July 30, 2021

Episode 124

14 minutes

Overview

It’s another week when too many security updates are never enough as we

cover 240 CVE fixes across Avahi, QEMU, the Linux kernel, containerd,

binutils and more, plus the Ubuntu 20.10 Groovy Gorilla end-of-life.

This week in Ubuntu Security Updates

240 unique CVEs addressed

[USN-5008-1, USN-5008-2] Avahi vulnerabilities [00:36]

2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)

CVE-2021-3502

CVE-2021-3468

2 DoS via local users - first via abusing the Avahi daemon’s unix socket -> hang

second by calling asking the avahi daemon to resolve a crafted domain

name either via the DBus API or the local socket - assert() -> crash

[USN-5006-2] PHP vulnerabilities [01:12]

5 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)

CVE-2021-21705

CVE-2021-21704

CVE-2021-21702

CVE-2020-7071

CVE-2020-7068

Episode 123

[USN-5009-1] libslirp vulnerabilities [01:31]

6 CVEs addressed in Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)

CVE-2021-3595

CVE-2021-3594

CVE-2021-3593

CVE-2021-3592

CVE-2020-29130

CVE-2020-29129

TCP/IP emulation library using by QEMU etc

Info leaks from the host to the guest via buffer over-reads in handling

of various network packet types (UDP etc)

[USN-5010-1] QEMU vulnerabilities [02:07]

21 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)

CVE-2021-3595

CVE-2021-3594

CVE-2021-3593

CVE-2021-3592

CVE-2021-3608

CVE-2021-3607

CVE-2021-3582

CVE-2021-3546

CVE-2021-3545

CVE-2021-3544

CVE-2021-3527

CVE-2021-3416

CVE-2021-3409

CVE-2021-20257

CVE-2021-20221

CVE-2020-35517

CVE-2021-3392

CVE-2020-35505

CVE-2020-35504

CVE-2020-29443

CVE-2020-15469

Usual mix of vulns in emulation of various devices etc - generally allows

a malicious guest to cause QEMU to crash on the host -> DoS

MMIO, ATAPI, SCSI, ARM Generic Interrupt Controller, e1000

Mishandling in virtio-fs shared filesystem daemon allows malicious guest

to read/write host devices

A few others possibly result on code-exec on the host as the QEMU daemon

BUT on Ubuntu QEMU is confined via AppArmor by default so this limits the

possible impact

[LSN-0078-1] Linux kernel vulnerability [03:14]

1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2021-3609

Livepatch for CAN BCM UAF -> arbitrary code exec (Episode 121)

[USN-5014-1] Linux kernel vulnerability [03:49]

1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Hirsute (21.04)

CVE-2021-33909

high priority respin

seq_file vuln - this virt file-system contained an unsigned integer

conversion error - would result in a local user being able to cause an

OOB write and hence possible code-exec in the kernel -> privesc

[USN-5015-1] Linux kernel (OEM) vulnerabilities [04:28]

5 CVEs addressed in Focal (20.04 LTS)

CVE-2021-3587

CVE-2021-3573

CVE-2021-3564

CVE-2021-28691

CVE-2021-33909

5.10 oem

seq_file vuln plus a couple UAF in bluetooth, NULL ptr deref in NFC, UAF

in Xen networking - guest to host crash/code-exec etc

[USN-5016-1] Linux kernel vulnerabilities [04:54]

5 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)

CVE-2021-3506

CVE-2021-33034

CVE-2021-32399

CVE-2021-23134

CVE-2021-33909

5.8 - hirsute, focal hwe

seq_file vuln plus, NFC UAF, Bluetooth UAFs, F2FS OOB read

[USN-5017-1] Linux kernel vulnerabilities [05:26]

3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2021-0129

CVE-2020-26558

CVE-2021-33909

5.4 - focal, bionic hwe, oem, aws, azure, gcp, gke etc

seq_file vuln plus a few bluetooth info leaks

[USN-5018-1] Linux kernel vulnerabilities [05:49]

12 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)

