May 26, 2023

Episode 196

20 minutes

Overview

This week we look at some recent security developments from PyPI, the Linux

Security Summit North America and the pending transition of Ubuntu 18.04 to ESM,

plus we cover security updates for cups-filter, the Linux kernel, Git, runC,

ncurses, cloud-init and more.

This week in Ubuntu Security Updates

83 unique CVEs addressed

[USN-6083-1] cups-filters vulnerability (01:03)

1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)

CVE-2023-24805

Legacy BEH (Backend Error Handler) allows to create a network accessible

printer - allowed to do pretty easy RCE since used system() to run a command

which contained various values that can be controlled by the attacker

Fixed by upstream to use fork() and execve() plus some other smaller changes

to perform sanitisation of the input

[USN-6084-1] Linux kernel vulnerabilities (01:45)

5 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS)

CVE-2023-1118

CVE-2023-32269

CVE-2023-2162

CVE-2023-1513

CVE-2023-0459

4.15 18.04 GCP + Oracle, 16.04 Oracle

[USN-6085-1] Linux kernel (Raspberry Pi) vulnerabilities (02:00)

10 CVEs addressed in Jammy (22.04 LTS)

CVE-2023-1118

CVE-2023-32269

CVE-2023-2162

CVE-2023-20938

CVE-2023-1513

CVE-2023-1078

CVE-2023-1075

CVE-2023-0459

CVE-2022-3707

CVE-2022-27672

5.15 Raspi kernel

Various UAFs in different drivers and subsystems, possible speculative

execution attack against AMD x86-64 processors with SMT enabled, a few type

confusion bugs leading to OOB reads etc

[USN-6090-1] Linux kernel vulnerabilities (02:26)

10 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)

CVE-2023-1118

CVE-2023-32269

CVE-2023-2162

CVE-2023-20938

CVE-2023-1513

CVE-2023-1078

CVE-2023-1075

CVE-2023-0459

CVE-2022-3707

CVE-2022-27672

Same set of vulns as above

5.15 22.04 GKE, GCP; 20.04 GKE, GCP, Oracle

[USN-6089-1] Linux kernel (OEM) vulnerability (02:45)

1 CVEs addressed in Jammy (22.04 LTS)

CVE-2022-4139

6.0 OEM

i915 failed to flush GPU TLB in some cases -> DoS / RCE

[USN-6091-1] Linux kernel vulnerabilities (03:09)

25 CVEs addressed in Kinetic (22.10)

CVE-2023-1118

CVE-2023-32269

CVE-2023-26544

CVE-2023-23455

CVE-2023-23454

CVE-2023-2162

CVE-2023-21106

CVE-2023-21102

CVE-2023-1652

CVE-2023-1513

CVE-2023-1078

CVE-2023-1075

CVE-2023-1074

CVE-2023-1073

CVE-2023-0459

CVE-2023-0458

CVE-2023-0394

CVE-2023-0210

CVE-2022-48424

CVE-2022-48423

CVE-2022-4842

CVE-2022-4129

CVE-2022-3707

CVE-2022-36280

CVE-2022-27672

5.19 IBM + Oracle

Lots of the previously mentioned issues and more - same kinds of issues though

(race conditions, UAFs, OOB writes etc in various drivers / subsystems)

[USN-6096-1] Linux kernel vulnerabilities (03:34)

25 CVEs addressed in Jammy (22.04 LTS), Kinetic (22.10)

CVE-2023-1118

CVE-2023-32269

CVE-2023-26544

CVE-2023-23455

CVE-2023-23454

CVE-2023-2162

CVE-2023-21106

CVE-2023-21102

CVE-2023-1652

CVE-2023-1513

CVE-2023-1078

CVE-2023-1075

CVE-2023-1074

CVE-2023-1073

CVE-2023-0459

CVE-2023-0458

CVE-2023-0394

CVE-2023-0210

CVE-2022-48424

CVE-2022-48423

CVE-2022-4842

CVE-2022-4129

CVE-2022-3707

CVE-2022-36280

CVE-2022-27672

22.10 GCP, 22.04 HWE

Same as above

[USN-6092-1] Linux kernel (Azure) vulnerabilities (03:45)

5 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)

