Sign up to save your podcasts
Or
Share Episode 147
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 147
Overview
We’re back after a few weeks off to cover the launch of the Ubuntu Security
Guide for DISA-STIG, plus we detail the latest vulnerabilities and updates
for lxml, PolicyKit, the Linux Kernel, systemd, Samba and more.
This week in Ubuntu Security Updates
100 unique CVEs addressed
[USN-5225-1] lxml vulnerability [00:57]
python packages for parsing XML etc
scripts, special tags, CSS style annotations and more.
could embed scripts via data URIs - code execution as a result -> RCE
[USN-5210-2] Linux kernel regression [02:03]
Secure Encrypted Virtualisation enabled
[USN-5223-1] Apache Log4j 1.2 vulnerability [02:21]
first modify the Log4j config - but can then get code execution - similar
to the original Log4Shell CVE-2021-44228 but not as severe
[USN-5224-2] Ghostscript vulnerabilities [02:57]
[USN-5227-1, USN-5227-2] Pillow vulnerabilities [03:06]
[USN-5229-1] Firefox vulnerabilities [03:27]
UI, bypass security / content restrictions, info leak, RCE
[USN-5233-1, USN-5233-2] ClamAV vulnerability [03:59]
handling OOXML files - remote attacker could supply an input file which
could trigger this -> crash
[USN-5235-1] Ruby vulnerabilities [04:24]
[USN-5234-1] Byobu vulnerability [04:25]
possibly contain private info
[USN-5240-1] Linux kernel vulnerability [05:09]
possible code execution -> requires root privileges to trigger BUT can
also be done from a user namespace - ie where a local user can masquerade
as root
[LSN-0084-1] Linux kernel vulnerability
[USN-5242-1] Open vSwitch vulnerability [06:16]
versions of Open vSwitch so LTS releases etc not affected
[USN-5243-1, USN-5243-2] AIDE vulnerability [06:34]
when handling XFS extended attributes or tmpfs ACLs - local privesc
[USN-5246-1] Thunderbird vulnerabilities [07:21]
could exploit some other vuln to then be able to inject content into
the composition window could get code execution
message even if was contained in another signed message - so would show
whole message as valid
[USN-5248-1] Thunderbird vulnerabilities
[USN-5249-1] USBView vulnerability [08:52]
could allow a local user to execute arbitrary code by causing USBView to
load other modules
[USN-5250-1] strongSwan vulnerability [09:59]
[USN-5252-1, USN-5252-2] PolicyKit vulnerability [10:06]
the name of the application and arguments follow that - BUT this is only
a convention - can fork/exec another binary and specify NULL argv
valid argv array - generally env follows argv - so would process env as
argv
it’s own argv when processing arguments - so ends up modifying env - with
a crafted env input can trick pkexec to modify it’s own env to then
inject say a malicious LD_PRELOAD value to cause arbitrary code to be
executed as root
[USN-5226-1] systemd vulnerability [13:50]
deeply nested directory structure, cause systemd-tmpfiles to overflow
it’s own stack by recursively calling the same function over and over
again -> crash -> DoS
[USN-5193-2] X.Org X Server vulnerabilities [14:58]
[USN-5247-1] Vim vulnerabilities [15:07]
code execution
[USN-5254-1] shadow vulnerabilities [15:54]
[USN-5255-1] WebKitGTK vulnerabilities [16:03]
[USN-5257-1] ldns vulnerabilities [16:18]
[USN-5260-1, USN-5260-2] Samba vulnerabilities [16:19]
modify a files xattrs but this is common in lots of envs
[USN-5259-1] Cron vulnerabilities [17:01]
Goings on in Ubuntu Security Community
Ubuntu Security Guide tooling released for DISA-STIG compliance [17:11]
DISA-STIG is a U.S. Department of Defense security configuration standard
consisting of configuration guidelines for hardening systems to improve a
system’s security posture.
It can be seen as a checklist for securing protocols, services, or
servers to improve the overall security by reducing the attack
surface.
The Ubuntu Security Guide (USG) brings simplicity by integrating the
experience of several teams working on compliance. It enables the audit,
fixing, and customisation of a system while enabling a system-wide
configuration for compliance, making management by diverse people in a
DevOps team significantly easier.
The DISA-STIG automated configuration tooling for Ubuntu 20.04 LTS is
available with Ubuntu Advantage subscriptions and Ubuntu Pro, alongside
additional open source security and support services.
https://ubuntu.com/blog/ubuntu-introduces-the-ubuntu-security-guide-to-ease-disa-stig-compliance
https://ubuntu.com/advantage
Get in contact
View all episodes
By Ubuntu Security Team
4.8
1010 ratings
Overview
We’re back after a few weeks off to cover the launch of the Ubuntu Security
Guide for DISA-STIG, plus we detail the latest vulnerabilities and updates
for lxml, PolicyKit, the Linux Kernel, systemd, Samba and more.
