in Bionic, Eoan
- CVE-2020-1720
Missing authorization checks on ALTER … DEPENDS ON EXTENSION sub-commands - could allow unprivileged users to drop any function, procedure, index etc under certain conditions

[USN-4283-1] QEMU vulnerabilities [04:10]

3 CVEs addressed in Xenial, Bionic, Eoan
Buffer overflow in libslirp tcp emulation due to misuse of snprintf() return value - assumed snprintf() returns the number of bytes written - BUT returns the number of bytes which would have been written if the dest buffer was big enough - so if buffer is too small then returns a value larger than the buffer - so if that returned size is used later in a memcpy() or similar would overflow the buffer - so instead need to carefully track the return value if it is larger than the dest buffer
Separate buffer overflow in libslirp tcp emulation code due to missing size checks
Heap buffer OOB write in iSCSI block driver - malicious iSCSI server could trigger this and crash or possibly get code execution on QEMU host

[USN-4284-1] Linux kernel vulnerabilities [05:21]

23 CVEs addressed in Bionic, Eoan
5.3 kernel (eoan, bionic hwe)
Fix for Intel GPU state leak
Atheros Wifi NULL pointer dereference
2x Crypto subsystem memory leak
io_uring operations missing credentials checks - unprivileged user could say add an address to the loopback interface as a result
Virtual console drivers missing checks on writes
OOB write in KVM (need access to /dev/kvm)
Memory corruption on x86 platforms due to a race in caching of floating point registers between processors
NULL pointer dererefence in SCSI SAS Class driver due to a PHY down race-condition during discovery

[USN-4285-1] Linux kernel vulnerabilities [07:58]

12 CVEs addressed in Bionic
5.0 kernel (orace, aws, gke, gcp, azure etc)
UAF in Intel i915 driver - crash / code exec
Wifi-based DoS when used in AP mode - could get AP to send location updates to clients before a new client had finished authentication - so then as an unauthenticated station could DoS other connected stations
Memory leak in Datagram Congestion Control Protocol (DCCP) - DoS
2 from above:
- NULL ptr deref in SCSI SAS
- Intel GPU info leak

[USN-4287-1, USN-4287-2] Linux kernel vulnerabilities [08:46]

22 CVEs addressed in Xenial, Bionic, Trusty ESM (Azure)
4.15 (bionic, xenial hwe)
i915 UAF, wifi AP DoS, DCCP memory leak, SCSI SAS NULL ptr deref, KVM OOB write via /dev/kvm, crypto subsystem memory leak, atheros wifi NULL ptr deref, i915 info leak

[USN-4286-1, USN-4286-2] Linux kernel vulnerabilities [09:44]

12 CVEs addressed in Xenial, Trusty ESM (HWE)
4.4 kernel
Intel GPU info leak, SCSI SAS NULL ptr deref, DCCP memory leak, wifi AP DoS

Goings on in Ubuntu Security Community

Joe and Alex discuss their recommended reading list for infosec beginners [10:17]

Red Team Field Manual | Ben Clark
Head First Programming
Linux System Administrators Handbook | Nemeth, et al
Robert Seacord’s Secure Coding in C/C++
CERT Resilience Management Model (CERT-RMM)
The Code Book | Simon Singh
The Tao of Network Security Monitoring: Beyond Intrusion Detection | Richard Bejtlich
The Cuckoos Egg | Cliff Stoll
Linux Pro Magazine
Black Hat Python | Justin Seitz
Hacking: The Art Of Exploitation | Jon Erickson

Farewell and good luck Tyler Hicks (tyhicks) [25:05]

Get in contact

← All episodes of Ubuntu Security Podcast