CVE-2021-33034

CVE-2021-32399

CVE-2021-31829

CVE-2021-23134

CVE-2021-0129

CVE-2020-26558

CVE-2020-26147

CVE-2020-26139

CVE-2020-24587

CVE-2020-24586

CVE-2021-33200

CVE-2021-33909

4.15 - bionic, xenial hwe, trusty azure

seq_file vuln plus various other fixes from recent kernels - eBPF

privesc, Wifi FRAGATTACKs fixes, bluetooth info leaks and UAFs and NFC

UAF

[LSN-0079-1] Linux kernel vulnerability [06:21]

2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2021-33909

CVE-2021-3600

seq_file vuln plus eBPF codeexec

[USN-5019-1] NVIDIA graphics drivers vulnerabilities [06:43]

3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)

CVE-2021-1095

CVE-2021-1094

CVE-2021-1093

2 DoS - one by triggering an assert(), the other by dereferencing an

untrusted pointer - kernel crash in either case

OOB array access (OOB read) - info leak or crash -> DoS

[USN-5012-1] containerd vulnerabilities [07:23]

1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)

CVE-2021-32760

When extracting a container image, would try and set the

owner/permissions on the resulting extracted files - if these files were

symlinks pointing to existing files on the host then would change perms

of those files instead - fixed to ensure it does not follow symlinks when

applying this permissions changes

[USN-5013-1, USN-5013-2] systemd vulnerabilities [08:00]

2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)

CVE-2020-13529

CVE-2021-33910

When parsing mount paths, would allocate memory for the path on the

stack - if a local attacker can mount a file-system with a very long path

name, would overflow the entire stack memory and cause systemd to crash -

as systemd is PID1 this effectively crashes the whole system

Remote attacker could cause sytemd DHCP client to force assign a

different address and hence could cause a networking DoS against a remote

server on the same network by making it unroutable etc

[USN-4336-2] GNU binutils vulnerabilities [09:12]

