Sign up to save your podcasts
Or
Share Episode 100
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 100
Overview
For the last episode of 2020, we look back at the most “popular”
packages on this podcast for this year as well as the biggest
vulnerabilities from 2020, plus a BootHole presentation at Ubuntu Masters
as well as vulnerability fixes from the past week too.
This week in Ubuntu Security Updates
21 unique CVEs addressed
[USN-4660-1] Linux kernel vulnerabilities [01:04]
[USN-4661-1] Snapcraft vulnerability [01:36]
would contain an empty element - so cwd would be included - if an
attacker can drop a malicious library that will be loaded by a snap
(eg. libc.so) into your home dir (and since home plug is used by almost
all snaps - and is autoconnected on non-Ubuntu Core systems) would allow
the attacker to get code-execution in the context of any snap
notified all affected snap publishers just need to rebuild their snaps
and users will get protected via snap refresh
[USN-4656-2] X.Org X Server vulnerabilities [04:20]
[USN-4662-1] OpenSSL vulnerability [04:34]
EDIPARTYNAME - so if an attacker can cause this they can cause a crash ->
DoS in any application which uses openssl for TLS handling etc - this can
be done if an attacker can get a client to check a malicious cert against
a malicious CRL - and since some apps auto-download CRLs based on URLs
presented in the cert itself this is not an unreasonable scenario - hence
high priority as the attack complexity is not high in this case
[USN-4663-1] GDK-PixBuf vulnerability [05:53]
[USN-4664-1] Aptdaemon vulnerabilities [06:31]
InstallFile method to install a local .deb - and uses policykit to ensure
that unprivileged users cannot use this to install packages - however,
that check only occurs after the deb has been parsed - so if there were
vulns in the parsing (which is provided by apt itself) - since aptd runs
as root could use these to get RCE - fixed by moving auth checks to occur
before parsing anything
[USN-4665-1] curl vulnerabilities [08:32]
wrong host -> info leak
alternate IP address + port to connect to -> could then trick clients
into doing port-scanning on their behalf or other info gathering etc
Goings on in Ubuntu Security Community
Look back over 2020 of the Ubuntu Security Podcast
Top 20 most featured packages [10:09]
Most high profile vulnerabilities [12:53]
Ubuntu Masters 4 - Together We Sink or Swim: Plugging the BootHole [14:12]
Michael (Eclypsium, discovered original BootHole vuln)
Hiring [15:58]
AppArmor Security Engineer
Engineering Director - Ubuntu Security
Engineering Manager - Ubuntu Security
Get in contact
View all episodes
By Ubuntu Security Team
4.8
1010 ratings
Overview
For the last episode of 2020, we look back at the most “popular”
packages on this podcast for this year as well as the biggest
vulnerabilities from 2020, plus a BootHole presentation at Ubuntu Masters
as well as vulnerability fixes from the past week too.
This week in Ubuntu Security Updates
21 unique CVEs addressed
[USN-4660-1] Linux kernel vulnerabilities [01:04]
[USN-4661-1] Snapcraft vulnerability [01:36]
would contain an empty element - so cwd would be included - if an
attacker can drop a malicious library that will be loaded by a snap
(eg. libc.so) into your home dir (and since home plug is used by almost
all snaps - and is autoconnected on non-Ubuntu Core systems) would allow
the attacker to get code-execution in the context of any snap
notified all affected snap publishers just need to rebuild their snaps
and users will get protected via snap refresh
[USN-4656-2] X.Org X Server vulnerabilities [04:20]
[USN-4662-1] OpenSSL vulnerability [04:34]
EDIPARTYNAME - so if an attacker can cause this they can cause a crash ->
DoS in any application which uses openssl for TLS handling etc - this can
be done if an attacker can get a client to check a malicious cert against
a malicious CRL - and since some apps auto-download CRLs based on URLs
presented in the cert itself this is not an unreasonable scenario - hence
high priority as the attack complexity is not high in this case
[USN-4663-1] GDK-PixBuf vulnerability [05:53]
[USN-4664-1] Aptdaemon vulnerabilities [06:31]
InstallFile method to install a local .deb - and uses policykit to ensure
that unprivileged users cannot use this to install packages - however,
that check only occurs after the deb has been parsed - so if there were
vulns in the parsing (which is provided by apt itself) - since aptd runs
as root could use these to get RCE - fixed by moving auth checks to occur
before parsing anything
[USN-4665-1] curl vulnerabilities [08:32]
wrong host -> info leak
alternate IP address + port to connect to -> could then trick clients
into doing port-scanning on their behalf or other info gathering etc
Goings on in Ubuntu Security Community
Look back over 2020 of the Ubuntu Security Podcast
Top 20 most featured packages [10:09]
Most high profile vulnerabilities [12:53]
Ubuntu Masters 4 - Together We Sink or Swim: Plugging the BootHole [14:12]
Michael (Eclypsium, discovered original BootHole vuln)
Hiring [15:58]
AppArmor Security Engineer
Engineering Director - Ubuntu Security
Engineering Manager - Ubuntu Security
Get in contact