Sign up to save your podcasts
Or
Share Episode 191
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 191
Overview
This week saw the unexpected release of Ubuntu 20.04.6 so we go into the detail
behind that, plus we talk Everything Open and we cover security updates
including Emacs, LibreCAD, Python, vim and more.
This week in Ubuntu Security Updates
82 unique CVEs addressed
[USN-5955-1] Emacs vulnerability [00:50]
calling file on it - but would fail to escape the filename - so if a user
could be tricked into running htmlfontify-copy-and-link-dir on a crafted
directory, could get code execution in the context of emacs
of this function on github (other than references to the documentation for it)
[USN-5956-1, USN-5956-2] PHPMailer vulnerabilities [02:03]
passed to the shell when executing the underlying mail command - original
patch didn’t fix properly so second CVE was issued for the fix
[USN-5957-1] LibreCAD vulnerabilities [02:58]
[USN-5855-2] ImageMagick vulnerabilities [03:37]
[USN-5958-1] FFmpeg vulnerabilities [03:45]
[USN-5954-1] Firefox vulnerabilities [03:59]
visited a malicious website
cause firefox to leak local information back to the web server or spoof
parts of the UI etc
[USN-5961-1] abcm2ps vulnerabilities
[USN-5962-1] Linux kernel (Intel IoTG) vulnerabilities [04:47]
similarly, crash / RCE
[USN-5959-1] Kerberos vulnerabilities [05:32]
[USN-5960-1] Python vulnerability [05:51]
with a space - blocklisting is not part of upstream functionality but often
would be implemented in application / library logic by first using urlparse()
to parse the given URL - if prefixed with a space then can get urlparse() to
fail to return the correct scheme/hostname - can workaround simply by first
calling strip() on URL - apparently upstream still discussing whether the
current fix is sufficient so watch this space
[USN-5963-1] Vim vulnerabilities [07:14]
corruption vulns -> DoS / RCE
[USN-5964-1] curl vulnerabilities [07:41]
caller had changed an SSH option - similar for FTP.
expand even if not the first part of the path)
[USN-5806-3] Ruby vulnerability [08:43]
[USN-5965-1] TigerVNC vulnerability [08:53]
certificate authority - then if client connected to a different server would
use that stored cert as a CA cert to validate the new server - could then
allow a malicious server to impersonate other servers
[USN-5904-2] SoX regression [09:35]
Goings on in Ubuntu Security Community
Ubuntu 20.04.6 LTS Released [09:49]
Unlike previous point releases, 20.04.6 is a refresh of the amd64
installer media after recent key revocations, re-enabling their usage
on Secure Boot enabled systems.
Many other security updates for additional high-impact bug fixes are also
included, with a focus on maintaining stability and compatibility with
Ubuntu 20.04 LTS.
old versions such that they would not boot anymore if updates had been
installed - so if wanted to reinstall using the 20.04.5 media it would fail to
boot. Can prove this to yourself:
cat /sys/firmware/efi/efivars/SbatLevelRT-605dab50-e046-4300-abb6-3dd810dd8b23
sbat,1,2022052400
grub,2
objdump -j .sbat -s grubx64.efi
Ubuntu Security at Everything Open 2023 [12:02]
advice on how you can improve the security of your own open source projects
Get in contact
View all episodes
By Ubuntu Security Team
4.8
1010 ratings
Overview
This week saw the unexpected release of Ubuntu 20.04.6 so we go into the detail
behind that, plus we talk Everything Open and we cover security updates
including Emacs, LibreCAD, Python, vim and more.
This week in Ubuntu Security Updates
82 unique CVEs addressed
[USN-5955-1] Emacs vulnerability [00:50]
calling file on it - but would fail to escape the filename - so if a user
could be tricked into running htmlfontify-copy-and-link-dir on a crafted
directory, could get code execution in the context of emacs
of this function on github (other than references to the documentation for it)
[USN-5956-1, USN-5956-2] PHPMailer vulnerabilities [02:03]
passed to the shell when executing the underlying mail command - original
patch didn’t fix properly so second CVE was issued for the fix
[USN-5957-1] LibreCAD vulnerabilities [02:58]
[USN-5855-2] ImageMagick vulnerabilities [03:37]
[USN-5958-1] FFmpeg vulnerabilities [03:45]
[USN-5954-1] Firefox vulnerabilities [03:59]
visited a malicious website
cause firefox to leak local information back to the web server or spoof
parts of the UI etc
[USN-5961-1] abcm2ps vulnerabilities
[USN-5962-1] Linux kernel (Intel IoTG) vulnerabilities [04:47]
similarly, crash / RCE
[USN-5959-1] Kerberos vulnerabilities [05:32]
[USN-5960-1] Python vulnerability [05:51]
with a space - blocklisting is not part of upstream functionality but often
would be implemented in application / library logic by first using urlparse()
to parse the given URL - if prefixed with a space then can get urlparse() to
fail to return the correct scheme/hostname - can workaround simply by first
calling strip() on URL - apparently upstream still discussing whether the
current fix is sufficient so watch this space
[USN-5963-1] Vim vulnerabilities [07:14]
corruption vulns -> DoS / RCE
[USN-5964-1] curl vulnerabilities [07:41]
caller had changed an SSH option - similar for FTP.
expand even if not the first part of the path)
[USN-5806-3] Ruby vulnerability [08:43]
[USN-5965-1] TigerVNC vulnerability [08:53]
certificate authority - then if client connected to a different server would
use that stored cert as a CA cert to validate the new server - could then
allow a malicious server to impersonate other servers
[USN-5904-2] SoX regression [09:35]
Goings on in Ubuntu Security Community
Ubuntu 20.04.6 LTS Released [09:49]
Unlike previous point releases, 20.04.6 is a refresh of the amd64
installer media after recent key revocations, re-enabling their usage
on Secure Boot enabled systems.
Many other security updates for additional high-impact bug fixes are also
included, with a focus on maintaining stability and compatibility with
Ubuntu 20.04 LTS.
old versions such that they would not boot anymore if updates had been
installed - so if wanted to reinstall using the 20.04.5 media it would fail to
boot. Can prove this to yourself:
cat /sys/firmware/efi/efivars/SbatLevelRT-605dab50-e046-4300-abb6-3dd810dd8b23
sbat,1,2022052400
grub,2
objdump -j .sbat -s grubx64.efi
Ubuntu Security at Everything Open 2023 [12:02]
advice on how you can improve the security of your own open source projects
Get in contact