147 CVEs addressed in Xenial ESM (16.04 ESM)

CVE-2019-9077

CVE-2019-9075

CVE-2019-9074

CVE-2019-9073

CVE-2019-9071

CVE-2019-9070

CVE-2019-17451

CVE-2019-17450

CVE-2019-14444

CVE-2019-14250

CVE-2019-12972

CVE-2018-9138

CVE-2018-8945

CVE-2018-7643

CVE-2018-7642

CVE-2018-7569

CVE-2018-7568

CVE-2018-7208

CVE-2018-6759

CVE-2018-6543

CVE-2018-6323

CVE-2018-20671

CVE-2018-20623

CVE-2018-20002

CVE-2018-19932

CVE-2018-19931

CVE-2018-18701

CVE-2018-18700

CVE-2018-18607

CVE-2018-18606

CVE-2018-18605

CVE-2018-18484

CVE-2018-18483

CVE-2018-18309

CVE-2018-17985

CVE-2018-17794

CVE-2018-17360

CVE-2018-17359

CVE-2018-17358

CVE-2018-13033

CVE-2018-12934

CVE-2018-12700

CVE-2018-12699

CVE-2018-12698

CVE-2018-12697

CVE-2018-12641

CVE-2018-10535

CVE-2018-10534

CVE-2018-10373

CVE-2018-10372

CVE-2018-1000876

CVE-2017-9954

CVE-2017-9756

CVE-2017-9755

CVE-2017-9754

CVE-2017-9753

CVE-2017-9752

CVE-2017-9751

CVE-2017-9750

CVE-2017-9749

CVE-2017-9748

CVE-2017-9747

CVE-2017-9746

CVE-2017-9745

CVE-2017-9744

CVE-2017-9742

CVE-2017-9044

CVE-2017-9042

CVE-2017-9041

CVE-2017-9040

CVE-2017-9039

CVE-2017-9038

CVE-2017-8421

CVE-2017-8398

CVE-2017-8397

CVE-2017-8396

CVE-2017-8395

CVE-2017-8394

CVE-2017-8393

CVE-2017-7614

CVE-2017-7302

CVE-2017-7301

CVE-2017-7300

CVE-2017-7299

CVE-2017-7227

CVE-2017-7226

CVE-2017-7225

CVE-2017-7224

CVE-2017-7223

CVE-2017-7210

CVE-2017-7209

CVE-2017-6969

CVE-2017-6966

CVE-2017-6965

CVE-2017-17125

CVE-2017-17124

CVE-2017-17123

CVE-2017-17121

CVE-2017-17080

CVE-2017-16832

CVE-2017-16831

CVE-2017-16828

CVE-2017-16827

CVE-2017-16826

CVE-2017-15996

CVE-2017-15939

CVE-2017-15938

CVE-2017-15225

CVE-2017-15025

CVE-2017-15024

CVE-2017-15022

CVE-2017-15021

CVE-2017-15020

CVE-2017-14940

CVE-2017-14939

CVE-2017-14938

CVE-2017-14932

CVE-2017-14930

CVE-2017-14529

CVE-2017-14333

CVE-2017-14130

CVE-2017-14129

CVE-2017-14128

CVE-2017-13710

CVE-2017-12967

CVE-2017-12799

CVE-2017-12459

CVE-2017-12458

CVE-2017-12457

CVE-2017-12456

CVE-2017-12455

CVE-2017-12454

CVE-2017-12453

CVE-2017-12452

CVE-2017-12451

CVE-2017-12450

CVE-2017-12449

CVE-2017-12448

CVE-2016-6131

CVE-2016-4493

CVE-2016-4492

CVE-2016-4491

CVE-2016-4490

CVE-2016-4489

CVE-2016-4488

CVE-2016-4487

CVE-2016-2226

Most CVEs fixed in a single update?

binutils gets a lot of CVEs which are generally low priority -

ie. objdump could crash or get code-exec if run on untrusted input - but

since is installed in a lot of common developer scenarious we often get

requests about these CVEs - even though they are unlikely to actually be

able to be exploited in most scenarios

Thanks to Leo on our team (and Marc for the original backport of a lot of

these patches)

[USN-5020-1] Ruby vulnerabilities [10:24]

3 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)

CVE-2021-32066

CVE-2021-31810

CVE-2021-31799

RCE, port scans / banner extractions, interpose on connections to bypass

TLS

[USN-5021-1] curl vulnerabilities [10:46]

3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)

CVE-2021-22924

CVE-2021-22925

CVE-2021-22898

Failed to initialise data when handling TELNET connections - if these

structures happened to contain sensitive info -> info leak

Could reuse connections from the connection pool in the wrong

circumstances, leading to reusing wrong connection and sending data to

wrong host

[USN-5022-1] MySQL vulnerabilities [11:36]

31 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)

CVE-2021-2441

CVE-2021-2440

CVE-2021-2437

CVE-2021-2429

CVE-2021-2427

CVE-2021-2426

CVE-2021-2425

CVE-2021-2424

CVE-2021-2422

CVE-2021-2418

CVE-2021-2417

CVE-2021-2410

CVE-2021-2402

CVE-2021-2399

CVE-2021-2390

CVE-2021-2389

CVE-2021-2387

CVE-2021-2385

CVE-2021-2384

CVE-2021-2383

CVE-2021-2374

CVE-2021-2372

CVE-2021-2370

CVE-2021-2367

CVE-2021-2357

CVE-2021-2356

CVE-2021-2354

CVE-2021-2352

CVE-2021-2342

CVE-2021-2340

CVE-2021-2339

8.0.26 (focal, hirsute)

5.7.35 (bionic)

[USN-5023-1] Aspell vulnerability [12:00]

1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)

CVE-2019-25051

Heap buffer overflow - fixed to actually validate size before using

Goings on in Ubuntu Security Community

Ubuntu 20.10 Groovy Gorilla EOL [12:25]

as of July 22, 2021, Ubuntu 20.10 is no longer supported.

No more package updates will be accepted to 20.10

Will be archived to old-releases.ubuntu.com in the coming weeks

Upgrade to Hirsute - https://help.ubuntu.com/community/HirsuteUpgrades

https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-July/006117.html

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@ubuntu_sec on twitter

...more

View all episodes

By Ubuntu Security Team

4.8

1010 ratings

July 30, 2021

Episode 124

14 minutes

Overview

It’s another week when too many security updates are never enough as we

cover 240 CVE fixes across Avahi, QEMU, the Linux kernel, containerd,

binutils and more, plus the Ubuntu 20.10 Groovy Gorilla end-of-life.

