April 16, 2021

Episode 112

14 minutes

Overview

This week we look at a reboot of the DWF project, Rust in the Linux kernel,

an Ubuntu security webinar plus some details of the 45 CVEs addressed

across the Ubuntu releases this last week and more.

This week in Ubuntu Security Updates

45 unique CVEs addressed

[LSN-0075-1] Linux kernel vulnerability [01:01]

8 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2021-27365

CVE-2021-27364

CVE-2021-27363

CVE-2021-3444

CVE-2020-29374

CVE-2020-29372

CVE-2020-27171

CVE-2020-27170

madvise issue reported by Jann Horn -

BPF spectre mitigations fixes (Episode 109)

[USN-4903-1] curl vulnerability [02:02]

1 CVEs addressed in Trusty ESM (14.04 ESM)

CVE-2021-22876

Episode 110 - leaking credentials via HTTP Referer header

[USN-4896-2] lxml vulnerability

1 CVEs addressed in Trusty ESM (14.04 ESM)

CVE-2021-28957

Episode 110

[USN-4899-2] SpamAssassin vulnerability

1 CVEs addressed in Trusty ESM (14.04 ESM)

CVE-2020-1946

Episode 110

[USN-4905-1] X.Org X Server vulnerability [02:26]

1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)

CVE-2021-3472

Local user (X client) could crash the server via Xinput extension and

ChangeFeedbackControl request - integer underflow -> heap buffer overflow

[USN-4906-1] Nettle vulnerability [03:31]

1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)

CVE-2021-20305

Low level crypto library used by lots of packages - chrony, dnsmasq,

lighttpd, qemu, squid, supertuxkart

Could en up calling EC multiply with out-of-range scalers - as a result

would get incorrect results during EC signature verification and so could

allow an attacker to trigger an assertion failure -> DoS OR force an

invalid signature - bypass verification

[USN-4904-1] Linux kernel vulnerabilities [04:27]

11 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS)

CVE-2021-28038

CVE-2021-26931

CVE-2021-26930

CVE-2021-20261

CVE-2019-19061

CVE-2019-16232

CVE-2019-16231

CVE-2018-13095

CVE-2017-5967

CVE-2017-16644

CVE-2015-1350

[USN-4907-1] Linux kernel vulnerabilities

3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS)

CVE-2021-3348

CVE-2021-3347

CVE-2018-13095

[USN-4909-1] Linux kernel vulnerabilities

4 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2021-3348

CVE-2021-26931

CVE-2021-26930

CVE-2021-20194

[USN-4910-1] Linux kernel vulnerabilities

5 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)

CVE-2021-3178

CVE-2021-3348

CVE-2021-3347

CVE-2021-20268

CVE-2021-20239

[USN-4911-1] Linux kernel (OEM) vulnerabilities

4 CVEs addressed in Focal (20.04 LTS)

CVE-2021-28950

CVE-2021-28375

CVE-2021-28038

CVE-2020-25639

[USN-4912-1] Linux kernel (OEM) vulnerabilities

14 CVEs addressed in Focal (20.04 LTS)

CVE-2021-3178

CVE-2021-3411

CVE-2021-20194

CVE-2020-36158

CVE-2020-27830

CVE-2020-25669

CVE-2020-25645

CVE-2020-25285

CVE-2020-14390

CVE-2020-14351

CVE-2020-0466

CVE-2020-0465

CVE-2020-0423

CVE-2021-29154

Piotr Krysiuk - BPF JIT - invalid branch displacement - could allow OOB

memory read/write -> code exec or at least crash - unpriv in Ubuntu so

could then allow an unprivileged user to get kernel code exec

Thanks to kernel team for handling these issues - lots of kernel security

issues at the moment so thanks for their hard work

Goings on in Ubuntu Security Community

DWF v2 [07:25]

https://lwn.net/Articles/851849/

https://iwantacve.org/

https://twitter.com/CVEannounce/status/1368992488464203777

Rust support for Linux kernel [10:12]

https://lore.kernel.org/lkml/[email protected]/

https://security.googleblog.com/2021/04/rust-in-linux-kernel.html

Securing open source from cloud to edge webinar [12:19]

https://www.brighttalk.com/webcast/6793/440517

Ubuntu is built with security in mind from the ground up, and how we keep

you protected against major vulnerabilities

How you can ensure performant open source in production environments

Specific security services that can help you achieve maximum availability

by reducing downtime and providing access to high and critical CVE fixes

Ubuntu helps organisations remain compliant with government and industry

standards and regulations, including Common Criteria EAL2 with FIPS 140-2

Level 1 certified crypto modules

Hiring [13:13]

AppArmor Security Engineer

https://canonical.com/careers/2114847/apparmor-security-engineer-remote

Linux Cryptography and Security Engineer

https://canonical.com/careers/2612092/linux-cryptography-and-security-engineer-remote

Security Engineer - Ubuntu

https://canonical.com/careers/2925180/security-engineer-ubuntu-remote

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@ubuntu_sec on twitter

...more

View all episodes

By Ubuntu Security Team

4.8

1010 ratings

April 16, 2021

Episode 112

14 minutes

Overview

This week we look at a reboot of the DWF project, Rust in the Linux kernel,

an Ubuntu security webinar plus some details of the 45 CVEs addressed

across the Ubuntu releases this last week and more.

