Sign up to save your podcasts
Or
Share Episode 180
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 180
Overview
Ubuntu Pro beta is announced and we cover all the details with Lech Sandecki and
Eduardo Barretto, plus we cover security updates for DHCP, kitty, Thunderbird,
LibreOffice, the Linux kernel, .NET 6 and more.
This week in Ubuntu Security Updates
49 unique CVEs addressed
[USN-5658-1] DHCP vulnerabilities [00:53]
2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
2 different DoS against ISC DHCP server
which would fail to properly decrement a reference count and hence eventually
could overflow the reference counter -> abort -> DoS
with a FQDN label longer than 64 bytes - eventually would run out of memory
-> crash -> DoS
[USN-5659-1] kitty vulnerabilities [01:45]
then would display an error message containing the file name - as such, could
craft the name of the filename to then inject terminal control characters and
hence arbitrary input into the shell itself and hence execute arbitrary
code
script or even a file could output these and kitty would interpret that to
show a desktop notification. Also includes support for actions on
notifications through a named notification id. However, would also fail to
sanitize these ids, again allowing terminal control characters to be injected
and hence arbitrary code to be executed if the user were to then click on a
notification popup
for the user to click the notification
[USN-5657-1] Graphite2 vulnerability [03:16]
[USN-5663-1] Thunderbird vulnerabilities [03:27]
opened - both via html within an iframe - allows sender to track whether the
email was opened etc
pointer and addressbar spoofing, RCE etc
[USN-5371-3] nginx vulnerability [04:22]
[USN-5666-1] OpenSSH vulnerability [04:35]
AuthorizedKeysCommand and AuthorizedPrincipalsCommand and so would run these
with group membership of the sshd process itself (even if configured to run as
a different user)
configuration
[USN-5665-1] PCRE vulnerabilities [05:19]
[USN-5661-1] LibreOffice vulnerabilities [05:31]
signature
the signature had the same serial number and issuer string of the trusted
certificate) - instead has to actually compare the hash of the certificate
itself as well
web connections
being much easier to crack the encryption via a brute force attack than should
otherwise be - a local attacker with access to a user’s LibreOffice config
(and hence PW DB) could potentially get access to their credentials as used by
LO
[USN-5660-1] Linux kernel (GCP) vulnerabilities [07:02]
changing font/screen sizes -> DoS/codeexec, perf race-condition -> UAF ->
DoS/codeexec, netfilter remote DoS via crafted packet causing truncation below
packet header size, lack of good enough IP source port randomisation allows a
malicious TCP server to identify a host by the chosen source port, dm-verity
DoS/code execution by bypassing LoadPin restrictions to load untrusted kernel
modules / firmware (but requires root privileges in the first place)
x*** [USN-5667-1] Linux kernel vulnerabilities [08:01]
(eIBRS) on some processors did not properly handle RET instructions in some
cases - local attacker could read sensitive info as a result
handle TLB flushing in some cases
[USN-5668-1] Linux kernel vulnerabilities [09:07]
[USN-5669-1, USN-5669-2] Linux kernel vulnerabilities [09:18]
[USN-5670-1] .NET 6 vulnerability [09:27]
[USN-5671-1] AdvanceCOMP vulnerabilities [09:44]
files
Goings on in Ubuntu Security Community
Ubuntu Pro Beta overview with Lech Sandecki and Eduardo Barretto [10:08]
Get in contact
View all episodes
By Ubuntu Security Team
4.8
1010 ratings
Overview
Ubuntu Pro beta is announced and we cover all the details with Lech Sandecki and
Eduardo Barretto, plus we cover security updates for DHCP, kitty, Thunderbird,
LibreOffice, the Linux kernel, .NET 6 and more.
This week in Ubuntu Security Updates
49 unique CVEs addressed
[USN-5658-1] DHCP vulnerabilities [00:53]
2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
2 different DoS against ISC DHCP server
which would fail to properly decrement a reference count and hence eventually
could overflow the reference counter -> abort -> DoS
with a FQDN label longer than 64 bytes - eventually would run out of memory
-> crash -> DoS
[USN-5659-1] kitty vulnerabilities [01:45]
then would display an error message containing the file name - as such, could
craft the name of the filename to then inject terminal control characters and
hence arbitrary input into the shell itself and hence execute arbitrary
code
script or even a file could output these and kitty would interpret that to
show a desktop notification. Also includes support for actions on
notifications through a named notification id. However, would also fail to
sanitize these ids, again allowing terminal control characters to be injected
and hence arbitrary code to be executed if the user were to then click on a
notification popup
for the user to click the notification
[USN-5657-1] Graphite2 vulnerability [03:16]
[USN-5663-1] Thunderbird vulnerabilities [03:27]
opened - both via html within an iframe - allows sender to track whether the
email was opened etc
pointer and addressbar spoofing, RCE etc
[USN-5371-3] nginx vulnerability [04:22]
[USN-5666-1] OpenSSH vulnerability [04:35]
AuthorizedKeysCommand and AuthorizedPrincipalsCommand and so would run these
with group membership of the sshd process itself (even if configured to run as
a different user)
configuration
[USN-5665-1] PCRE vulnerabilities [05:19]
[USN-5661-1] LibreOffice vulnerabilities [05:31]
signature
the signature had the same serial number and issuer string of the trusted
certificate) - instead has to actually compare the hash of the certificate
itself as well
web connections
being much easier to crack the encryption via a brute force attack than should
otherwise be - a local attacker with access to a user’s LibreOffice config
(and hence PW DB) could potentially get access to their credentials as used by
LO
[USN-5660-1] Linux kernel (GCP) vulnerabilities [07:02]
changing font/screen sizes -> DoS/codeexec, perf race-condition -> UAF ->
DoS/codeexec, netfilter remote DoS via crafted packet causing truncation below
packet header size, lack of good enough IP source port randomisation allows a
malicious TCP server to identify a host by the chosen source port, dm-verity
DoS/code execution by bypassing LoadPin restrictions to load untrusted kernel
modules / firmware (but requires root privileges in the first place)
x*** [USN-5667-1] Linux kernel vulnerabilities [08:01]
(eIBRS) on some processors did not properly handle RET instructions in some
cases - local attacker could read sensitive info as a result
handle TLB flushing in some cases
[USN-5668-1] Linux kernel vulnerabilities [09:07]
[USN-5669-1, USN-5669-2] Linux kernel vulnerabilities [09:18]
[USN-5670-1] .NET 6 vulnerability [09:27]
[USN-5671-1] AdvanceCOMP vulnerabilities [09:44]
files
Goings on in Ubuntu Security Community
Ubuntu Pro Beta overview with Lech Sandecki and Eduardo Barretto [10:08]
Get in contact