CVE-2023-1118

CVE-2023-32269

CVE-2023-2162

CVE-2023-1513

CVE-2023-0459

4.15 Azure on both 18.04, 16.04 ESM + 14.04 ESM

[USN-6093-1] Linux kernel (BlueField) vulnerabilities (03:54)

9 CVEs addressed in Focal (20.04 LTS)

CVE-2023-26545

CVE-2023-1074

CVE-2023-1073

CVE-2023-0458

CVE-2022-4129

CVE-2022-3903

CVE-2022-3108

CVE-2023-1281

CVE-2023-1829

5.4

NVIDIA BlueField platform

[USN-6094-1] Linux kernel vulnerabilities (04:02)

8 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2023-1118

CVE-2023-32269

CVE-2023-2162

CVE-2023-1513

CVE-2023-1078

CVE-2023-1075

CVE-2023-0459

CVE-2022-3707

5.4 20.04 / 18.04 HWE on all generic, Azure, GKE, IBM, OEM, AWS, KVM, Low

latency etc

[USN-6095-1] Linux kernel vulnerabilities (04:29)

5 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS)

CVE-2023-1118

CVE-2023-32269

CVE-2023-2162

CVE-2023-1513

CVE-2023-0459

4.15 18.04 snapdragon + raspi2; 16.04 HWE etc

[USN-6050-2] Git vulnerabilities (04:50)

2 CVEs addressed in Xenial ESM (16.04 ESM)

CVE-2023-29007

CVE-2023-25652

RCE via a crafted .gitmodules file with submodule URLs longer than 1024

chars - could inject arbitrary config into the users git config - eg. could

configure the pager or editor etc to run some arbitrary command

Local file overwrite via crafted input to git apply --reject

[USN-6088-1] runC vulnerabilities (05:39)

3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)

CVE-2023-28642

CVE-2023-27561

CVE-2023-25809

Vuln where the cgroup hierarchy of the host may be exposed within the

container and be writable - could possibly use this to privesc

Regression from a previous vuln fix in CVE-2019-19921 (see [USN-4297-1] runC vulnerabilities in Episode 66)

Possible to bypass AppArmor (or SELinux) restrictions on runc if a container

[USN-6088-2] runC vulnerabilities (06:26)

6 CVEs addressed in Xenial ESM (16.04 ESM)

CVE-2023-28642

CVE-2023-27561

CVE-2023-25809

CVE-2022-29162

CVE-2021-43784

CVE-2019-19921

[USN-6086-1] minimatch vulnerability (06:31)

1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2022-3517

ReDoS against nodejs package

[USN-6087-1] Ruby vulnerabilities (06:39)

2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2023-28756

CVE-2023-28755

Speaking of ReDoS - two in ruby - mentioned previously in

[USN-6055-2] Ruby regression Episode 194 - has been

fixed properly now without introducing the previous regression

[USN-5900-2] tar vulnerability (07:03)

1 CVEs addressed in Lunar (23.04)

CVE-2022-48303

[USN-5900-1] tar vulnerability from Episode 189

[USN-5996-2] Libloius vulnerabilities (07:17)

3 CVEs addressed in Lunar (23.04)

CVE-2023-26769

CVE-2023-26768

CVE-2023-26767

Braille translation library

3 different buffer overflows

[USN-6099-1] ncurses vulnerabilities (07:27)

5 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)

CVE-2023-29491

CVE-2022-29458

CVE-2021-39537

CVE-2019-17595

CVE-2019-17594

Most interesting vuln here was possible memory corruption via malformed

terminfo database which can be set via TERMINFO of though ~/.terminfo - will

get used by a setuid binary as well - turns out though that ncurses has a

build-time configuration option to disable the use of custom terminfo/termcap

when running - fixed this by enabling that

[USN-6073-6, USN-6073-7, USN-6073-8, USN-6073-9] Cinder, Glance store, Nova, os-brick regressions (08:34)

Affecting Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)

[USN-6073-1, USN-6073-2, USN-6073-3, USN-6073-4] Cinder, Glance Store, Nova, os-brick vulnerability from Episode 195

[USN-5725-2] Go vulnerability (08:50)

1 CVEs addressed in Xenial ESM (16.04 ESM)

CVE-2020-16845

[USN-6042-2] Cloud-init regression (08:55)

Affecting Focal (20.04 LTS)

