Sign up to save your podcasts
Or
Share Episode 162
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 162
Overview
This week we cover security updates for dpkg, logrotate, GnuPG, CUPS,
InfluxDB and more, plus we take a quick look at some open positions on the
team - come join us!
This week in Ubuntu Security Updates
31 unique CVEs addressed
[USN-5446-1, USN-5446-2] dpkg vulnerability [00:42]
is crafted to contain a symlink which pointed to a file outside of the
source code, then when unpacking debian it will follow that symlink and
hence would overwrite arbitrary files outside the source directory
[USN-5447-1] logrotate vulnerability [02:58]
each instance locks this file as a mutex mechanism
which allows unprivileged users to take the lock on this file
-> DoS
[USN-5402-2] OpenSSL vulnerabilities [04:13]
[USN-5448-1] ncurses vulnerabilities [04:21]
via fuzzing and are stack buffer overflows - these are generally
mitigated via stack-protector, others are NULL ptr deref, but again same
outcome (crash -> DoS)
[USN-5449-1] libXv vulnerability [04:58]
response -> crash -> DoS
[USN-5431-1] GnuPG vulnerability [04:24]
signatures, GnuPG will take an inordinate amount of time to process these
when downloading the key from the keyserver -> DoS
thereby attaching another signature to it on the SKS keyserver network
keyserver network does - 150k)
signatures to it
then proceed to validate them all
cert
fallback to only import self-signatures on large keyblocks
[USN-5452-1] NTFS-3G vulnerability [07:55]
metadata - if could trick a user into running it on an untrusted
filesystem image could then possibly get code execution
ntfs-3g-dev package which is not installed by default
[USN-5453-1] FreeType vulnerability [08:38]
[USN-5454-1, USN-5454-2] CUPS vulnerabilities [08:50]
may be able to gain elevated privileges”
or through a 32-byte randomly generated token created at runtime
the real one based on the length of the shortest input - so if supplied
an empty string then would compare 0 bytes of the two and return
success!
submit a print job which would cause an OOB read in CUPS -> crash -> DoS
[USN-5451-1] InfluxDB vulnerability [10:39]
supplying a JWT token with an empty SharedSecret
[USN-5442-2] Linux kernel vulnerabilities [11:06]
unprivileged user can spam requests which would eventually overflow
counter and then could be used to trigger an OOB write -> controlled
memory corruption -> privesc
https://seclists.org/oss-sec/2021/q2/127
of a process when allowing it to set a flag which would then disable
seccomp filters on another process or itself
/ other processes and allow them to bypass intended access restrictions
subsystem -> UAF - able to be triggered by a local attacker -> crash /
code execution
[USN-5443-2] Linux kernel vulnerabilities [12:47]
[USN-5457-1] WebKitGTK vulnerabilities [12:58]
etc
Goings on in Ubuntu Security Community
Hiring
Security Engineer - Ubuntu [13:25]
Security Certifications Product Manager - CIS, FIPS, FedRAMP and more [14:24]
Get in contact
View all episodes
By Ubuntu Security Team
4.8
1010 ratings
Overview
This week we cover security updates for dpkg, logrotate, GnuPG, CUPS,
InfluxDB and more, plus we take a quick look at some open positions on the
team - come join us!
This week in Ubuntu Security Updates
31 unique CVEs addressed
[USN-5446-1, USN-5446-2] dpkg vulnerability [00:42]
is crafted to contain a symlink which pointed to a file outside of the
source code, then when unpacking debian it will follow that symlink and
hence would overwrite arbitrary files outside the source directory
[USN-5447-1] logrotate vulnerability [02:58]
each instance locks this file as a mutex mechanism
which allows unprivileged users to take the lock on this file
-> DoS
[USN-5402-2] OpenSSL vulnerabilities [04:13]
[USN-5448-1] ncurses vulnerabilities [04:21]
via fuzzing and are stack buffer overflows - these are generally
mitigated via stack-protector, others are NULL ptr deref, but again same
outcome (crash -> DoS)
[USN-5449-1] libXv vulnerability [04:58]
response -> crash -> DoS
[USN-5431-1] GnuPG vulnerability [04:24]
signatures, GnuPG will take an inordinate amount of time to process these
when downloading the key from the keyserver -> DoS
thereby attaching another signature to it on the SKS keyserver network
keyserver network does - 150k)
signatures to it
then proceed to validate them all
cert
fallback to only import self-signatures on large keyblocks
[USN-5452-1] NTFS-3G vulnerability [07:55]
metadata - if could trick a user into running it on an untrusted
filesystem image could then possibly get code execution
ntfs-3g-dev package which is not installed by default
[USN-5453-1] FreeType vulnerability [08:38]
[USN-5454-1, USN-5454-2] CUPS vulnerabilities [08:50]
may be able to gain elevated privileges”
or through a 32-byte randomly generated token created at runtime
the real one based on the length of the shortest input - so if supplied
an empty string then would compare 0 bytes of the two and return
success!
submit a print job which would cause an OOB read in CUPS -> crash -> DoS
[USN-5451-1] InfluxDB vulnerability [10:39]
supplying a JWT token with an empty SharedSecret
[USN-5442-2] Linux kernel vulnerabilities [11:06]
unprivileged user can spam requests which would eventually overflow
counter and then could be used to trigger an OOB write -> controlled
memory corruption -> privesc
https://seclists.org/oss-sec/2021/q2/127
of a process when allowing it to set a flag which would then disable
seccomp filters on another process or itself
/ other processes and allow them to bypass intended access restrictions
subsystem -> UAF - able to be triggered by a local attacker -> crash /
code execution
[USN-5443-2] Linux kernel vulnerabilities [12:47]
[USN-5457-1] WebKitGTK vulnerabilities [12:58]
etc
Goings on in Ubuntu Security Community
Hiring
Security Engineer - Ubuntu [13:25]
Security Certifications Product Manager - CIS, FIPS, FedRAMP and more [14:24]
Get in contact