Sign up to save your podcasts
Or
Share Episode 104
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 104
Overview
This week we take a look at a long-awaited update of Thunderbird in Ubuntu
20.04LTS, plus security updates for Open vSwitch, JUnit 4, PostSRSd, GNOME
Autoar and more.
This week in Ubuntu Security Updates
14 unique CVEs addressed
[USN-4729-1] Open vSwitch vulnerability [00:55]
openvswitch. A limitation in the implementation of userspace packet
parsing can allow a malicious user to send a specially crafted packet
causing the resulting megaflow in the kernel to be too wide, potentially
causing a denial of service. The highest threat from this vulnerability
is to system availability.
[USN-4731-1] JUnit 4 vulnerability [02:05]
accessible - so contents could be read by other users - so if tests were
writing API keys or passwords these would be able to be read by others
users -> info disclosure. Fixed to create temp directory with permissions
so it is only readable by the owner.
[USN-4730-1] PostSRSd vulnerability [02:57]
addresses when forwarding emails from hosts that use SPF - rewrites the
address to appear to come from your hosts address and allows you to do
the inverse and appropriately handle and bounces etc by reverse-rewriting
the sender address to recover the original address
an exceedingly long SRS timestamp - fixed to just reject those which are
past the expected regular size
[USN-4732-1] SQLite vulnerability [04:20]
particular query constructs
[USN-4733-1] GNOME Autoar vulnerability [04:42]
library used by nautilus and other gnome components when handling
archives - ie right click an archive in nautilus and select “extract
here”
outside the destination directory, would blindly follow the symlink and
overwrite arbitrary files - instead fixed to check if is a symlink with
an absolute target OR one that points outside the destination folder via
relative path and reject in that case
[USN-4734-1, USN-4734-2] wpa_supplicant and hostapd vulnerabilities [06:01]
just has to be in radio range when the victim performs a P2P discovery
aka wifi direct search - discovered by Google’s OSS-Fuzz project
[USN-4735-1] PostgreSQL vulnerability [07:23]
occur when handling particular errors - if a user had the permission to
UPDATE on a partitioned table but not the SELECT privilege on some column
and tried to UPDATE on that column, the resulting error message
concerning this constraint violation could leak values on the columns
which the user did not have permission. Rare setup so unlikely to be
affected in practice.
[USN-4736-1] Thunderbird vulnerabilities [08:18]
(derived from firefox) - DoS, info leak, RCE. Also possible response
injection attack from a person-in-the-middle during STARTTLS connection
setup - ie could inject unencrypted response which would then be
evaluated after the encrypted connection was setup so would get treated
as coming from the trusted host.
Goings on in Ubuntu Security Community
Thunderbird to be upgraded to 78.x in Ubuntu 20.04 LTS [09:32]
security fixes for this old codebase
particular with handling of PGP - previously TB had no native support for
PGP but Enigmail addon provided this
internal PGP is a bit different and requires migration - this should be
handled automatically by the new version to migrate existing enigmail
users across
extensions etc
unit tests for their extensions and to run these in TB/FF etc
20.04
Get in contact
View all episodes
By Ubuntu Security Team
4.8
1010 ratings
Overview
This week we take a look at a long-awaited update of Thunderbird in Ubuntu
20.04LTS, plus security updates for Open vSwitch, JUnit 4, PostSRSd, GNOME
Autoar and more.
This week in Ubuntu Security Updates
14 unique CVEs addressed
[USN-4729-1] Open vSwitch vulnerability [00:55]
openvswitch. A limitation in the implementation of userspace packet
parsing can allow a malicious user to send a specially crafted packet
causing the resulting megaflow in the kernel to be too wide, potentially
causing a denial of service. The highest threat from this vulnerability
is to system availability.
[USN-4731-1] JUnit 4 vulnerability [02:05]
accessible - so contents could be read by other users - so if tests were
writing API keys or passwords these would be able to be read by others
users -> info disclosure. Fixed to create temp directory with permissions
so it is only readable by the owner.
[USN-4730-1] PostSRSd vulnerability [02:57]
addresses when forwarding emails from hosts that use SPF - rewrites the
address to appear to come from your hosts address and allows you to do
the inverse and appropriately handle and bounces etc by reverse-rewriting
the sender address to recover the original address
an exceedingly long SRS timestamp - fixed to just reject those which are
past the expected regular size
[USN-4732-1] SQLite vulnerability [04:20]
particular query constructs
[USN-4733-1] GNOME Autoar vulnerability [04:42]
library used by nautilus and other gnome components when handling
archives - ie right click an archive in nautilus and select “extract
here”
outside the destination directory, would blindly follow the symlink and
overwrite arbitrary files - instead fixed to check if is a symlink with
an absolute target OR one that points outside the destination folder via
relative path and reject in that case
[USN-4734-1, USN-4734-2] wpa_supplicant and hostapd vulnerabilities [06:01]
just has to be in radio range when the victim performs a P2P discovery
aka wifi direct search - discovered by Google’s OSS-Fuzz project
[USN-4735-1] PostgreSQL vulnerability [07:23]
occur when handling particular errors - if a user had the permission to
UPDATE on a partitioned table but not the SELECT privilege on some column
and tried to UPDATE on that column, the resulting error message
concerning this constraint violation could leak values on the columns
which the user did not have permission. Rare setup so unlikely to be
affected in practice.
[USN-4736-1] Thunderbird vulnerabilities [08:18]
(derived from firefox) - DoS, info leak, RCE. Also possible response
injection attack from a person-in-the-middle during STARTTLS connection
setup - ie could inject unencrypted response which would then be
evaluated after the encrypted connection was setup so would get treated
as coming from the trusted host.
Goings on in Ubuntu Security Community
Thunderbird to be upgraded to 78.x in Ubuntu 20.04 LTS [09:32]
security fixes for this old codebase
particular with handling of PGP - previously TB had no native support for
PGP but Enigmail addon provided this
internal PGP is a bit different and requires migration - this should be
handled automatically by the new version to migrate existing enigmail
users across
extensions etc
unit tests for their extensions and to run these in TB/FF etc
20.04
Get in contact