Published an update to cloud-init a few weeks ago - this was due to a vuln

where credentials may get accidentally logged to the cloud-init log file -

this was a newer version of cloud-init and it relied on a feature in the

netplan package that was not published to the security pocket - easy fix would

be to publish this version of netplan to -security but this is not in the

spirit of the pocket - so instead cloud-init was updated to include a fallback

to ensure routes were appropriately retained

[USN-6098-1] Jhead vulnerabilities (09:48)

8 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2021-28278

CVE-2021-28276

CVE-2020-26208

CVE-2020-6625

CVE-2020-6624

CVE-2019-1010302

CVE-2019-1010301

CVE-2019-19035

EXIF JPEG header manipulation tool written in C

Heap buffer overflows, NULL ptr derefs, OOB reads etc

[USN-6102-1] xmldom vulnerabilities (10:12)

3 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)

CVE-2022-39353

CVE-2022-37616

CVE-2021-21366

NodeJS javascript DOMParser and XMLSerializer

Logic error where failed to preserve identifiers or namespaces when parsing

malicious documents

Prototype pollution

Parses documents with multiple top-level elements and combines all their

elements

[USN-6101-1] GNU binutils vulnerabilities (10:50)

6 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)

CVE-2023-25588

CVE-2023-25586

CVE-2023-25585

CVE-2023-25584

CVE-2023-1972

CVE-2023-1579

Assembler, linker and other utils for handling binary files

Generally not expected to be fed untrusted input, but notheless

various buffer overflows (read and write) - DoS / RCE

[USN-6074-3] Firefox regressions (11:38)

11 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2023-32209

CVE-2023-32208

CVE-2023-32206

CVE-2023-32216

CVE-2023-32215

CVE-2023-32213

CVE-2023-32212

CVE-2023-32211

CVE-2023-32210

CVE-2023-32207

CVE-2023-32205

113.0.2

[USN-6103-1] JSON Schema vulnerability (11:50)

1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2021-3918

NodeJS package for JSON document manipulation - prototype pollution vuln

[USN-5967-1] object-path vulnerabilities from Episode 192

Goings on in Ubuntu Security Community

Security related announcements from PyPI (12:21)

Removing PGP from PyPI

will no longer support new PGP signatures for PyPI packages in response to a

recent public blog post detailing an audit of the PGP ecosystem with PyPI

most devs not uploading PGP signatures and of those that were, 30% were

not available on major public keyservers and of those that were nearly

half were not able to be meaningfully verified - some had expired,

others had no binding signature to be able to verify them

PyPI was subpoenaed

Ordered by DOJ to provide details on 5 PyPI usernames, including names,

addresses, connection records, payment details, which packages and IP logs

etc

Provided these details after consulting with their lawyers

Includes the specific attributes which were provided including the database

queries used to lookup those records

likely in response to recent security issues like typosquatting of popular

packages with credential stealers and other malware embedded - over the past

weekend, account sign-up and package uploads were blocked due to an

overwhelming large number of malicious users and projects being created

which the admins could not keep up with

Securing PyPI accounts via Two-Factor Authentication

Every account that maintains a project / organisation will be required to

enable 2FA by the end of this year

supports both TOTP and WebAuthN

Already announced this for most critical projects last year where they gave

away Google Titan security keys to those projects and mandated them to use

2FA

LSS NA 2023 (16:11)

Attended by John Johansen and Mark Esler from the Ubuntu Security Team

John presented in the LSM Maintainers Panel with Mickaël Salaün, Casey

Schaufler, Mimi Zohar & moderated by Paul Moore

All presentations now online: https://www.youtube.com/playlist?list=PLbzoR-pLrL6q4vmwFP7-ZZ1LJc5mA3Hqu

Lots of interesting bits like:

systemd and TPM2

Verifiable End to End Secure OCI Native Machines

Progress on Bounds Checking in C and the Linux Kernel

for more great content with Kees check out Seth and John talk Linux Kernel Security with Kees Cook from Episode 145

Building the Largest Working Set of Apparmor Profiles

Controlling Script Execution

Announcement of 18.04 LTS going into ESM on 31 May 2023 (18:55)

https://lists.ubuntu.com/archives/ubuntu-security-announce/2023-May/007371.html

18.04 LTS released on 26 April 2018

https://canonical.com/blog/18-04-end-of-standard-support

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@[email protected], @ubuntu_sec on twitter

...more

View all episodes

By Ubuntu Security Team

4.8

1010 ratings

May 26, 2023

Episode 196

20 minutes

Overview

This week we look at some recent security developments from PyPI, the Linux

Security Summit North America and the pending transition of Ubuntu 18.04 to ESM,

plus we cover security updates for cups-filter, the Linux kernel, Git, runC,

ncurses, cloud-init and more.

