February 11, 2022

Episode 148

1 hour

Overview

It’s main vs universe as we take a deep dive into the Ubuntu archive and

look at these components plus what goes into each and how the security team

goes about reviewing software destined for main, plus we cover security

updates for Django, BlueZ, NVIDIA Graphics Drivers and more.

This week in Ubuntu Security Updates

53 unique CVEs addressed

[USN-5265-1] Linux kernel vulnerabilities [01:19]

10 CVEs addressed in Focal (20.04 LTS), Impish (21.10)

CVE-2021-42739

CVE-2021-42327

CVE-2021-4202

CVE-2021-4093

CVE-2021-4090

CVE-2021-4001

CVE-2021-3772

CVE-2021-3752

CVE-2021-3640

CVE-2020-27820

5.13 impish + focal hwe + 5.11 focal cloud kernel (gcp/aws/oracle/azure)

[USN-5266-1] Linux kernel (GKE) vulnerabilities

2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2021-42739

CVE-2021-22600

5.4 gke

[USN-5267-1] Linux kernel vulnerabilities

3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2021-42739

CVE-2021-3752

CVE-2021-3640

5.4 focal + bionic hwe

[USN-5268-1] Linux kernel vulnerabilities

4 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)

CVE-2021-42739

CVE-2021-3752

CVE-2021-3640

CVE-2021-20322

4.15 bionic + 16.04 hwe + 14.04 azure

[USN-5260-3] Samba vulnerability [02:29]

1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)

CVE-2021-44142

Episode 147 - vfs_fruit RCE

[USN-5269-1, USN-5269-2] Django vulnerabilities [03:00]

2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10)

CVE-2022-23833

CVE-2022-22818

XSS via incorrect handling of the {% debug %} template tag - failed to

properly encode the current context

Possible infinite loop when parsing multipart forms as used when doing

file uploads

[USN-5270-1, USN-5270-2] MySQL vulnerabilities [03:38]

26 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10)

CVE-2022-21379

CVE-2022-21378

CVE-2022-21374

CVE-2022-21372

CVE-2022-21370

CVE-2022-21368

CVE-2022-21367

CVE-2022-21362

CVE-2022-21358

CVE-2022-21351

CVE-2022-21348

CVE-2022-21344

CVE-2022-21342

CVE-2022-21339

CVE-2022-21304

CVE-2022-21303

CVE-2022-21302

CVE-2022-21301

CVE-2022-21270

CVE-2022-21265

CVE-2022-21264

CVE-2022-21256

CVE-2022-21254

CVE-2022-21253

CVE-2022-21249

CVE-2022-21245

6 CVEs addressed in Xenial ESM (16.04 ESM)

CVE-2022-21367

CVE-2022-21344

CVE-2022-21304

CVE-2022-21303

CVE-2022-21270

CVE-2022-21245

8.0.23 for Ubuntu 20.04 LTS and 21.10

5.7.37 for Ubuntu 18.04 LTS and Ubuntu 16.04 ESM

[USN-5030-2] Perl DBI module vulnerabilities [04:11]

2 CVEs addressed in Xenial ESM (16.04 ESM)

CVE-2020-14393

CVE-2014-10402

Episode 125

[USN-5262-1] GPT fdisk vulnerabilities

2 CVEs addressed in Xenial ESM (16.04 ESM)

CVE-2021-0308

CVE-2020-0256

[USN-5264-1] Graphviz vulnerabilities

3 CVEs addressed in Xenial ESM (16.04 ESM)

CVE-2020-18032

CVE-2019-11023

CVE-2018-10196

[USN-5275-1] BlueZ vulnerability [04:25]

1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10)

CVE-2022-0204

Heap buffer overflow in gatt-server implementation since failed to check

lengths of incoming packets - could allow a remote attacker to DoS or RCE

[USN-4754-5] Python vulnerability [04:53]

2 CVEs addressed in Trusty ESM (14.04 ESM)

CVE-2020-27619

CVE-2021-3177

Reinstate fix for CVE-2021-3177 which was previously removed due to a

regression

[USN-5276-1] NVIDIA graphics drivers vulnerabilities [05:15]

2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10)

CVE-2022-21814

CVE-2022-21813

Various issues around handling of permissions within the kernel - could

allow a local user to write to protected memory in the kernel and DoS

machine

[USN-5267-2] Linux kernel regression [05:52]

3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2021-42739

CVE-2021-3752

CVE-2021-3640

5.4 focal + bionic hwe

Inadvertent DoS when accessing CIFS shares - kernel hang - fixed by

reverting various CIFS related patches

Goings on in Ubuntu Security Community

Main vs Universe with Camila

Camila discusses the different software repository components in Ubuntu -

what they are, how they compare and what you can expect to find in each,

as well as the process for moving packages from universe to main to be

supported by Canonical, in particular focusing on the security team’s

role in performing security audits of each software package along the

way.

