August 20, 2021

Episode 127

10 minutes

Overview

This week we look at security updates for Firefox, PostgreSQL, MariaDB,

HAProxy, the Linux kernel and more, plus we cover some current openings on

the team - come join us ☺

This week in Ubuntu Security Updates

35 unique CVEs addressed

[USN-5037-1] Firefox vulnerabilities [00:39]

10 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)

CVE-2021-29990

CVE-2021-29989

CVE-2021-29988

CVE-2021-29987

CVE-2021-29986

CVE-2021-29985

CVE-2021-29984

CVE-2021-29982

CVE-2021-29981

CVE-2021-29980

91.0

Better support for clearing cookies to stop possible hidden data leaks as part of the Total Cookie Protection

Private browsing to use attempt HTTPS by default than fallback to HTTP

Various security fixes:

race condition on DNS resolution specific to Linux -> memory

corruption -> crash / RCE

also specific to Linux - subsequent permissions dialogs would accept

input in the location of the original one - so could possibly trick a

user into accepting a permission without their direct knowledge

various other memory corruption issues in JIT etc

[USN-3809-2] OpenSSH regression [02:54]

2 CVEs addressed in Bionic (18.04 LTS)

CVE-2016-10708

CVE-2018-15473

Episode 11 - possible user enumeration since as a result of patching

CVE-2018-15473 the behaviour when trying to log in changed depending on

whether the specific user account existed or not - due to a mistake made

when backporting the upstream patch

[USN-5038-1] PostgreSQL vulnerabilities [03:38]

2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)

CVE-2021-3449

CVE-2021-3677

2 possible remote crasher bugs - one through just sending a crafted TLS

ClientHello message -> NULL ptr deref -> crash, the other via the planner

which is used to try and optimise SQL queries - possible OOB read

[USN-5022-2] MariaDB vulnerabilities [04:19]

2 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04)

CVE-2021-2389

CVE-2021-2372

Episode 124 in MySQL - only 2 of these also were relevant to MariaDB

Like MySQL, update to latest point release in each series - 10.5.12 for

hirsute, 10.3.31 for focal - includes both bug and security fixes

[USN-5042-1] HAProxy vulnerabilities [05:07]

Affecting Focal (20.04 LTS), Hirsute (21.04)

HTTP/2 handling issues in HAProxy

Researchers investigated HTTP/2 handling in various gateway / proxies and

found multiple issues - HTTP/2 desync attacks - allow to possibly hijack

clients, poison caches, and steal credentials

Initially HAProxy upstream thought they were safe but then found after

more analysis they were vulnerable to a few of the possible issues

Can be mitigated by disabling HTTP/2 or just install these updates :)

[USN-5043-1] Exiv2 vulnerabilities [06:04]

11 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)

CVE-2021-37623

CVE-2021-37621

CVE-2021-37619

CVE-2021-37618

CVE-2021-37616

CVE-2021-37615

CVE-2021-34335

CVE-2021-37622

CVE-2021-37620

CVE-2021-34334

CVE-2021-32815

Slew of issues discovered by Kevin Backhouse from Github security team

C++ - so usual mix of issues - OOB read, NULL ptr deref, floating point

exception (div/0), infinte loop, assertion failure - all DoS

[USN-5039-1] Linux kernel vulnerability [06:49]

1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)

CVE-2021-22555

netfilter setsockopt()

[LSN-0080-1] Linux kernel vulnerability [07:08]

1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2021-22555

[USN-5044-1] Linux kernel vulnerabilities [07:39]

3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)

CVE-2021-3587

CVE-2021-3573

CVE-2021-3564

4.15 bionic + ESM HWE

2 bluetooth UAF and 1 NFC NULL ptr deref

[USN-5045-1] Linux kernel vulnerabilities [08:06]

4 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2021-3587

CVE-2021-3573

CVE-2021-3564

CVE-2021-34693

5.4 focal + bionic hwe

same as above plus CAN BCM uninitialised memory - info leak to local

attacker

[USN-5046-1] Linux kernel vulnerabilities [08:31]

6 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04)

CVE-2021-3587

CVE-2021-3573

CVE-2021-3564

CVE-2021-28691

CVE-2021-0129

CVE-2020-26558

5.11 hirsute + focal hwe

bluetooth UAF, NFC NULL ptr deref, access control issue in bluetooth -

could allow a local attacker in range to expose info, xen PV issue -

attacker in guest could DoS/RCE on host

Goings on in Ubuntu Security Community

Hiring [09:10]

Linux Cryptography and Security Engineer

https://canonical.com/careers/2612092/linux-cryptography-and-security-engineer-remote

