Introduction
What will be covered
Overview of latest security updates for UbuntuIn depth discussion of trending CVEsOther things the team has been up toThis week in Ubuntu Security Updates
SegmentSmack (CVE-2018-5390) (USN-3732-1)
DoS via expensive algorithmic computation in TCP stream reassemblyRequires attacker to have an existing TCP sessionAffecting kernel >= 4.9Fixed in Bionic and Xenial for HWENo known exploits in the wildlinux kernel (LSN-0041-1)
brief description of livepatchSeveral issues (5 CVEs)stack overflow in SCSI / cdrom layers (CVE-2018-11506)DoS / crash via specially crafted ext4 filesystem (CVE-2018-1094)files can be created with group permissions which the original owner did not have within sgid directories (CVE-2018-13405)Originally reported by Jann Horn in relation to whoopsie / apport in UbuntuDoS / crash via specially crafted xfs filesystem (CVE-2018-13094)SegmentSmack fix (CVE-2018-5390)generic & lowlatency kernels for Trusty, Xenial and Bionicgnupg (CVE-2017-7526) (USN-3733-1)
Cache side-channel attack on RSA implementationWhen CVE was created, only assigned to libgcryptgnupg quietly announced 1.4.23 as fixing this CVE as well in JuneTurns out was actually fixed in 1.4.22So Bionic etc not affectedFixed in Trusty and XenialNo known exploits in the wildopenjdk (CVE-2018-2952) (USN-3734-1)
Denial of service via excessive memory consumptionopenjdk-7 in trusty and openjdk-8 in xeniallxc (CVE-2018-6556) (USN-3730-1)
Allows opening (but not reading) of arbitrary filesInformation disclosure / DoS since could open pseudoterminals or other kernel devices and cause exhausting of resourcesFor lxc >=2.0 - bionic, xenial-backportslibxcursor (CVE-2015-9262) (USN-3729-1)
Classic off-by-one error - string allocation but forgot to allocate byte for NUL terminatorAs on the heap allows heap memory corruptionPossible code execution etcIn handling of cursor themes so could be triggered when loading a malicious themesAffects libxcursor in trusty and xenial - both fixedlftp (CVE-2018-10196) (USN-3731-1)
Command-line FTP / HTTP / BitTorrent clientsDoes not properly validate filenames from server when mirroring locallyCould allow a malicious server to remove all files in PWDFixed in Bionic, Xenial, Trusty & Precise ESMSubscribe to ubuntu-security-announce mailing list
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announceGoings on in Ubuntu Security
NCSC publish Ubuntu 18.04 LTS Security Guide
A couple weeks old now, but worth mentioningNational Cyber Security Centre in UKProvide infosec guidance to public and private sectorFocuses around End User Devices deployed for remote work but applies equally to home / office as wellCovers guidance such as:VPNEnforcing a given password policyUEFI Secure BootLivepatchFirewall configurationAuditinghttps://www.ncsc.gov.uk/guidance/eud-security-guidance-ubuntu-1804-ltshttps://blog.ubuntu.com/2018/07/30/national-cyber-security-centre-publish-ubuntu-18-04-lts-security-guideSeth Arnold’s AppArmor 3.0 presentation at DebConf
Overview of AppArmor with brief history and walkthough of main featuresEfforts to enable AppArmor by default in Debian Buster (10)Ongoing work to upstream the latest AppArmor changesCourse-grained network mediation (AF_INET / AF_IET6)DBus mediationAlmost all are now in Linux kernel 4.19Some remain for 4.20Unix socketsFuture directions for AppArmorIMA-aware policy (in 4.17, requires AppArmor 3.0 userspace)Contributed by Google, hopefully will be available soonFine-grained networking mediation (ie. port level mediation)Shared memory mediationcgroupsoverlayfsuser specific policyMultiple namespaces support for AppArmorLXD / libvirt / snapd / dockerpolicy within a namespace (and policy outside the namespace too)Demo of LXD with namespaced policyhttps://debconf18.debconf.org/talks/106-apparmor-30/Hiring
Ubuntu Security Engineer
https://boards.greenhouse.io/canonical/jobs/1158266Get in contact
#ubuntu-security on the Libera.Chat IRC network@ubuntu_sec on twitter
View all episodes
