Sign up to save your podcasts
Or
Share Episode 192
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 192
Overview
Ubuntu gets pwned at Pwn2Own 2023, plus we cover security updates for vulns in
GitPython, object-path, amanda, url-parse and the Linux kernel - and we mention
the recording of Alex’s Everything Open 2023 presentation as well.
This week in Ubuntu Security Updates
91 unique CVEs addressed
[USN-5968-1] GitPython vulnerability [00:46]
hood and pass the purported URL in without any validation
Bandit, Python security checking tool - used to scan python projects for
security issues - would be ironic if a tool used to scan for security problems
could be used to leverage an attack - so I took a quick look at the source
code for bandit and it seems to only use GitPython to check if the current
directory is a git repo or not - so would not be able to be exploited by this
issue
[USN-5967-1] object-path vulnerabilities [02:11]
applies for languages like Javascript, where an attacker can add arbitrary
properties to global / default javascript objects that then get inherited by
user-defined objects - and so can result in the ability to change the logic of
the application or potentially even get remote code execution (depending on
how those object properties are used by the application)
[USN-5942-2] Apache HTTP Server vulnerability [02:56]
[USN-5966-1, USN-5966-2] amanda vulnerabilities [03:06]
different way - one to see if a given directory existed or not (info leak),
and the others to both get code execution etc - update introduced a regression
which was then also fixed
[USN-5969-1] gif2apng vulnerabilities [04:00]
[USN-5971-1] Graphviz vulnerabilities [04:12]
[USN-5954-2] Firefox regressions [04:40]
[USN-5972-1] Thunderbird vulnerabilities [04:58]
[USN-5973-1] url-parse vulnerabilities [05:11]
parsing URLs, can have various vulnerabilities
various browsers for “better security and accuracy”
[USN-5974-1] GraphicsMagick vulnerabilities [06:24]
[USN-5686-4] Git vulnerability [06:37]
[USN-5970-1] Linux kernel vulnerabilities [06:45]
[LSN-0093-1] Linux kernel vulnerability [07:15]
16.04 ESM) across various different kernels
VLAN headers - both could allow a local user to DoS / code execution in kernel
-> EoP
Kernel type
22.04
20.04
18.04
16.04
aws
93.1
93.1
93.1
—
aws-5.15
—
93.1
—
—
aws-5.4
—
—
93.1
—
aws-hwe
—
—
—
93.1
azure
93.1
93.1
—
93.1
azure-4.15
—
—
93.1
—
azure-5.4
—
—
93.1
—
gcp
93.2
93.1
—
93.1
gcp-4.15
—
—
93.1
—
gcp-5.15
—
93.2
—
—
gcp-5.4
—
—
93.1
—
generic-4.15
—
—
93.1
93.1
generic-5.4
—
93.1
93.1
—
gke
93.2
93.1
—
—
gke-4.15
—
—
93.1
—
gke-5.15
—
93.2
—
—
gke-5.4
—
—
93.1
—
gkeop
—
93.1
—
—
gkeop-5.4
—
—
93.1
—
ibm
93.1
93.1
—
—
linux
93.1
—
—
—
lowlatency-4.15
—
—
93.1
93.1
lowlatency-5.4
—
93.1
93.1
—
oem
—
—
93.1
—
To check your kernel type and Livepatch version, enter this command:
canonical-livepatch status
[USN-5975-1] Linux kernel vulnerabilities
[USN-5976-1] Linux kernel (OEM) vulnerabilities
[USN-5977-1] Linux kernel (OEM) vulnerabilities
[USN-5978-1] Linux kernel (OEM) vulnerabilities
[USN-5979-1] Linux kernel (HWE) vulnerabilities
[USN-5980-1] Linux kernel vulnerabilities
[USN-5981-1] Linux kernel vulnerabilities
[USN-5982-1] Linux kernel vulnerabilities
Goings on in Ubuntu Security Community
pwn2own 2023 [08:02]
is attended by many of the best offensive security research teams in the world
elevation of privilege category - standard unprivileged user account which can
be used to escalate privileges to root - targeting the latest Ubuntu interim
release 22.10 (Kinetic)
exploit to work
Georgia Garcia from the Ubuntu Security team and Thadeu Cascardo from the
Ubuntu Kernel team) who were on call to be shown the exploit and vulnerability
and within 30 minutes would have to determine if it was already known or not
other was not able to get their exploit to work in the allotted time limit
will become available in the future
incorrect pointer scaling, double free and UAF) but all (unsurprisingly)
related to the memory unsafety of C
11 twice (both successful too) yet Ubuntu had 6
looking at Ubuntu compared to Windows nowadays?
source code is easily able to be inspected?
subsystems like io_uring and large attack surfaces through unprivileged user
namespaces perhaps make Ubuntu more of an easy target
namespaces in the future
Securing a distro and you own open source project - Everything Open 2023 [14:27]
https://youtu.be/a-_5aJIjjLQ
Ubuntu is one of the most popular Linux distributions and is used by millions
of people all over the world. It contains software from a wide array of
different upstream projects and communities across a number of different
language ecosystems. Ubuntu also aims to provide the best user experience for
consuming all these various pieces of software, whilst being both as secure
and usable as possible.
The Ubuntu Security team is responsible for keeping all of this software
secure and patched against known vulnerabilities, as well as proactively
looking for new possible security issues, and finally for ensuring the
distribution as a whole is secured through proactive hardening work. They also
have a huge depth of experience in working with upstream open source projects
to report, manage patch and disclose security vulnerabilities. Find out both
how they keep Ubuntu secure and how you can improve the security of your own
open source project or the projects you contribute to.
