May 24, 2024

Episode 228

15 minutes

Overview

The team is back from Madrid and this week we bring you some of our plans for

the upcoming Ubuntu 24.10 release, plus we talk about Google’s kernelCTF project

and Mozilla’s PDF.js sandbox when covering security updates for the Linux

kernel, Firefox, Spreadsheet::ParseExcel, idna and more.

This week in Ubuntu Security Updates

121 unique CVEs addressed

[USN-6766-2] Linux kernel vulnerabilities (01:07)

92 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)

CVE-2024-26697

CVE-2023-52489

CVE-2024-26644

CVE-2024-26702

CVE-2023-52492

CVE-2023-52616

CVE-2024-26808

CVE-2024-26920

CVE-2023-52494

CVE-2024-26698

CVE-2024-26695

CVE-2023-52635

CVE-2024-26707

CVE-2024-26715

CVE-2023-52597

CVE-2023-52435

CVE-2024-26668

CVE-2023-52598

CVE-2024-26593

CVE-2023-52643

CVE-2024-26717

CVE-2023-52604

CVE-2024-26602

CVE-2024-26664

CVE-2023-52491

CVE-2024-26635

CVE-2024-26640

CVE-2024-26696

CVE-2024-26627

CVE-2023-52623

CVE-2024-26641

CVE-2024-26829

CVE-2024-26679

CVE-2024-26600

CVE-2024-26916

CVE-2024-26606

CVE-2023-52614

CVE-2024-26675

CVE-2024-26712

CVE-2023-52587

CVE-2023-52642

CVE-2024-26636

CVE-2023-52615

CVE-2024-26615

CVE-2024-26722

CVE-2023-52608

CVE-2023-52607

CVE-2023-52631

CVE-2023-52486

CVE-2024-26645

CVE-2023-52617

CVE-2024-26660

CVE-2023-52595

CVE-2023-52599

CVE-2024-26592

CVE-2024-26610

CVE-2024-26608

CVE-2024-26704

CVE-2024-26671

CVE-2024-26676

CVE-2023-52583

CVE-2024-26689

CVE-2024-26910

CVE-2023-52619

CVE-2023-52498

CVE-2023-52638

CVE-2024-26685

CVE-2024-26673

CVE-2023-52602

CVE-2023-52627

CVE-2024-26614

CVE-2024-26720

CVE-2024-26625

CVE-2024-26594

CVE-2023-52606

CVE-2024-26825

CVE-2023-52637

CVE-2023-52588

CVE-2023-52618

CVE-2024-26663

CVE-2024-26684

CVE-2023-52633

CVE-2023-52493

CVE-2024-26665

CVE-2023-52622

CVE-2024-26826

CVE-2023-52601

CVE-2023-52594

CVE-2024-23849

CVE-2024-2201

CVE-2022-0001

CVE-2024-1151

5.15 - raspi kernel on 22.04 and OEM or optional HWE on 20.04

Linux kernel CNA has been quite busy assigning both historical and recent CVEs against the kernel

As discussed previously Linux kernel becomes a CNA from Episode 219 Follow up

to Linux kernel CNA from Episode 220, the impact of these CVEs is often not

apparent so it makes it quite hard to assign a proper priority - even the

kernel CNA themselves are not assigning a CVSS score - so for now we have

little information which we can glean for each of these

As such, the USNs contain quite little detail and are very generic - and for

each we will be assigning just a medium priority unless we have some good

evidence otherwise

One example here is CVE-2024-26808 - UAF in netfilter - was reported via

Google’s kernelCTF (not to be confused with their kCTF which is their

kubernetes-based CTF hosting platform - but which also has a vulnerabilities

reward program (VRP)) - kernelCTF - program to offer rewards for exploits

against the kernel - but not just any exploits - can’t use io_uring or

nftables since they were disabled in their target kernel configuration due to

high number of historical vulns in both subsystems

base reward of $21k, $10k bonus if is reliable more than 90% of the time,

additional $20k bonus if works without using unprivileged user namespaces,

and a final additional $20k bonus if it is 0-day (ie not patched in the

mainline tree and not disclosed anywhere - including via syzkaller)

