Ubuntu Security Podcast

Episode 123

Listen Later
Overview

Is npm audit more harm than good? Plus this week we look at security

updates for DjVuLibre, libuv, PHP and more.

This week in Ubuntu Security Updates

8 unique CVEs addressed

[USN-4905-2] X.Org X Server vulnerability [00:42]
  • 1 CVEs addressed in Trusty ESM (14.04 ESM)
    • CVE-2021-3472
    • Episode 112 - Local user (X client) could crash the server via Xinput
      • extension and ChangeFeedbackControl request - integer underflow -> heap
      buffer overflow
      [USN-5005-1] DjVuLibre vulnerability [01:26]
      • 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
        • CVE-2021-3630
        • OOB write via crafted djvu file -> crash -> DoS, RCE
          • [USN-5007-1] libuv vulnerability [01:53]
          • 1 CVEs addressed in Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
            • CVE-2021-22918
            • Async event handling library - used by nodejs and others - supports async
              • handling TCP/UDP sockets, DNS resolution, file system operations etc
            • OOB read when converting strings to ASCII -> can be triggered via calls
              • to uv_getaddrinfo() which are done by clients who handle TCP/UDP sockets
              async (ie nodejs, Julia,, BIND etc)
              [USN-5006-1] PHP vulnerabilities [03:04]
              • 5 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
                • CVE-2021-21705
                • CVE-2021-21704
                • CVE-2021-21702
                • CVE-2020-7071
                • CVE-2020-7068
                • UAF in PHAR archive handling - generally these are trusted so low impact
                • mishandling of URLs with embedded passwords - unspecified impact but
                  • could misparse the URL and cause unwanted behaviour
                • Mishandling of XML when processing SOAP server responses -> NULL ptr
                  • deref (so malicious server could trigger a crash) -> DoS
                • Ability to bypass Sever Side Request Forgery (SSRF) protections in
                  • FILTER_VALIDATE_URL
                  Goings on in Ubuntu Security Community
                  npm audit broken by design? [04:13]
                  • https://overreacted.io/npm-audit-broken-by-design/
                    • Ubuntu Security Podcast on break for next 2 weeks [07:56]
                    Get in contact
                    • [email protected]
                    • #ubuntu-security on the Libera.Chat IRC network
                    • ubuntu-hardened mailing list
                    • Security section on discourse.ubuntu.com
                    • @ubuntu_sec on twitter
                      • ...more
                      View all episodesView all episodes
                      Download on the App Store
                      Ubuntu Security PodcastBy Ubuntu Security Team
                      • 4.8
                      • 4.8
                      • 4.8
                      • 4.8
                      • 4.8

                      4.8

                      10 ratings