This week in Ubuntu Security Updates

83 unique CVEs addressed

[USN-6083-1] cups-filters vulnerability (01:03)

1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)

CVE-2023-24805

Legacy BEH (Backend Error Handler) allows to create a network accessible

printer - allowed to do pretty easy RCE since used system() to run a command

which contained various values that can be controlled by the attacker

Fixed by upstream to use fork() and execve() plus some other smaller changes

to perform sanitisation of the input

[USN-6084-1] Linux kernel vulnerabilities (01:45)

5 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS)

CVE-2023-1118

CVE-2023-32269

CVE-2023-2162

CVE-2023-1513

CVE-2023-0459

4.15 18.04 GCP + Oracle, 16.04 Oracle

[USN-6085-1] Linux kernel (Raspberry Pi) vulnerabilities (02:00)

10 CVEs addressed in Jammy (22.04 LTS)

CVE-2023-1118

CVE-2023-32269

CVE-2023-2162

CVE-2023-20938

CVE-2023-1513

CVE-2023-1078

CVE-2023-1075

CVE-2023-0459

CVE-2022-3707

CVE-2022-27672

5.15 Raspi kernel

Various UAFs in different drivers and subsystems, possible speculative

execution attack against AMD x86-64 processors with SMT enabled, a few type

confusion bugs leading to OOB reads etc

[USN-6090-1] Linux kernel vulnerabilities (02:26)

10 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)

CVE-2023-1118

CVE-2023-32269

CVE-2023-2162

CVE-2023-20938

CVE-2023-1513

CVE-2023-1078

CVE-2023-1075

CVE-2023-0459

CVE-2022-3707

CVE-2022-27672

Same set of vulns as above

5.15 22.04 GKE, GCP; 20.04 GKE, GCP, Oracle

[USN-6089-1] Linux kernel (OEM) vulnerability (02:45)

1 CVEs addressed in Jammy (22.04 LTS)

CVE-2022-4139

6.0 OEM

i915 failed to flush GPU TLB in some cases -> DoS / RCE

[USN-6091-1] Linux kernel vulnerabilities (03:09)

25 CVEs addressed in Kinetic (22.10)

CVE-2023-1118

CVE-2023-32269

CVE-2023-26544

CVE-2023-23455

CVE-2023-23454

CVE-2023-2162

CVE-2023-21106

CVE-2023-21102

CVE-2023-1652

CVE-2023-1513

CVE-2023-1078

CVE-2023-1075

CVE-2023-1074

CVE-2023-1073

CVE-2023-0459

CVE-2023-0458

CVE-2023-0394

CVE-2023-0210

CVE-2022-48424

CVE-2022-48423

CVE-2022-4842

CVE-2022-4129

CVE-2022-3707

CVE-2022-36280

CVE-2022-27672

5.19 IBM + Oracle

Lots of the previously mentioned issues and more - same kinds of issues though

(race conditions, UAFs, OOB writes etc in various drivers / subsystems)

[USN-6096-1] Linux kernel vulnerabilities (03:34)

25 CVEs addressed in Jammy (22.04 LTS), Kinetic (22.10)

CVE-2023-1118

CVE-2023-32269

CVE-2023-26544

CVE-2023-23455

CVE-2023-23454

CVE-2023-2162

CVE-2023-21106

CVE-2023-21102

CVE-2023-1652

CVE-2023-1513

CVE-2023-1078

CVE-2023-1075

CVE-2023-1074

CVE-2023-1073

CVE-2023-0459

CVE-2023-0458

CVE-2023-0394

CVE-2023-0210

CVE-2022-48424

CVE-2022-48423

CVE-2022-4842

CVE-2022-4129

CVE-2022-3707

CVE-2022-36280

CVE-2022-27672

22.10 GCP, 22.04 HWE

Same as above

[USN-6092-1] Linux kernel (Azure) vulnerabilities (03:45)

5 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)