This week in Ubuntu Security Updates
100 unique CVEs addressed
[USN-5225-1] lxml vulnerability [00:57]
python packages for parsing XML etc
scripts, special tags, CSS style annotations and more.
could embed scripts via data URIs - code execution as a result -> RCE
[USN-5210-2] Linux kernel regression [02:03]
Secure Encrypted Virtualisation enabled
[USN-5223-1] Apache Log4j 1.2 vulnerability [02:21]
first modify the Log4j config - but can then get code execution - similar
to the original Log4Shell CVE-2021-44228 but not as severe
[USN-5224-2] Ghostscript vulnerabilities [02:57]
[USN-5227-1, USN-5227-2] Pillow vulnerabilities [03:06]
[USN-5229-1] Firefox vulnerabilities [03:27]
UI, bypass security / content restrictions, info leak, RCE
[USN-5233-1, USN-5233-2] ClamAV vulnerability [03:59]
handling OOXML files - remote attacker could supply an input file which
could trigger this -> crash
[USN-5235-1] Ruby vulnerabilities [04:24]
[USN-5234-1] Byobu vulnerability [04:25]
possibly contain private info
[USN-5240-1] Linux kernel vulnerability [05:09]
possible code execution -> requires root privileges to trigger BUT can
also be done from a user namespace - ie where a local user can masquerade
as root
[LSN-0084-1] Linux kernel vulnerability
[USN-5242-1] Open vSwitch vulnerability [06:16]
versions of Open vSwitch so LTS releases etc not affected
[USN-5243-1, USN-5243-2] AIDE vulnerability [06:34]
when handling XFS extended attributes or tmpfs ACLs - local privesc
[USN-5246-1] Thunderbird vulnerabilities [07:21]
could exploit some other vuln to then be able to inject content into
the composition window could get code execution
message even if was contained in another signed message - so would show
whole message as valid
[USN-5248-1] Thunderbird vulnerabilities
[USN-5249-1] USBView vulnerability [08:52]
could allow a local user to execute arbitrary code by causing USBView to
load other modules
[USN-5250-1] strongSwan vulnerability [09:59]
[USN-5252-1, USN-5252-2] PolicyKit vulnerability [10:06]
the name of the application and arguments follow that - BUT this is only
a convention - can fork/exec another binary and specify NULL argv
valid argv array - generally env follows argv - so would process env as
argv
it’s own argv when processing arguments - so ends up modifying env - with
a crafted env input can trick pkexec to modify it’s own env to then
inject say a malicious LD_PRELOAD value to cause arbitrary code to be
executed as root
[USN-5226-1] systemd vulnerability [13:50]
deeply nested directory structure, cause systemd-tmpfiles to overflow
it’s own stack by recursively calling the same function over and over
again -> crash -> DoS
[USN-5193-2] X.Org X Server vulnerabilities [14:58]
[USN-5247-1] Vim vulnerabilities [15:07]
code execution
[USN-5254-1] shadow vulnerabilities [15:54]
[USN-5255-1] WebKitGTK vulnerabilities [16:03]
[USN-5257-1] ldns vulnerabilities [16:18]
[USN-5260-1, USN-5260-2] Samba vulnerabilities [16:19]
modify a files xattrs but this is common in lots of envs
[USN-5259-1] Cron vulnerabilities [17:01]
Goings on in Ubuntu Security Community
Ubuntu Security Guide tooling released for DISA-STIG compliance [17:11]
DISA-STIG is a U.S. Department of Defense security configuration standard
consisting of configuration guidelines for hardening systems to improve a
system’s security posture.
It can be seen as a checklist for securing protocols, services, or
servers to improve the overall security by reducing the attack
surface.
The Ubuntu Security Guide (USG) brings simplicity by integrating the
experience of several teams working on compliance. It enables the audit,
fixing, and customisation of a system while enabling a system-wide
configuration for compliance, making management by diverse people in a
DevOps team significantly easier.
The DISA-STIG automated configuration tooling for Ubuntu 20.04 LTS is
available with Ubuntu Advantage subscriptions and Ubuntu Pro, alongside
additional open source security and support services.
https://ubuntu.com/blog/ubuntu-introduces-the-ubuntu-security-guide-to-ease-disa-stig-compliance
https://ubuntu.com/advantage
Get in contact