This week in Ubuntu Security Updates

240 unique CVEs addressed

[USN-5008-1, USN-5008-2] Avahi vulnerabilities [00:36]

2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)

CVE-2021-3502

CVE-2021-3468

2 DoS via local users - first via abusing the Avahi daemon’s unix socket -> hang

second by calling asking the avahi daemon to resolve a crafted domain

name either via the DBus API or the local socket - assert() -> crash

[USN-5006-2] PHP vulnerabilities [01:12]

5 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)

CVE-2021-21705

CVE-2021-21704

CVE-2021-21702

CVE-2020-7071

CVE-2020-7068

Episode 123

[USN-5009-1] libslirp vulnerabilities [01:31]

6 CVEs addressed in Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)

CVE-2021-3595

CVE-2021-3594

CVE-2021-3593

CVE-2021-3592

CVE-2020-29130

CVE-2020-29129

TCP/IP emulation library using by QEMU etc

Info leaks from the host to the guest via buffer over-reads in handling

of various network packet types (UDP etc)

[USN-5010-1] QEMU vulnerabilities [02:07]

21 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)

CVE-2021-3595

CVE-2021-3594

CVE-2021-3593

CVE-2021-3592

CVE-2021-3608

CVE-2021-3607

CVE-2021-3582

CVE-2021-3546

CVE-2021-3545

CVE-2021-3544

CVE-2021-3527

CVE-2021-3416

CVE-2021-3409

CVE-2021-20257

CVE-2021-20221

CVE-2020-35517

CVE-2021-3392

CVE-2020-35505

CVE-2020-35504

CVE-2020-29443

CVE-2020-15469

Usual mix of vulns in emulation of various devices etc - generally allows

a malicious guest to cause QEMU to crash on the host -> DoS

MMIO, ATAPI, SCSI, ARM Generic Interrupt Controller, e1000

Mishandling in virtio-fs shared filesystem daemon allows malicious guest

to read/write host devices

A few others possibly result on code-exec on the host as the QEMU daemon

BUT on Ubuntu QEMU is confined via AppArmor by default so this limits the

possible impact

[LSN-0078-1] Linux kernel vulnerability [03:14]

1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2021-3609

Livepatch for CAN BCM UAF -> arbitrary code exec (Episode 121)

[USN-5014-1] Linux kernel vulnerability [03:49]

1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Hirsute (21.04)

CVE-2021-33909

high priority respin

seq_file vuln - this virt file-system contained an unsigned integer

conversion error - would result in a local user being able to cause an

OOB write and hence possible code-exec in the kernel -> privesc

[USN-5015-1] Linux kernel (OEM) vulnerabilities [04:28]

5 CVEs addressed in Focal (20.04 LTS)

CVE-2021-3587

CVE-2021-3573

CVE-2021-3564

CVE-2021-28691

CVE-2021-33909

5.10 oem

seq_file vuln plus a couple UAF in bluetooth, NULL ptr deref in NFC, UAF

in Xen networking - guest to host crash/code-exec etc

[USN-5016-1] Linux kernel vulnerabilities [04:54]

5 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)

CVE-2021-3506

CVE-2021-33034

CVE-2021-32399

CVE-2021-23134

CVE-2021-33909

5.8 - hirsute, focal hwe

seq_file vuln plus, NFC UAF, Bluetooth UAFs, F2FS OOB read

[USN-5017-1] Linux kernel vulnerabilities [05:26]

3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2021-0129

CVE-2020-26558

CVE-2021-33909

5.4 - focal, bionic hwe, oem, aws, azure, gcp, gke etc

seq_file vuln plus a few bluetooth info leaks

[USN-5018-1] Linux kernel vulnerabilities [05:49]

12 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)