Security Engineer - Ubuntu

https://canonical.com/careers/2925180/security-engineer-ubuntu-remote

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@ubuntu_sec on twitter

...more

View all episodes

By Ubuntu Security Team

4.8

1010 ratings

August 20, 2021

Episode 127

10 minutes

Overview

This week we look at security updates for Firefox, PostgreSQL, MariaDB,

HAProxy, the Linux kernel and more, plus we cover some current openings on

the team - come join us ☺

This week in Ubuntu Security Updates

35 unique CVEs addressed

[USN-5037-1] Firefox vulnerabilities [00:39]

10 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)

CVE-2021-29990

CVE-2021-29989

CVE-2021-29988

CVE-2021-29987

CVE-2021-29986

CVE-2021-29985

CVE-2021-29984

CVE-2021-29982

CVE-2021-29981

CVE-2021-29980

91.0

Better support for clearing cookies to stop possible hidden data leaks as part of the Total Cookie Protection

Private browsing to use attempt HTTPS by default than fallback to HTTP

Various security fixes:

race condition on DNS resolution specific to Linux -> memory

corruption -> crash / RCE

also specific to Linux - subsequent permissions dialogs would accept

input in the location of the original one - so could possibly trick a

user into accepting a permission without their direct knowledge

various other memory corruption issues in JIT etc

[USN-3809-2] OpenSSH regression [02:54]

2 CVEs addressed in Bionic (18.04 LTS)

CVE-2016-10708

CVE-2018-15473

Episode 11 - possible user enumeration since as a result of patching

CVE-2018-15473 the behaviour when trying to log in changed depending on

whether the specific user account existed or not - due to a mistake made

when backporting the upstream patch

[USN-5038-1] PostgreSQL vulnerabilities [03:38]

2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)

CVE-2021-3449

CVE-2021-3677

2 possible remote crasher bugs - one through just sending a crafted TLS

ClientHello message -> NULL ptr deref -> crash, the other via the planner

which is used to try and optimise SQL queries - possible OOB read

[USN-5022-2] MariaDB vulnerabilities [04:19]

2 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04)

CVE-2021-2389

CVE-2021-2372

Episode 124 in MySQL - only 2 of these also were relevant to MariaDB

Like MySQL, update to latest point release in each series - 10.5.12 for

hirsute, 10.3.31 for focal - includes both bug and security fixes

[USN-5042-1] HAProxy vulnerabilities [05:07]

Affecting Focal (20.04 LTS), Hirsute (21.04)

HTTP/2 handling issues in HAProxy

Researchers investigated HTTP/2 handling in various gateway / proxies and

found multiple issues - HTTP/2 desync attacks - allow to possibly hijack

clients, poison caches, and steal credentials

Initially HAProxy upstream thought they were safe but then found after

more analysis they were vulnerable to a few of the possible issues

Can be mitigated by disabling HTTP/2 or just install these updates :)

[USN-5043-1] Exiv2 vulnerabilities [06:04]

11 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)

CVE-2021-37623

CVE-2021-37621

CVE-2021-37619

CVE-2021-37618

CVE-2021-37616

CVE-2021-37615

CVE-2021-34335

CVE-2021-37622

CVE-2021-37620

CVE-2021-34334

CVE-2021-32815

Slew of issues discovered by Kevin Backhouse from Github security team

C++ - so usual mix of issues - OOB read, NULL ptr deref, floating point

exception (div/0), infinte loop, assertion failure - all DoS

[USN-5039-1] Linux kernel vulnerability [06:49]

1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)

CVE-2021-22555

netfilter setsockopt()

[LSN-0080-1] Linux kernel vulnerability [07:08]

1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2021-22555

[USN-5044-1] Linux kernel vulnerabilities [07:39]

3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)

CVE-2021-3587

CVE-2021-3573

CVE-2021-3564

4.15 bionic + ESM HWE

2 bluetooth UAF and 1 NFC NULL ptr deref

[USN-5045-1] Linux kernel vulnerabilities [08:06]

4 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2021-3587

CVE-2021-3573

CVE-2021-3564

CVE-2021-34693

5.4 focal + bionic hwe

same as above plus CAN BCM uninitialised memory - info leak to local

attacker

[USN-5046-1] Linux kernel vulnerabilities [08:31]

6 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04)

CVE-2021-3587

CVE-2021-3573

CVE-2021-3564

CVE-2021-28691

CVE-2021-0129

CVE-2020-26558

5.11 hirsute + focal hwe

bluetooth UAF, NFC NULL ptr deref, access control issue in bluetooth -

could allow a local attacker in range to expose info, xen PV issue -

attacker in guest could DoS/RCE on host

Goings on in Ubuntu Security Community

Hiring [09:10]

Linux Cryptography and Security Engineer

https://canonical.com/careers/2612092/linux-cryptography-and-security-engineer-remote

Security Engineer - Ubuntu

https://canonical.com/careers/2925180/security-engineer-ubuntu-remote

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@ubuntu_sec on twitter

...more

Share Episode 127

Sign up to save your podcasts

Episode 127

Episode 127