Episode 77
This week we look at security updates for Unbound, OpenSSL, Flask, FreeRDP, Django and more, plus Joe and Alex discuss the Octopus malware infecting Netbeans projects.
Ubuntu Security Podcast · Ubuntu Security Team
June 7, 202020m 32s
Audio is streamed directly from the publisher (people.canonical.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Overview
This week we look at security updates for Unbound, OpenSSL, Flask, FreeRDP, Django and more, plus Joe and Alex discuss the Octopus malware infecting Netbeans projects.
This week in Ubuntu Security Updates
40 unique CVEs addressed
[USN-4374-1] Unbound vulnerabilities
- 2 CVEs addressed in Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- NXNS attack (Episode 75) (form of DNS reflection attack)
- Infinite loop when processing malformed answers from upstream servers -> CPU DoS
[USN-4375-1] PHP vulnerability
- 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- DoS via upload of files with very long names -> memory allocation failure, stop process, fail to cleanup temp file on disk -> disk space DoS
[USN-4376-1] OpenSSL vulnerabilities
- 4 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10)
- Timing side-channel attack against ECDSA signatures -> recover private keys
- RNG state shared between parent and child process across fork()
- Vulnerable to padding oracle attack -> decrypt traffic
[USN-4360-4] json-c vulnerability
- 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- Episode 75 -> update, regression, update without fix -> now properly fixed vuln without regression
[USN-4359-2] APT vulnerability
- 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM)
- Episode 75 (ar archive handling)
[USN-4367-2] Linux kernel regression
- 3 CVEs addressed in Focal (20.04 LTS)
- 5.4 kernel (Episode 75)
- overlayfs regression - caused by adding some changes for shiftfs to special-case overlayfs - BUT in-fact was already present in overlayfs and this just manifested it - so for now revert the shiftfs related changes until is fixed properly in overlayfs itself
[USN-4369-2] Linux kernel regression
- 8 CVEs addressed in Bionic (18.04 LTS), Eoan (19.10)
- 5.3 kernel (Episode 75)
- overlayfs regression above
[USN-4377-1, USN-4377-2] ca-certificates update
- Affecting Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- “AddTrust Exteral Root CA” certificate had expired - curl and other applications would fail to connect if they found a certificate chain which validated via this cert (even if other paths in the chain would be valid) - removing this cert is the easiest way to fix the issue.
- Updated the certs for 16.04 & 18.04 LTS as well
[USN-4378-1] Flask vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS)
- DoS via memory exhaustion on crafted inputs
[USN-4379-1] FreeRDP vulnerabilities
- 19 CVEs addressed in Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- Various issues including, OOB write for RSA crypto handling, OOB read on font handling, info disclosure via ability to read client memory as color info, etc.
[USN-4380-1] Apache Ant vulnerability
- 1 CVEs addressed in Eoan (19.10)
- Info leak to / malicious code exec from a local user due to the use of system-wide /tmp for several tasks (Mike Salvatore)
[USN-4381-1] Django vulnerabilities
- 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- XSS via the admin ForeignKeyRawIdWidget due to failure to properly encoded query parameters
- Failure to properly validate memcached cache keys - could allow a remote attacker to DoS / info leak