CVE-2023-1118

CVE-2023-32269

CVE-2023-2162

CVE-2023-1513

CVE-2023-0459

4.15 Azure on both 18.04, 16.04 ESM + 14.04 ESM

[USN-6093-1] Linux kernel (BlueField) vulnerabilities (03:54)

9 CVEs addressed in Focal (20.04 LTS)

CVE-2023-26545

CVE-2023-1074

CVE-2023-1073

CVE-2023-0458

CVE-2022-4129

CVE-2022-3903

CVE-2022-3108

CVE-2023-1281

CVE-2023-1829

5.4

NVIDIA BlueField platform

[USN-6094-1] Linux kernel vulnerabilities (04:02)

8 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2023-1118

CVE-2023-32269

CVE-2023-2162

CVE-2023-1513

CVE-2023-1078

CVE-2023-1075

CVE-2023-0459

CVE-2022-3707

5.4 20.04 / 18.04 HWE on all generic, Azure, GKE, IBM, OEM, AWS, KVM, Low

latency etc

[USN-6095-1] Linux kernel vulnerabilities (04:29)

5 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS)

CVE-2023-1118

CVE-2023-32269

CVE-2023-2162

CVE-2023-1513

CVE-2023-0459

4.15 18.04 snapdragon + raspi2; 16.04 HWE etc

[USN-6050-2] Git vulnerabilities (04:50)

2 CVEs addressed in Xenial ESM (16.04 ESM)

CVE-2023-29007

CVE-2023-25652

RCE via a crafted .gitmodules file with submodule URLs longer than 1024

chars - could inject arbitrary config into the users git config - eg. could

configure the pager or editor etc to run some arbitrary command

Local file overwrite via crafted input to git apply --reject

[USN-6088-1] runC vulnerabilities (05:39)

3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)

CVE-2023-28642

CVE-2023-27561

CVE-2023-25809

Vuln where the cgroup hierarchy of the host may be exposed within the

container and be writable - could possibly use this to privesc

Regression from a previous vuln fix in CVE-2019-19921 (see [USN-4297-1] runC vulnerabilities in Episode 66)

Possible to bypass AppArmor (or SELinux) restrictions on runc if a container

[USN-6088-2] runC vulnerabilities (06:26)

6 CVEs addressed in Xenial ESM (16.04 ESM)

CVE-2023-28642

CVE-2023-27561

CVE-2023-25809

CVE-2022-29162

CVE-2021-43784

CVE-2019-19921

[USN-6086-1] minimatch vulnerability (06:31)

1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2022-3517

ReDoS against nodejs package

[USN-6087-1] Ruby vulnerabilities (06:39)

2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2023-28756

CVE-2023-28755

Speaking of ReDoS - two in ruby - mentioned previously in

[USN-6055-2] Ruby regression Episode 194 - has been

fixed properly now without introducing the previous regression

[USN-5900-2] tar vulnerability (07:03)

1 CVEs addressed in Lunar (23.04)

CVE-2022-48303

[USN-5900-1] tar vulnerability from Episode 189

[USN-5996-2] Libloius vulnerabilities (07:17)

3 CVEs addressed in Lunar (23.04)

CVE-2023-26769

CVE-2023-26768

CVE-2023-26767

Braille translation library

3 different buffer overflows

[USN-6099-1] ncurses vulnerabilities (07:27)

5 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)

CVE-2023-29491

CVE-2022-29458

CVE-2021-39537

CVE-2019-17595

CVE-2019-17594

Most interesting vuln here was possible memory corruption via malformed

terminfo database which can be set via TERMINFO of though ~/.terminfo - will

get used by a setuid binary as well - turns out though that ncurses has a

build-time configuration option to disable the use of custom terminfo/termcap

when running - fixed this by enabling that

[USN-6073-6, USN-6073-7, USN-6073-8, USN-6073-9] Cinder, Glance store, Nova, os-brick regressions (08:34)

Affecting Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)

[USN-6073-1, USN-6073-2, USN-6073-3, USN-6073-4] Cinder, Glance Store, Nova, os-brick vulnerability from Episode 195

[USN-5725-2] Go vulnerability (08:50)

1 CVEs addressed in Xenial ESM (16.04 ESM)

CVE-2020-16845

[USN-6042-2] Cloud-init regression (08:55)

Affecting Focal (20.04 LTS)