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@ubuntu_sec on twitter

...more

View all episodes

By Ubuntu Security Team

4.8

1010 ratings

February 11, 2022

Episode 148

1 hour

Overview

It’s main vs universe as we take a deep dive into the Ubuntu archive and

look at these components plus what goes into each and how the security team

goes about reviewing software destined for main, plus we cover security

updates for Django, BlueZ, NVIDIA Graphics Drivers and more.

This week in Ubuntu Security Updates

53 unique CVEs addressed

[USN-5265-1] Linux kernel vulnerabilities [01:19]

10 CVEs addressed in Focal (20.04 LTS), Impish (21.10)

CVE-2021-42739

CVE-2021-42327

CVE-2021-4202

CVE-2021-4093

CVE-2021-4090

CVE-2021-4001

CVE-2021-3772

CVE-2021-3752

CVE-2021-3640

CVE-2020-27820

5.13 impish + focal hwe + 5.11 focal cloud kernel (gcp/aws/oracle/azure)

[USN-5266-1] Linux kernel (GKE) vulnerabilities

2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2021-42739

CVE-2021-22600

5.4 gke

[USN-5267-1] Linux kernel vulnerabilities

3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2021-42739

CVE-2021-3752

CVE-2021-3640

5.4 focal + bionic hwe

[USN-5268-1] Linux kernel vulnerabilities

4 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)

CVE-2021-42739

CVE-2021-3752

CVE-2021-3640

CVE-2021-20322

4.15 bionic + 16.04 hwe + 14.04 azure

[USN-5260-3] Samba vulnerability [02:29]

1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)

CVE-2021-44142

Episode 147 - vfs_fruit RCE

[USN-5269-1, USN-5269-2] Django vulnerabilities [03:00]

2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10)

CVE-2022-23833

CVE-2022-22818

XSS via incorrect handling of the {% debug %} template tag - failed to

properly encode the current context

Possible infinite loop when parsing multipart forms as used when doing

file uploads

[USN-5270-1, USN-5270-2] MySQL vulnerabilities [03:38]

26 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10)

CVE-2022-21379

CVE-2022-21378

CVE-2022-21374

CVE-2022-21372

CVE-2022-21370

CVE-2022-21368

CVE-2022-21367

CVE-2022-21362

CVE-2022-21358

CVE-2022-21351

CVE-2022-21348

CVE-2022-21344

CVE-2022-21342

CVE-2022-21339

CVE-2022-21304

CVE-2022-21303

CVE-2022-21302

CVE-2022-21301

CVE-2022-21270

CVE-2022-21265

CVE-2022-21264

CVE-2022-21256

CVE-2022-21254

CVE-2022-21253

CVE-2022-21249

CVE-2022-21245

6 CVEs addressed in Xenial ESM (16.04 ESM)

CVE-2022-21367

CVE-2022-21344

CVE-2022-21304

CVE-2022-21303

CVE-2022-21270

CVE-2022-21245

8.0.23 for Ubuntu 20.04 LTS and 21.10

5.7.37 for Ubuntu 18.04 LTS and Ubuntu 16.04 ESM

[USN-5030-2] Perl DBI module vulnerabilities [04:11]

2 CVEs addressed in Xenial ESM (16.04 ESM)

CVE-2020-14393

CVE-2014-10402

Episode 125

[USN-5262-1] GPT fdisk vulnerabilities

2 CVEs addressed in Xenial ESM (16.04 ESM)

CVE-2021-0308

CVE-2020-0256

[USN-5264-1] Graphviz vulnerabilities

3 CVEs addressed in Xenial ESM (16.04 ESM)

CVE-2020-18032

CVE-2019-11023

CVE-2018-10196

[USN-5275-1] BlueZ vulnerability [04:25]

1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10)

CVE-2022-0204

Heap buffer overflow in gatt-server implementation since failed to check

lengths of incoming packets - could allow a remote attacker to DoS or RCE

[USN-4754-5] Python vulnerability [04:53]

2 CVEs addressed in Trusty ESM (14.04 ESM)

CVE-2020-27619

CVE-2021-3177

Reinstate fix for CVE-2021-3177 which was previously removed due to a

regression

[USN-5276-1] NVIDIA graphics drivers vulnerabilities [05:15]

2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10)

CVE-2022-21814

CVE-2022-21813

Various issues around handling of permissions within the kernel - could

allow a local user to write to protected memory in the kernel and DoS

machine

[USN-5267-2] Linux kernel regression [05:52]

3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2021-42739

CVE-2021-3752

CVE-2021-3640

5.4 focal + bionic hwe

Inadvertent DoS when accessing CIFS shares - kernel hang - fixed by

reverting various CIFS related patches

Goings on in Ubuntu Security Community

Main vs Universe with Camila

Camila discusses the different software repository components in Ubuntu -

what they are, how they compare and what you can expect to find in each,

as well as the process for moving packages from universe to main to be

supported by Canonical, in particular focusing on the security team’s

role in performing security audits of each software package along the

way.

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@ubuntu_sec on twitter

...more

Share Episode 148

Sign up to save your podcasts

Episode 148

Episode 148