This week in Ubuntu Security Updates

45 unique CVEs addressed

[LSN-0075-1] Linux kernel vulnerability [01:01]

8 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2021-27365

CVE-2021-27364

CVE-2021-27363

CVE-2021-3444

CVE-2020-29374

CVE-2020-29372

CVE-2020-27171

CVE-2020-27170

madvise issue reported by Jann Horn -

BPF spectre mitigations fixes (Episode 109)

[USN-4903-1] curl vulnerability [02:02]

1 CVEs addressed in Trusty ESM (14.04 ESM)

CVE-2021-22876

Episode 110 - leaking credentials via HTTP Referer header

[USN-4896-2] lxml vulnerability

1 CVEs addressed in Trusty ESM (14.04 ESM)

CVE-2021-28957

Episode 110

[USN-4899-2] SpamAssassin vulnerability

1 CVEs addressed in Trusty ESM (14.04 ESM)

CVE-2020-1946

Episode 110

[USN-4905-1] X.Org X Server vulnerability [02:26]

1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)

CVE-2021-3472

Local user (X client) could crash the server via Xinput extension and

ChangeFeedbackControl request - integer underflow -> heap buffer overflow

[USN-4906-1] Nettle vulnerability [03:31]

1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)

CVE-2021-20305

Low level crypto library used by lots of packages - chrony, dnsmasq,

lighttpd, qemu, squid, supertuxkart

Could en up calling EC multiply with out-of-range scalers - as a result

would get incorrect results during EC signature verification and so could

allow an attacker to trigger an assertion failure -> DoS OR force an

invalid signature - bypass verification

[USN-4904-1] Linux kernel vulnerabilities [04:27]

11 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS)

CVE-2021-28038

CVE-2021-26931

CVE-2021-26930

CVE-2021-20261

CVE-2019-19061

CVE-2019-16232

CVE-2019-16231

CVE-2018-13095

CVE-2017-5967

CVE-2017-16644

CVE-2015-1350

[USN-4907-1] Linux kernel vulnerabilities

3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS)

CVE-2021-3348

CVE-2021-3347

CVE-2018-13095

[USN-4909-1] Linux kernel vulnerabilities

4 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2021-3348

CVE-2021-26931

CVE-2021-26930

CVE-2021-20194

[USN-4910-1] Linux kernel vulnerabilities

5 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)

CVE-2021-3178

CVE-2021-3348

CVE-2021-3347

CVE-2021-20268

CVE-2021-20239

[USN-4911-1] Linux kernel (OEM) vulnerabilities

4 CVEs addressed in Focal (20.04 LTS)

CVE-2021-28950

CVE-2021-28375

CVE-2021-28038

CVE-2020-25639

[USN-4912-1] Linux kernel (OEM) vulnerabilities

14 CVEs addressed in Focal (20.04 LTS)

CVE-2021-3178

CVE-2021-3411

CVE-2021-20194

CVE-2020-36158

CVE-2020-27830

CVE-2020-25669

CVE-2020-25645

CVE-2020-25285

CVE-2020-14390

CVE-2020-14351

CVE-2020-0466

CVE-2020-0465

CVE-2020-0423

CVE-2021-29154

Piotr Krysiuk - BPF JIT - invalid branch displacement - could allow OOB

memory read/write -> code exec or at least crash - unpriv in Ubuntu so

could then allow an unprivileged user to get kernel code exec

Thanks to kernel team for handling these issues - lots of kernel security

issues at the moment so thanks for their hard work

Goings on in Ubuntu Security Community

DWF v2 [07:25]

https://lwn.net/Articles/851849/

https://iwantacve.org/

https://twitter.com/CVEannounce/status/1368992488464203777

Rust support for Linux kernel [10:12]

https://lore.kernel.org/lkml/[email protected]/

https://security.googleblog.com/2021/04/rust-in-linux-kernel.html

Securing open source from cloud to edge webinar [12:19]

https://www.brighttalk.com/webcast/6793/440517

Ubuntu is built with security in mind from the ground up, and how we keep

you protected against major vulnerabilities

How you can ensure performant open source in production environments

Specific security services that can help you achieve maximum availability

by reducing downtime and providing access to high and critical CVE fixes

Ubuntu helps organisations remain compliant with government and industry

standards and regulations, including Common Criteria EAL2 with FIPS 140-2

Level 1 certified crypto modules

Hiring [13:13]

AppArmor Security Engineer

https://canonical.com/careers/2114847/apparmor-security-engineer-remote

Linux Cryptography and Security Engineer

https://canonical.com/careers/2612092/linux-cryptography-and-security-engineer-remote

Security Engineer - Ubuntu

https://canonical.com/careers/2925180/security-engineer-ubuntu-remote

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@ubuntu_sec on twitter

...more

Share Episode 112

Sign up to save your podcasts

Episode 112

Episode 112