November 12, 2021

Episode 137

7 minutes

Overview

This week we look at some details of the 29 unique CVEs addressed across

the supported Ubuntu releases in the past 7 days and more.

This week in Ubuntu Security Updates

29 unique CVEs addressed

[USN-5131-1] Firefox vulnerabilities [00:42]

6 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)

CVE-2021-38509

CVE-2021-38508

CVE-2021-38507

CVE-2021-38506

CVE-2021-38504

CVE-2021-38503

94.0

Copy image link - copies final image URL after redirects - if a page

were to then combine this with a content security policy which blocked

a redirect, the image URL may then contain any authentication tokens -

and so if a page could trick a user into copying and pasting that image

URL into the page an attacker could steal their auth token

Various web framework issues

[USN-5132-1] Thunderbird vulnerabilities [01:56]

6 CVEs addressed in Impish (21.10)

CVE-2021-38501

CVE-2021-38500

CVE-2021-38498

CVE-2021-38497

CVE-2021-38496

CVE-2021-32810

91.2.1

Usual web framework issues

[USN-5133-1] ICU vulnerability [02:17]

1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)

CVE-2020-21913

unicode handling library

UAF - could be triggered if was packaging the ICU data with malicious

input -> crash / RCU

[USN-5135-1] Linux kernel vulnerability [02:43]

1 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)

CVE-2021-3759

impish (5.13), hirsute (5.11), focal hwe (5.11)

IPC memory objects not properly accounted for in memcg - could allow to

bypass limits and cause DoS

[USN-5130-1] Linux kernel vulnerabilities [03:24]

2 CVEs addressed in Trusty ESM (14.04 ESM)

CVE-2020-29660

CVE-2020-29661

3.13

2 vulns courtesy of Jann Horn (GPZ) - in tty subsystem - lock order

issues - UAF - DoS/privesc (Episode 106)

[USN-5136-1] Linux kernel vulnerabilities [04:06]

9 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)

CVE-2021-42252

CVE-2021-38199

CVE-2021-3759

CVE-2021-3753

CVE-2021-3743

CVE-2021-3655

CVE-2020-36385

CVE-2020-36322

CVE-2019-19449

4.15 (bionic, xenial hwe, trusty azure)

IPC memory object leak plus various other vulns from Episode 136

[USN-5137-1] Linux kernel vulnerabilities [04:48]

10 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2021-42252

CVE-2021-3759

CVE-2021-3753

CVE-2021-3743

CVE-2021-3739

CVE-2021-35477

CVE-2021-34556

CVE-2021-3428

CVE-2020-36385

CVE-2019-19449

5.4 (focal, bionic hwe)

[USN-5134-1] Docker vulnerability [04:50]

1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)

CVE-2021-41092

If was using a private registry for docker login but also had configured

credsStore and credsHelper in ~/.docker/config.json and these were not

able to be executed (ie. execute bit not set or not in $PATH), then creds

would get sent to the public docker registry rather than the configured

private registry.

Goings on in Ubuntu Security Community

Hiring [06:00]

Security - Product Manager

HOME BASED - EMEA (Europe, Middle East, Africa)

Role includes:

guiding the evolution of security offerings from Canonical and Ubuntu

driving compliance and certification of Ubuntu

engaging with the open source security community

telling the story of Canonical’s work to deliver secure platforms

https://canonical.com/careers/2278145/security-product-manager-remote

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@ubuntu_sec on twitter

...more

View all episodes

By Ubuntu Security Team

4.8

1010 ratings

November 12, 2021

Episode 137

7 minutes

Overview

This week we look at some details of the 29 unique CVEs addressed across

the supported Ubuntu releases in the past 7 days and more.

This week in Ubuntu Security Updates

29 unique CVEs addressed

[USN-5131-1] Firefox vulnerabilities [00:42]

6 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)

CVE-2021-38509

CVE-2021-38508

CVE-2021-38507

CVE-2021-38506

CVE-2021-38504

CVE-2021-38503

94.0

Copy image link - copies final image URL after redirects - if a page

were to then combine this with a content security policy which blocked

a redirect, the image URL may then contain any authentication tokens -

and so if a page could trick a user into copying and pasting that image

URL into the page an attacker could steal their auth token

Various web framework issues

[USN-5132-1] Thunderbird vulnerabilities [01:56]

6 CVEs addressed in Impish (21.10)

CVE-2021-38501

CVE-2021-38500

CVE-2021-38498

CVE-2021-38497

CVE-2021-38496

CVE-2021-32810

91.2.1

Usual web framework issues

[USN-5133-1] ICU vulnerability [02:17]

1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)

CVE-2020-21913

unicode handling library

UAF - could be triggered if was packaging the ICU data with malicious

input -> crash / RCU

[USN-5135-1] Linux kernel vulnerability [02:43]

1 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)

CVE-2021-3759

impish (5.13), hirsute (5.11), focal hwe (5.11)

IPC memory objects not properly accounted for in memcg - could allow to

bypass limits and cause DoS

[USN-5130-1] Linux kernel vulnerabilities [03:24]

2 CVEs addressed in Trusty ESM (14.04 ESM)

CVE-2020-29660

CVE-2020-29661

3.13

2 vulns courtesy of Jann Horn (GPZ) - in tty subsystem - lock order

issues - UAF - DoS/privesc (Episode 106)

[USN-5136-1] Linux kernel vulnerabilities [04:06]

9 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)

CVE-2021-42252

CVE-2021-38199

CVE-2021-3759

CVE-2021-3753

CVE-2021-3743

CVE-2021-3655

CVE-2020-36385

CVE-2020-36322

CVE-2019-19449

4.15 (bionic, xenial hwe, trusty azure)

IPC memory object leak plus various other vulns from Episode 136

[USN-5137-1] Linux kernel vulnerabilities [04:48]

10 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2021-42252

CVE-2021-3759

CVE-2021-3753

CVE-2021-3743

CVE-2021-3739

CVE-2021-35477

CVE-2021-34556

CVE-2021-3428

CVE-2020-36385

CVE-2019-19449

5.4 (focal, bionic hwe)

[USN-5134-1] Docker vulnerability [04:50]

1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)

CVE-2021-41092

If was using a private registry for docker login but also had configured

credsStore and credsHelper in ~/.docker/config.json and these were not

able to be executed (ie. execute bit not set or not in $PATH), then creds

would get sent to the public docker registry rather than the configured

private registry.

Goings on in Ubuntu Security Community

Hiring [06:00]

Security - Product Manager

HOME BASED - EMEA (Europe, Middle East, Africa)

Role includes:

guiding the evolution of security offerings from Canonical and Ubuntu

driving compliance and certification of Ubuntu

engaging with the open source security community

telling the story of Canonical’s work to deliver secure platforms

https://canonical.com/careers/2278145/security-product-manager-remote

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@ubuntu_sec on twitter

...more

Share Episode 137

Sign up to save your podcasts

Episode 137

Episode 137