Sign up to save your podcasts
Or
Share Episode 129
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 129
Overview
This week we look at a malware campaign associated with the popular Krita
painting application, plus we cover security updates for MongoDB, libssh,
Squashfs-Tools, Thunderbird and more.
This week in Ubuntu Security Updates
17 unique CVEs addressed
[USN-5037-2] Firefox regression [00:47]
would purge cookies associated with ad trackers etc - but this would then
clear authentication data as well and so would lose your master password
for Lockwise - and hence prompt the re-enter it seemingly randomly.
[USN-5052-1] MongoDB vulnerability [01:31]
their account is then deleted - so if the account is recreated before
they perform some action, the session gets reassociated with the new
account of the same name which may have higher privileges.
[USN-5051-2, USN-5051-3] OpenSSL vulnerability [02:14]
[USN-5053-1] libssh vulnerability [02:42]
could cause crash / RCE on other side
[USN-5055-1] GNOME grilo vulnerability [03:22]
remote media source, an attacker could replace the TLS cert with their
own self-signed one or similar and hence be able to intercept all
encrypted comms - simple change to specify to the underlying network
request library (libsoup) to check TLS certificate when making the
connection
[USN-5056-1] APR vulnerability [04:18]
were within expected range (ie only 12 months in a year but uses a signed
int to represent this)
[USN-5054-1] uWSGI vulnerability [05:38]
represents header name/values and overall length in a uint16_t = so can
only handle up to 16K headers so if more than that would cause an integer
overflow and hence a buffer overread where it would read other memory
instead of the actual request body
[USN-5057-1] Squashfs-Tools vulnerability [06:34]
components - using a crafted mksquashfs could create such an image and
then unsquashfs would happy create that file, outside of the extracted
directory - path traversal vuln
[USN-5058-1] Thunderbird vulnerabilities [08:14]
STARTTLS handshake - PiTM inject content etc - plus various vulns from
Firefox re web rendering etc
[USN-5060-1, USN-5060-2] NTFS-3G vulnerabilities [09:51]
code execution, DoS etc - unlike say EXT4 and other drivers, this is FUSE
so impact is limited to only user-level code execution, not root /
in-kernel
Goings on in Ubuntu Security Community
Krita Ransomware Email Campaign [11:17]
from Krita asking to collaborate on a paid advertising and a link to
download some media pack - proposed videos to show on your youtube
channel etc
“krita.org” domain - looks the same as the real krita.org but is only
just the homepage, other pages have redirects to the real krita.org
(second alarm bell**) .scr is really an exe - and a few vendors on VT
already detects these as malicious - but a lot don’t
creators - seems both krita.app / krita.io now redirect to krita.org and
the mediabank.zip is now longer up either
Hiring [15:50]
Linux Cryptography and Security Engineer
Security Engineer - Ubuntu
Get in contact
View all episodes
By Ubuntu Security Team
4.8
1010 ratings
Overview
This week we look at a malware campaign associated with the popular Krita
painting application, plus we cover security updates for MongoDB, libssh,
Squashfs-Tools, Thunderbird and more.
This week in Ubuntu Security Updates
17 unique CVEs addressed
[USN-5037-2] Firefox regression [00:47]
would purge cookies associated with ad trackers etc - but this would then
clear authentication data as well and so would lose your master password
for Lockwise - and hence prompt the re-enter it seemingly randomly.
[USN-5052-1] MongoDB vulnerability [01:31]
their account is then deleted - so if the account is recreated before
they perform some action, the session gets reassociated with the new
account of the same name which may have higher privileges.
[USN-5051-2, USN-5051-3] OpenSSL vulnerability [02:14]
[USN-5053-1] libssh vulnerability [02:42]
could cause crash / RCE on other side
[USN-5055-1] GNOME grilo vulnerability [03:22]
remote media source, an attacker could replace the TLS cert with their
own self-signed one or similar and hence be able to intercept all
encrypted comms - simple change to specify to the underlying network
request library (libsoup) to check TLS certificate when making the
connection
[USN-5056-1] APR vulnerability [04:18]
were within expected range (ie only 12 months in a year but uses a signed
int to represent this)
[USN-5054-1] uWSGI vulnerability [05:38]
represents header name/values and overall length in a uint16_t = so can
only handle up to 16K headers so if more than that would cause an integer
overflow and hence a buffer overread where it would read other memory
instead of the actual request body
[USN-5057-1] Squashfs-Tools vulnerability [06:34]
components - using a crafted mksquashfs could create such an image and
then unsquashfs would happy create that file, outside of the extracted
directory - path traversal vuln
[USN-5058-1] Thunderbird vulnerabilities [08:14]
STARTTLS handshake - PiTM inject content etc - plus various vulns from
Firefox re web rendering etc
[USN-5060-1, USN-5060-2] NTFS-3G vulnerabilities [09:51]
code execution, DoS etc - unlike say EXT4 and other drivers, this is FUSE
so impact is limited to only user-level code execution, not root /
in-kernel
Goings on in Ubuntu Security Community
Krita Ransomware Email Campaign [11:17]
from Krita asking to collaborate on a paid advertising and a link to
download some media pack - proposed videos to show on your youtube
channel etc
“krita.org” domain - looks the same as the real krita.org but is only
just the homepage, other pages have redirects to the real krita.org
(second alarm bell**) .scr is really an exe - and a few vendors on VT
already detects these as malicious - but a lot don’t
creators - seems both krita.app / krita.io now redirect to krita.org and
the mediabank.zip is now longer up either
Hiring [15:50]
Linux Cryptography and Security Engineer
Security Engineer - Ubuntu
Get in contact