Published an update to cloud-init a few weeks ago - this was due to a vuln

where credentials may get accidentally logged to the cloud-init log file -

this was a newer version of cloud-init and it relied on a feature in the

netplan package that was not published to the security pocket - easy fix would

be to publish this version of netplan to -security but this is not in the

spirit of the pocket - so instead cloud-init was updated to include a fallback

to ensure routes were appropriately retained

[USN-6098-1] Jhead vulnerabilities (09:48)

8 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2021-28278

CVE-2021-28276

CVE-2020-26208

CVE-2020-6625

CVE-2020-6624

CVE-2019-1010302

CVE-2019-1010301

CVE-2019-19035

EXIF JPEG header manipulation tool written in C

Heap buffer overflows, NULL ptr derefs, OOB reads etc

[USN-6102-1] xmldom vulnerabilities (10:12)

3 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)

CVE-2022-39353

CVE-2022-37616

CVE-2021-21366

NodeJS javascript DOMParser and XMLSerializer

Logic error where failed to preserve identifiers or namespaces when parsing

malicious documents

Prototype pollution

Parses documents with multiple top-level elements and combines all their

elements

[USN-6101-1] GNU binutils vulnerabilities (10:50)

6 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)

CVE-2023-25588

CVE-2023-25586

CVE-2023-25585

CVE-2023-25584

CVE-2023-1972

CVE-2023-1579

Assembler, linker and other utils for handling binary files

Generally not expected to be fed untrusted input, but notheless

various buffer overflows (read and write) - DoS / RCE

[USN-6074-3] Firefox regressions (11:38)

11 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2023-32209

CVE-2023-32208

CVE-2023-32206

CVE-2023-32216

CVE-2023-32215

CVE-2023-32213

CVE-2023-32212

CVE-2023-32211

CVE-2023-32210

CVE-2023-32207

CVE-2023-32205

113.0.2

[USN-6103-1] JSON Schema vulnerability (11:50)

1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2021-3918

NodeJS package for JSON document manipulation - prototype pollution vuln

[USN-5967-1] object-path vulnerabilities from Episode 192

Goings on in Ubuntu Security Community

Security related announcements from PyPI (12:21)

Removing PGP from PyPI

will no longer support new PGP signatures for PyPI packages in response to a

recent public blog post detailing an audit of the PGP ecosystem with PyPI

most devs not uploading PGP signatures and of those that were, 30% were

not available on major public keyservers and of those that were nearly

half were not able to be meaningfully verified - some had expired,

others had no binding signature to be able to verify them

PyPI was subpoenaed

Ordered by DOJ to provide details on 5 PyPI usernames, including names,

addresses, connection records, payment details, which packages and IP logs

etc

Provided these details after consulting with their lawyers

Includes the specific attributes which were provided including the database

queries used to lookup those records

likely in response to recent security issues like typosquatting of popular

packages with credential stealers and other malware embedded - over the past

weekend, account sign-up and package uploads were blocked due to an

overwhelming large number of malicious users and projects being created

which the admins could not keep up with

Securing PyPI accounts via Two-Factor Authentication

Every account that maintains a project / organisation will be required to

enable 2FA by the end of this year

supports both TOTP and WebAuthN

Already announced this for most critical projects last year where they gave

away Google Titan security keys to those projects and mandated them to use

2FA

LSS NA 2023 (16:11)

Attended by John Johansen and Mark Esler from the Ubuntu Security Team

John presented in the LSM Maintainers Panel with Mickaël Salaün, Casey

Schaufler, Mimi Zohar & moderated by Paul Moore

All presentations now online: https://www.youtube.com/playlist?list=PLbzoR-pLrL6q4vmwFP7-ZZ1LJc5mA3Hqu

Lots of interesting bits like:

systemd and TPM2

Verifiable End to End Secure OCI Native Machines

Progress on Bounds Checking in C and the Linux Kernel

for more great content with Kees check out Seth and John talk Linux Kernel Security with Kees Cook from Episode 145

Building the Largest Working Set of Apparmor Profiles

Controlling Script Execution

Announcement of 18.04 LTS going into ESM on 31 May 2023 (18:55)

https://lists.ubuntu.com/archives/ubuntu-security-announce/2023-May/007371.html

18.04 LTS released on 26 April 2018

https://canonical.com/blog/18-04-end-of-standard-support

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@[email protected], @ubuntu_sec on twitter

...more

Share Episode 196

Sign up to save your podcasts

Episode 196

Episode 196