So in this case, we rated this CVE with a high priority since it is known

exploitable

can see it listed in their public spreadsheet

[USN-6766-3] Linux kernel (AWS) vulnerabilities (04:48)

92 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)

CVE-2024-26697

CVE-2023-52489

CVE-2024-26644

CVE-2024-26702

CVE-2023-52492

CVE-2023-52616

CVE-2024-26808

CVE-2024-26920

CVE-2023-52494

CVE-2024-26698

CVE-2024-26695

CVE-2023-52635

CVE-2024-26707

CVE-2024-26715

CVE-2023-52597

CVE-2023-52435

CVE-2024-26668

CVE-2023-52598

CVE-2024-26593

CVE-2023-52643

CVE-2024-26717

CVE-2023-52604

CVE-2024-26602

CVE-2024-26664

CVE-2023-52491

CVE-2024-26635

CVE-2024-26640

CVE-2024-26696

CVE-2024-26627

CVE-2023-52623

CVE-2024-26641

CVE-2024-26829

CVE-2024-26679

CVE-2024-26600

CVE-2024-26916

CVE-2024-26606

CVE-2023-52614

CVE-2024-26675

CVE-2024-26712

CVE-2023-52587

CVE-2023-52642

CVE-2024-26636

CVE-2023-52615

CVE-2024-26615

CVE-2024-26722

CVE-2023-52608

CVE-2023-52607

CVE-2023-52631

CVE-2023-52486

CVE-2024-26645

CVE-2023-52617

CVE-2024-26660

CVE-2023-52595

CVE-2023-52599

CVE-2024-26592

CVE-2024-26610

CVE-2024-26608

CVE-2024-26704

CVE-2024-26671

CVE-2024-26676

CVE-2023-52583

CVE-2024-26689

CVE-2024-26910

CVE-2023-52619

CVE-2023-52498

CVE-2023-52638

CVE-2024-26685

CVE-2024-26673

CVE-2023-52602

CVE-2023-52627

CVE-2024-26614

CVE-2024-26720

CVE-2024-26625

CVE-2024-26594

CVE-2023-52606

CVE-2024-26825

CVE-2023-52637

CVE-2023-52588

CVE-2023-52618

CVE-2024-26663

CVE-2024-26684

CVE-2023-52633

CVE-2023-52493

CVE-2024-26665

CVE-2023-52622

CVE-2024-26826

CVE-2023-52601

CVE-2023-52594

CVE-2024-23849

CVE-2024-2201

CVE-2022-0001

CVE-2024-1151

5.15 - AWS on both 22.04 and 20.04

[USN-6774-1] Linux kernel vulnerabilities (05:01)

13 CVEs addressed in Jammy (22.04 LTS), Mantic (23.10)

CVE-2024-26801

CVE-2023-52601

CVE-2024-26622

CVE-2024-26635

CVE-2023-52602

CVE-2024-26614

CVE-2023-52604

CVE-2024-26805

CVE-2023-52615

CVE-2024-26704

CVE-2024-2201

CVE-2022-0001

CVE-2023-47233

6.5 - all on 23.10, HWE (all) on 22.04

[USN-6775-1] Linux kernel vulnerabilities

3 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)

CVE-2023-52530

CVE-2024-26622

CVE-2023-47233

5.15 all on 22.04, HWE (all) on 20.04

[USN-6775-2] Linux kernel vulnerabilities

3 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)

CVE-2023-52530

CVE-2024-26622

CVE-2023-47233

5.15 AWS/GKE

[USN-6776-1] Linux kernel vulnerabilities

4 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS)

CVE-2024-26622

CVE-2023-52530

CVE-2024-26614

CVE-2023-47233

5.4 all on 20.04, HWE (all) on 18.04

[USN-6777-1] Linux kernel vulnerabilities

17 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM)

