Episode 72
A huge number of CVEs fixed in the various Ubuntu releases, including for PHP, Git, Thunderbird, GNU binutils and more, plus Joe McManus discusses ROS with Sid Faber.
Ubuntu Security Podcast · Ubuntu Security Team
April 24, 202020m 53s
Audio is streamed directly from the publisher (people.canonical.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Overview
A huge number of CVEs fixed in the various Ubuntu releases, including for PHP, Git, Thunderbird, GNU binutils and more, plus Joe McManus discusses ROS with Sid Faber.
This week in Ubuntu Security Updates
93 unique CVEs addressed
[USN-4330-1] PHP vulnerabilities [01:03]
- 5 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Eoan
- php5, php7.0, php7.2, php7.3
- get_headers() would silently truncate a URL containing a NUL terminator (\0) - so if used with user-supplied URL could get wrong details from the server
- stack overflow in mb_strtolower() when handling UTF32-LE encoding
- 1 byte buffer overread in handling EXIF data - info leak / crash
- PHAR archives created with world readable permissions
- NULL pointer dereference on file upload in certain situations -> crash
[USN-4331-1] WebKitGTK+ vulnerability [02:32]
- 1 CVEs addressed in Bionic, Eoan
- UAF when processing maliciously crafted web content
[USN-4332-1] File Roller vulnerability [02:51]
- 1 CVEs addressed in Xenial, Bionic, Eoan
- Possible directory traversal issue when extracting an archive where parent of file is a symlink pointing outside of the archive
[USN-4334-1] Git vulnerability [03:08]
- 1 CVEs addressed in Xenial, Bionic, Eoan
- CVE-2020-11008
- Similar to CVE-2020-5260 from Episode 71 - due to an incomplete fix for that where some credentials may still be leaked but the attacker cannot control which ones
[USN-4333-1] Python vulnerabilities [03:47]
- 2 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Eoan
- CRLF injection via an attacker controlled url parameter to urlopen() function in urllib
[USN-4335-1] Thunderbird vulnerabilities [04:09]
- 39 CVEs addressed in Xenial
- CVE-2020-6811
- CVE-2020-6794
- CVE-2020-6822
- CVE-2020-6795
- CVE-2020-6793
- CVE-2020-6792
- CVE-2019-15903
- CVE-2019-11755
- CVE-2019-11745
- CVE-2020-6825
- CVE-2020-6821
- CVE-2020-6820
- CVE-2020-6819
- CVE-2020-6814
- CVE-2020-6812
- CVE-2020-6807
- CVE-2020-6806
- CVE-2020-6805
- CVE-2020-6800
- CVE-2020-6798
- CVE-2019-20503
- CVE-2019-17026
- CVE-2019-17024
- CVE-2019-17022
- CVE-2019-17017
- CVE-2019-17016
- CVE-2019-17012
- CVE-2019-17011
- CVE-2019-17010
- CVE-2019-17008
- CVE-2019-17005
- CVE-2019-11764
- CVE-2019-11763
- CVE-2019-11762
- CVE-2019-11761
- CVE-2019-11760
- CVE-2019-11759
- CVE-2019-11758
- CVE-2019-11757
- Updated to latest upstream version 68.7.0
[USN-4336-1] GNU binutils vulnerabilities [04:46]
- 44 CVEs addressed in Bionic
- CVE-2019-9077
- CVE-2019-9075
- CVE-2019-9074
- CVE-2019-9073
- CVE-2019-9071
- CVE-2019-9070
- CVE-2019-17451
- CVE-2019-17450
- CVE-2019-14444
- CVE-2019-14250
- CVE-2019-12972
- CVE-2018-9138
- CVE-2018-8945
- CVE-2018-20671
- CVE-2018-20651
- CVE-2018-20623
- CVE-2018-20002
- CVE-2018-19932
- CVE-2018-19931
- CVE-2018-18701
- CVE-2018-18700
- CVE-2018-18607
- CVE-2018-18606
- CVE-2018-18605
- CVE-2018-18484
- CVE-2018-18483
- CVE-2018-18309
- CVE-2018-17985
- CVE-2018-17794
- CVE-2018-17360
- CVE-2018-17359
- CVE-2018-17358
- CVE-2018-13033
- CVE-2018-12934
- CVE-2018-12700
- CVE-2018-12699
- CVE-2018-12698
- CVE-2018-12697
- CVE-2018-12641
- CVE-2018-10535
- CVE-2018-10534
- CVE-2018-10373
- CVE-2018-10372
- CVE-2018-1000876
- Huge update covering many issues - thanks Marc Deslauriers - mostly in low severity issues like memory leaks in functions / utilities which are used only once or which are assumed to process trusted input.
- Often requested by customers who run vuln scanners - finds many open issues but doesn’t consider low severity - only 3 out of 44 had medium severity