Get in contact
View all episodes
By Ubuntu Security Team
4.8
1010 ratings
Overview
Ubuntu gets pwned at Pwn2Own 2023, plus we cover security updates for vulns in
GitPython, object-path, amanda, url-parse and the Linux kernel - and we mention
the recording of Alex’s Everything Open 2023 presentation as well.
This week in Ubuntu Security Updates
91 unique CVEs addressed
[USN-5968-1] GitPython vulnerability [00:46]
hood and pass the purported URL in without any validation
Bandit, Python security checking tool - used to scan python projects for
security issues - would be ironic if a tool used to scan for security problems
could be used to leverage an attack - so I took a quick look at the source
code for bandit and it seems to only use GitPython to check if the current
directory is a git repo or not - so would not be able to be exploited by this
issue
[USN-5967-1] object-path vulnerabilities [02:11]
applies for languages like Javascript, where an attacker can add arbitrary
properties to global / default javascript objects that then get inherited by
user-defined objects - and so can result in the ability to change the logic of
the application or potentially even get remote code execution (depending on
how those object properties are used by the application)
[USN-5942-2] Apache HTTP Server vulnerability [02:56]
[USN-5966-1, USN-5966-2] amanda vulnerabilities [03:06]
different way - one to see if a given directory existed or not (info leak),
and the others to both get code execution etc - update introduced a regression
which was then also fixed
[USN-5969-1] gif2apng vulnerabilities [04:00]
[USN-5971-1] Graphviz vulnerabilities [04:12]
[USN-5954-2] Firefox regressions [04:40]
[USN-5972-1] Thunderbird vulnerabilities [04:58]
[USN-5973-1] url-parse vulnerabilities [05:11]
parsing URLs, can have various vulnerabilities
various browsers for “better security and accuracy”
[USN-5974-1] GraphicsMagick vulnerabilities [06:24]
[USN-5686-4] Git vulnerability [06:37]
[USN-5970-1] Linux kernel vulnerabilities [06:45]
[LSN-0093-1] Linux kernel vulnerability [07:15]
16.04 ESM) across various different kernels
VLAN headers - both could allow a local user to DoS / code execution in kernel
-> EoP
Kernel type
22.04
20.04
18.04
16.04
aws
93.1
93.1
93.1
—
aws-5.15
—
93.1
—
—
aws-5.4
—
—
93.1
—
aws-hwe
—
—
—
93.1
azure
93.1
93.1
—
93.1
azure-4.15
—
—
93.1
—
azure-5.4
—
—
93.1
—
gcp
93.2
93.1
—
93.1
gcp-4.15
—
—
93.1
—
gcp-5.15
—
93.2
—
—
gcp-5.4
—
—
93.1
—
generic-4.15
—
—
93.1
93.1
generic-5.4
—
93.1
93.1
—
gke
93.2
93.1
—
—
gke-4.15
—
—
93.1
—
gke-5.15
—
93.2
—
—
gke-5.4
—
—
93.1
—
gkeop
—
93.1
—
—
gkeop-5.4
—
—
93.1
—
ibm
93.1
93.1
—
—
linux
93.1
—
—
—
lowlatency-4.15
—
—
93.1
93.1
lowlatency-5.4
—
93.1
93.1
—
oem
—
—
93.1
—
To check your kernel type and Livepatch version, enter this command:
canonical-livepatch status
[USN-5975-1] Linux kernel vulnerabilities
[USN-5976-1] Linux kernel (OEM) vulnerabilities
[USN-5977-1] Linux kernel (OEM) vulnerabilities
[USN-5978-1] Linux kernel (OEM) vulnerabilities
[USN-5979-1] Linux kernel (HWE) vulnerabilities
[USN-5980-1] Linux kernel vulnerabilities
[USN-5981-1] Linux kernel vulnerabilities
[USN-5982-1] Linux kernel vulnerabilities
Goings on in Ubuntu Security Community
pwn2own 2023 [08:02]
is attended by many of the best offensive security research teams in the world
elevation of privilege category - standard unprivileged user account which can
be used to escalate privileges to root - targeting the latest Ubuntu interim
release 22.10 (Kinetic)
exploit to work
Georgia Garcia from the Ubuntu Security team and Thadeu Cascardo from the
Ubuntu Kernel team) who were on call to be shown the exploit and vulnerability
and within 30 minutes would have to determine if it was already known or not
other was not able to get their exploit to work in the allotted time limit
will become available in the future
incorrect pointer scaling, double free and UAF) but all (unsurprisingly)
related to the memory unsafety of C
11 twice (both successful too) yet Ubuntu had 6
looking at Ubuntu compared to Windows nowadays?
source code is easily able to be inspected?
subsystems like io_uring and large attack surfaces through unprivileged user
namespaces perhaps make Ubuntu more of an easy target
namespaces in the future
Securing a distro and you own open source project - Everything Open 2023 [14:27]
https://youtu.be/a-_5aJIjjLQ
Ubuntu is one of the most popular Linux distributions and is used by millions
of people all over the world. It contains software from a wide array of
different upstream projects and communities across a number of different
language ecosystems. Ubuntu also aims to provide the best user experience for
consuming all these various pieces of software, whilst being both as secure
and usable as possible.
The Ubuntu Security team is responsible for keeping all of this software
secure and patched against known vulnerabilities, as well as proactively
looking for new possible security issues, and finally for ensuring the
distribution as a whole is secured through proactive hardening work. They also
have a huge depth of experience in working with upstream open source projects
to report, manage patch and disclose security vulnerabilities. Find out both
how they keep Ubuntu secure and how you can improve the security of your own
open source project or the projects you contribute to.
Get in contact