Sign up to save your podcasts
Or
Share Episode 202
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 202
Overview
We take a sneak peek at the upcoming AppArmor 4.0 release, plus we cover
vulnerabilities in AccountsService, the Linux Kernel, ReportLab, GNU Screen,
containerd and more.
This week in Ubuntu Security Updates
50 unique CVEs addressed
[USN-6190-1] AccountsService vulnerability (00:47)
Github Security Lab team
create a new user etc
and locale from accountsservice to the local users ~/.pam_environment file
which is used to configure various per-user session environment variables -
this way no matter how you log in to a Ubuntu system, the locale etc that you
configured via g-c-c etc gets used
original patch - so an unprivileged user could trigger this and crash the
accounts-daemon which runs as root
[USN-6191-1] Linux kernel regression (02:44)
[USN-6192-1] Linux kernel vulnerabilities (03:10)
control filter - allows to define a “flow” by a set of key/value pairs
(ie. src MAC address, port number or various other types) - could be leveraged
for DoS or potential code execution - PoC posted publicly but even then was
stated that it doesn’t even crash the kernel, however gdb can be used to
detect the OOB write
this to trigger a deadlock and hence a DoS
the wake of Meltdown, to minimise the cost of flushing page table on every
entry/exit to/from kernel space, PCIDs are a hardware feature that was
introduced in more recent Intel processors to try and minimise this cost by
only flushing on exit back to userspace - this is done by issuing the INVLPG
instruction - but it was found that on certain hardware platforms this did not
actually flush the global TLB contrary to expectation - and so could leak
kernel memory back to userspace
[USN-6193-1] Linux kernel vulnerabilities
[USN-6194-1] Linux kernel (OEM) vulnerabilities (06:04)
leak
[USN-6195-1] Vim vulnerabilities (06:26)
dereference etc.
[USN-6196-1] ReportLab vulnerability (06:47)
(see [USN-4273-1] ReportLab vulnerability in Episode 62)
directly on value obtained from an XML document
eval() without having to remove this functionality - new update disables this
by default and instead only allows a much limited subset of colors to be
parsed
[USN-6197-1] OpenLDAP vulnerability (08:48)
during various string handling operations - unlikely to be able to be
triggered easily (would first need a memory leak bug or similar…)
[USN-6198-1] GNU Screen vulnerability (09:25)
killed from another session - but would fail to check if the specified PID was
actually owned by the calling user - so if screen was setuid, would allow a
local user to send a SIGHUP to any other process on the system
[USN-6199-1] PHP vulnerability (10:35)
wouldn’t actually check the return value from the call to generate random data
for the nonce - as such, the nonce would be whatever was previously in the
stack memory - so could leak info from the stack, or this could be say all
zeros which would defeat the purpose of the nonce
[USN-6200-1] ImageMagick vulnerabilities (11:27)
up every 10 episodes or so)
2020
available via Ubuntu Pro
[USN-6201-1] Firefox vulnerabilities (12:27)
cookie storage protections, possible spoofing attack via fullscreen
notifications and others
[USN-6202-1] containerd vulnerabilities (13:09)
file - would try and read the whole JSON file into memory - could cause
containerd to crash by running out of memory - limited to 20MBs
[USN-6203-1] Django vulnerability (13:55)
strings - fixed by rejecting anything longer than some hardcoded constants
(2KB for URL, 320 chars for email as per RFC x3696)
Goings on in Ubuntu Security Community
AppArmor 4.0-alpha1 in progress (14:44)
cached binary policies without the use of apparmor_parser
be root to actually load the policy into the kernel)
AppArmor kernel fixes for Linux 6.5 (20:42)
Get in contact
View all episodes
By Ubuntu Security Team
4.8
1010 ratings
Overview
We take a sneak peek at the upcoming AppArmor 4.0 release, plus we cover
vulnerabilities in AccountsService, the Linux Kernel, ReportLab, GNU Screen,
containerd and more.
This week in Ubuntu Security Updates
50 unique CVEs addressed
[USN-6190-1] AccountsService vulnerability (00:47)
Github Security Lab team
create a new user etc
and locale from accountsservice to the local users ~/.pam_environment file
which is used to configure various per-user session environment variables -
this way no matter how you log in to a Ubuntu system, the locale etc that you
configured via g-c-c etc gets used
original patch - so an unprivileged user could trigger this and crash the
accounts-daemon which runs as root
[USN-6191-1] Linux kernel regression (02:44)
[USN-6192-1] Linux kernel vulnerabilities (03:10)
control filter - allows to define a “flow” by a set of key/value pairs
(ie. src MAC address, port number or various other types) - could be leveraged
for DoS or potential code execution - PoC posted publicly but even then was
stated that it doesn’t even crash the kernel, however gdb can be used to
detect the OOB write
this to trigger a deadlock and hence a DoS
the wake of Meltdown, to minimise the cost of flushing page table on every
entry/exit to/from kernel space, PCIDs are a hardware feature that was
introduced in more recent Intel processors to try and minimise this cost by
only flushing on exit back to userspace - this is done by issuing the INVLPG
instruction - but it was found that on certain hardware platforms this did not
actually flush the global TLB contrary to expectation - and so could leak
kernel memory back to userspace
[USN-6193-1] Linux kernel vulnerabilities
[USN-6194-1] Linux kernel (OEM) vulnerabilities (06:04)
leak
[USN-6195-1] Vim vulnerabilities (06:26)
dereference etc.
[USN-6196-1] ReportLab vulnerability (06:47)
(see [USN-4273-1] ReportLab vulnerability in Episode 62)
directly on value obtained from an XML document
eval() without having to remove this functionality - new update disables this
by default and instead only allows a much limited subset of colors to be
parsed
[USN-6197-1] OpenLDAP vulnerability (08:48)
during various string handling operations - unlikely to be able to be
triggered easily (would first need a memory leak bug or similar…)
[USN-6198-1] GNU Screen vulnerability (09:25)
killed from another session - but would fail to check if the specified PID was
actually owned by the calling user - so if screen was setuid, would allow a
local user to send a SIGHUP to any other process on the system
[USN-6199-1] PHP vulnerability (10:35)
wouldn’t actually check the return value from the call to generate random data
for the nonce - as such, the nonce would be whatever was previously in the
stack memory - so could leak info from the stack, or this could be say all
zeros which would defeat the purpose of the nonce
[USN-6200-1] ImageMagick vulnerabilities (11:27)
up every 10 episodes or so)
2020
available via Ubuntu Pro
[USN-6201-1] Firefox vulnerabilities (12:27)
cookie storage protections, possible spoofing attack via fullscreen
notifications and others
[USN-6202-1] containerd vulnerabilities (13:09)
file - would try and read the whole JSON file into memory - could cause
containerd to crash by running out of memory - limited to 20MBs
[USN-6203-1] Django vulnerability (13:55)
strings - fixed by rejecting anything longer than some hardcoded constants
(2KB for URL, 320 chars for email as per RFC x3696)
Goings on in Ubuntu Security Community
AppArmor 4.0-alpha1 in progress (14:44)
cached binary policies without the use of apparmor_parser
be root to actually load the policy into the kernel)
AppArmor kernel fixes for Linux 6.5 (20:42)
Get in contact