Sign up to save your podcasts
Or
Share Episode 173
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 173
Overview
This week we take a look at the recent announcement of .NET 6 for Ubuntu
22.04 LTS, plus we cover security updates for the Linux kernel, Booth,
WebKitGTK, Unbound and more.
This week in Ubuntu Security Updates
24 unique CVEs addressed
[USN-5562-1] Linux kernel vulnerabilities [00:49]
network packet scheduler
kernels since 4.1 - type confusion bug leading to a buffer overflow ->
code execution within the kernel and hence privilege escalation -
requires an attacker to gain CAP_NET_ADMIN which is privileged, but
with unprivileged user-namespaces this is trivial - so can mitigate
this by disabling unpriv userns - but this may then affect applications
like Google Chrome and others which use this to setup their sandboxes
etc
sudo sysctl kernel.unprivileged_userns_clone=0
[USN-5564-1] Linux kernel (Intel IoTG) vulnerabilities [02:32]
timers subsystem - UAF which could be triggered by an unpriv user ->
priv esc - since kernel 5.7 only
[USN-5566-1] Linux kernel vulnerabilities [03:08]
KVM and Raspi
[USN-5565-1] Linux kernel vulnerabilities [03:34]
[USN-5567-1] Linux kernel (OEM) vulnerabilities [03:48]
[USN-5563-1] http-parser vulnerability [04:00]
anymore either) - parses requests & responses without making any
syscalls, memory allocations or buffering of data
within a HTTP message - ie. 2 Transfer-Encoding - but would only process
the first - could then allow the second to be misinterpreted by other
proxies etc which could then be used for a request smuggling attack
[USN-5556-1] Booth vulnerability [05:20]
which did not have the correct auth key to communicate with nodes that
did - oops… - upstream refactored code previously which introduced this
vuln - reverted the refactor to fix this
[USN-5568-1] WebKitGTK vulnerabilities [05:57]
be triggered by a malicious website -> RCE or other
[USN-5569-1] Unbound vulnerabilities [06:22]
unbound just at the time when the cached delegation info is about to
expire - unbound then queries the upstream nameserver which could then
delay its response until the cache expires in unbound - when receiving
the response unbound would overwrite the now expired one - and so the
attacker can continue to do this and hence keep the rogue delegation
information in the unbound cache
[USN-5526-2] PyJWT regression [07:10]
package version to 2.4.0 and so when including this, the internal package
version got bumped even though the deb package version didn’t - so would
get files installed as say 2.4.0 even though the deb is 2.3.0 which could
possibly cause a regression due to a change in path - fixed to revert
this internal package version bump
Goings on in Ubuntu Security Community
.NET 6 now available in Ubuntu 22.04 LTS [07:45]
development on Ubuntu
with Ubuntu so that we can release updates for the package in Ubuntu as
they become publicly known
containers to provide just the minimum needed - think of it as the
Canonical version of distroless containers.
everything that is needed
104MB cf. apsnet:6.0-alpine 100MB)
different libc (musl) and has other differences too
that you know and love along with the benefits of a super small
container image (including things like decreased attack surface etc)
to Microsoft so that the provenance of Ubuntu-based .NET images is
known - instead of previously where these were pulled from Dockerhub
of these images can also verify them too
Get in contact
View all episodes
By Ubuntu Security Team
4.8
1010 ratings
Overview
This week we take a look at the recent announcement of .NET 6 for Ubuntu
22.04 LTS, plus we cover security updates for the Linux kernel, Booth,
WebKitGTK, Unbound and more.
This week in Ubuntu Security Updates
24 unique CVEs addressed
[USN-5562-1] Linux kernel vulnerabilities [00:49]
network packet scheduler
kernels since 4.1 - type confusion bug leading to a buffer overflow ->
code execution within the kernel and hence privilege escalation -
requires an attacker to gain CAP_NET_ADMIN which is privileged, but
with unprivileged user-namespaces this is trivial - so can mitigate
this by disabling unpriv userns - but this may then affect applications
like Google Chrome and others which use this to setup their sandboxes
etc
sudo sysctl kernel.unprivileged_userns_clone=0
[USN-5564-1] Linux kernel (Intel IoTG) vulnerabilities [02:32]
timers subsystem - UAF which could be triggered by an unpriv user ->
priv esc - since kernel 5.7 only
[USN-5566-1] Linux kernel vulnerabilities [03:08]
KVM and Raspi
[USN-5565-1] Linux kernel vulnerabilities [03:34]
[USN-5567-1] Linux kernel (OEM) vulnerabilities [03:48]
[USN-5563-1] http-parser vulnerability [04:00]
anymore either) - parses requests & responses without making any
syscalls, memory allocations or buffering of data
within a HTTP message - ie. 2 Transfer-Encoding - but would only process
the first - could then allow the second to be misinterpreted by other
proxies etc which could then be used for a request smuggling attack
[USN-5556-1] Booth vulnerability [05:20]
which did not have the correct auth key to communicate with nodes that
did - oops… - upstream refactored code previously which introduced this
vuln - reverted the refactor to fix this
[USN-5568-1] WebKitGTK vulnerabilities [05:57]
be triggered by a malicious website -> RCE or other
[USN-5569-1] Unbound vulnerabilities [06:22]
unbound just at the time when the cached delegation info is about to
expire - unbound then queries the upstream nameserver which could then
delay its response until the cache expires in unbound - when receiving
the response unbound would overwrite the now expired one - and so the
attacker can continue to do this and hence keep the rogue delegation
information in the unbound cache
[USN-5526-2] PyJWT regression [07:10]
package version to 2.4.0 and so when including this, the internal package
version got bumped even though the deb package version didn’t - so would
get files installed as say 2.4.0 even though the deb is 2.3.0 which could
possibly cause a regression due to a change in path - fixed to revert
this internal package version bump
Goings on in Ubuntu Security Community
.NET 6 now available in Ubuntu 22.04 LTS [07:45]
development on Ubuntu
with Ubuntu so that we can release updates for the package in Ubuntu as
they become publicly known
containers to provide just the minimum needed - think of it as the
Canonical version of distroless containers.
everything that is needed
104MB cf. apsnet:6.0-alpine 100MB)
different libc (musl) and has other differences too
that you know and love along with the benefits of a super small
container image (including things like decreased attack surface etc)
to Microsoft so that the provenance of Ubuntu-based .NET images is
known - instead of previously where these were pulled from Dockerhub
of these images can also verify them too
Get in contact