CVE-2021-33034

CVE-2021-32399

CVE-2021-31829

CVE-2021-23134

CVE-2021-0129

CVE-2020-26558

CVE-2020-26147

CVE-2020-26139

CVE-2020-24587

CVE-2020-24586

CVE-2021-33200

CVE-2021-33909

4.15 - bionic, xenial hwe, trusty azure

seq_file vuln plus various other fixes from recent kernels - eBPF

privesc, Wifi FRAGATTACKs fixes, bluetooth info leaks and UAFs and NFC

UAF

[LSN-0079-1] Linux kernel vulnerability [06:21]

2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2021-33909

CVE-2021-3600

seq_file vuln plus eBPF codeexec

[USN-5019-1] NVIDIA graphics drivers vulnerabilities [06:43]

3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)

CVE-2021-1095

CVE-2021-1094

CVE-2021-1093

2 DoS - one by triggering an assert(), the other by dereferencing an

untrusted pointer - kernel crash in either case

OOB array access (OOB read) - info leak or crash -> DoS

[USN-5012-1] containerd vulnerabilities [07:23]

1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)

CVE-2021-32760

When extracting a container image, would try and set the

owner/permissions on the resulting extracted files - if these files were

symlinks pointing to existing files on the host then would change perms

of those files instead - fixed to ensure it does not follow symlinks when

applying this permissions changes

[USN-5013-1, USN-5013-2] systemd vulnerabilities [08:00]

2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)

CVE-2020-13529

CVE-2021-33910

When parsing mount paths, would allocate memory for the path on the

stack - if a local attacker can mount a file-system with a very long path

name, would overflow the entire stack memory and cause systemd to crash -

as systemd is PID1 this effectively crashes the whole system

Remote attacker could cause sytemd DHCP client to force assign a

different address and hence could cause a networking DoS against a remote

server on the same network by making it unroutable etc

[USN-4336-2] GNU binutils vulnerabilities [09:12]

147 CVEs addressed in Xenial ESM (16.04 ESM)

CVE-2019-9077

CVE-2019-9075

CVE-2019-9074

CVE-2019-9073

CVE-2019-9071

CVE-2019-9070

CVE-2019-17451

CVE-2019-17450

CVE-2019-14444

CVE-2019-14250

CVE-2019-12972

CVE-2018-9138

CVE-2018-8945

CVE-2018-7643

CVE-2018-7642

CVE-2018-7569

CVE-2018-7568

CVE-2018-7208

CVE-2018-6759

CVE-2018-6543

CVE-2018-6323

CVE-2018-20671

CVE-2018-20623

CVE-2018-20002

CVE-2018-19932

CVE-2018-19931

CVE-2018-18701

CVE-2018-18700

CVE-2018-18607

CVE-2018-18606

CVE-2018-18605

CVE-2018-18484

CVE-2018-18483

CVE-2018-18309

CVE-2018-17985

CVE-2018-17794

CVE-2018-17360

CVE-2018-17359

CVE-2018-17358

CVE-2018-13033

CVE-2018-12934

CVE-2018-12700

CVE-2018-12699

CVE-2018-12698

CVE-2018-12697

CVE-2018-12641

CVE-2018-10535

CVE-2018-10534

CVE-2018-10373

CVE-2018-10372

CVE-2018-1000876

CVE-2017-9954

CVE-2017-9756

CVE-2017-9755

CVE-2017-9754

CVE-2017-9753

CVE-2017-9752

CVE-2017-9751

CVE-2017-9750

CVE-2017-9749

CVE-2017-9748

CVE-2017-9747

CVE-2017-9746

CVE-2017-9745

CVE-2017-9744

CVE-2017-9742

CVE-2017-9044

CVE-2017-9042

CVE-2017-9041

CVE-2017-9040

CVE-2017-9039

CVE-2017-9038

CVE-2017-8421

CVE-2017-8398

CVE-2017-8397

CVE-2017-8396

CVE-2017-8395

CVE-2017-8394

CVE-2017-8393

CVE-2017-7614

CVE-2017-7302

CVE-2017-7301

CVE-2017-7300

CVE-2017-7299

CVE-2017-7227

CVE-2017-7226

CVE-2017-7225

CVE-2017-7224

CVE-2017-7223

CVE-2017-7210

CVE-2017-7209

CVE-2017-6969

CVE-2017-6966

CVE-2017-6965

CVE-2017-17125

CVE-2017-17124

CVE-2017-17123

CVE-2017-17121

CVE-2017-17080

CVE-2017-16832

CVE-2017-16831

CVE-2017-16828

CVE-2017-16827

CVE-2017-16826

CVE-2017-15996

CVE-2017-15939

CVE-2017-15938

CVE-2017-15225

CVE-2017-15025

CVE-2017-15024

CVE-2017-15022

CVE-2017-15021

CVE-2017-15020

CVE-2017-14940

CVE-2017-14939

CVE-2017-14938

CVE-2017-14932

CVE-2017-14930

CVE-2017-14529

CVE-2017-14333

CVE-2017-14130

CVE-2017-14129

CVE-2017-14128

CVE-2017-13710

CVE-2017-12967

CVE-2017-12799

CVE-2017-12459

CVE-2017-12458

CVE-2017-12457

CVE-2017-12456

CVE-2017-12455

CVE-2017-12454

CVE-2017-12453

CVE-2017-12452

CVE-2017-12451

CVE-2017-12450

CVE-2017-12449

CVE-2017-12448

CVE-2016-6131

CVE-2016-4493

CVE-2016-4492

CVE-2016-4491

CVE-2016-4490

CVE-2016-4489

CVE-2016-4488

CVE-2016-4487

CVE-2016-2226

Most CVEs fixed in a single update?

binutils gets a lot of CVEs which are generally low priority -

ie. objdump could crash or get code-exec if run on untrusted input - but

since is installed in a lot of common developer scenarious we often get

requests about these CVEs - even though they are unlikely to actually be

able to be exploited in most scenarios

Thanks to Leo on our team (and Marc for the original backport of a lot of

these patches)

[USN-5020-1] Ruby vulnerabilities [10:24]

3 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)

CVE-2021-32066

CVE-2021-31810

CVE-2021-31799

RCE, port scans / banner extractions, interpose on connections to bypass

TLS

[USN-5021-1] curl vulnerabilities [10:46]

3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)

CVE-2021-22924

CVE-2021-22925

CVE-2021-22898

Failed to initialise data when handling TELNET connections - if these

structures happened to contain sensitive info -> info leak

Could reuse connections from the connection pool in the wrong

circumstances, leading to reusing wrong connection and sending data to

wrong host

[USN-5022-1] MySQL vulnerabilities [11:36]

31 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)

CVE-2021-2441

CVE-2021-2440

CVE-2021-2437

CVE-2021-2429

CVE-2021-2427

CVE-2021-2426

CVE-2021-2425

CVE-2021-2424

CVE-2021-2422

CVE-2021-2418

CVE-2021-2417

CVE-2021-2410

CVE-2021-2402

CVE-2021-2399

CVE-2021-2390

CVE-2021-2389

CVE-2021-2387

CVE-2021-2385

CVE-2021-2384

CVE-2021-2383

CVE-2021-2374

CVE-2021-2372

CVE-2021-2370

CVE-2021-2367

CVE-2021-2357

CVE-2021-2356

CVE-2021-2354

CVE-2021-2352

CVE-2021-2342

CVE-2021-2340

CVE-2021-2339

8.0.26 (focal, hirsute)

5.7.35 (bionic)

[USN-5023-1] Aspell vulnerability [12:00]

1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)

CVE-2019-25051

Heap buffer overflow - fixed to actually validate size before using

Goings on in Ubuntu Security Community

Ubuntu 20.10 Groovy Gorilla EOL [12:25]

as of July 22, 2021, Ubuntu 20.10 is no longer supported.

No more package updates will be accepted to 20.10

Will be archived to old-releases.ubuntu.com in the coming weeks

Upgrade to Hirsute - https://help.ubuntu.com/community/HirsuteUpgrades

https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-July/006117.html

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@ubuntu_sec on twitter

...more

Share Episode 124

Sign up to save your podcasts

Episode 124

Episode 124