CVE-2023-52583

CVE-2024-26801

CVE-2024-26805

CVE-2024-26735

CVE-2024-26622

CVE-2021-46981

CVE-2023-52566

CVE-2023-52604

CVE-2024-26704

CVE-2024-26614

CVE-2023-52602

CVE-2024-26635

CVE-2023-52439

CVE-2023-52601

CVE-2023-52530

CVE-2023-52524

CVE-2023-47233

4.15 - all on 18.04, HWE (all) on 16.04

[USN-6777-2] Linux kernel (Azure) vulnerabilities

17 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)

CVE-2023-52583

CVE-2024-26801

CVE-2024-26805

CVE-2024-26735

CVE-2024-26622

CVE-2021-46981

CVE-2023-52566

CVE-2023-52604

CVE-2024-26704

CVE-2024-26614

CVE-2023-52602

CVE-2024-26635

CVE-2023-52439

CVE-2023-52601

CVE-2023-52530

CVE-2023-52524

CVE-2023-47233

4.15 - azure

[USN-6777-3] Linux kernel (GCP) vulnerabilities

17 CVEs addressed in Xenial ESM (16.04 ESM)

CVE-2023-52583

CVE-2024-26801

CVE-2024-26805

CVE-2024-26735

CVE-2024-26622

CVE-2021-46981

CVE-2023-52566

CVE-2023-52604

CVE-2024-26704

CVE-2024-26614

CVE-2023-52602

CVE-2024-26635

CVE-2023-52439

CVE-2023-52601

CVE-2023-52530

CVE-2023-52524

CVE-2023-47233

[USN-6778-1] Linux kernel vulnerabilities

14 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)

CVE-2023-52524

CVE-2023-52530

CVE-2023-52604

CVE-2024-26614

CVE-2021-46939

CVE-2024-26704

CVE-2023-52566

CVE-2024-26801

CVE-2023-52602

CVE-2024-26635

CVE-2024-26805

CVE-2024-26622

CVE-2023-52601

CVE-2023-47233

4.4 - all on 16.04, HWE on 14.04

[USN-6773-1] .NET vulnerabilities (05:34)

2 CVEs addressed in Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)

CVE-2024-30046

CVE-2024-30045

dotnet 7 and 8

[USN-6779-1] Firefox vulnerabilities (05:54)

14 CVEs addressed in Focal (20.04 LTS)

CVE-2024-4770

CVE-2024-4367

CVE-2024-4764

CVE-2024-4778

CVE-2024-4777

CVE-2024-4776

CVE-2024-4775

CVE-2024-4774

CVE-2024-4773

CVE-2024-4772

CVE-2024-4771

CVE-2024-4769

CVE-2024-4768

CVE-2024-4767

126.0

UAF due to multiple WebRTC threads trying to use an audio input device if it

was just added

type confusion bug in handling of missing fonts -> arbitrary JS execution via

PDF.js (this is in the context of PDF.js which uses the quickjs JS engine

inside the standard ComponentUtils.Sandbox implementation - which is the same

sandbox used to execute JS from websites etc in firefox) - unrelated to this

vuln but PDFs can contain JavaScript (e.g. in a form, to calculate values

based on user input)

also PDF.js doesn’t implement the PDF APIs related to network or disk etc to

avoid possible security issues

[USN-6782-1] Thunderbird vulnerabilities (07:29)

6 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10)

CVE-2024-4770

CVE-2024-4367

CVE-2024-4777

CVE-2024-4769

CVE-2024-4768

CVE-2024-4767

115.11.0

same PDF.js issues and others as above from Firefox

[USN-6781-1] Spreadsheet::ParseExcel vulnerability (07:51)

1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS)

CVE-2023-7101

RCE vuln via the use of eval() on untrusted user input - high profile,

disclosed by Mandiant - high profile since it affected Barracuda email gateway

devices and was publicly reported as being exploited against these by a

Chinese APT group

[USN-6780-1] idna vulnerability (08:59)

1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)

CVE-2024-3651

Python module for handling internationalised domain names (RFC 5895)

CPU-based DoS due to inefficient algorithm when encoding a domain name

Goings on in Ubuntu Security Community

Ubuntu Security Plans for 24.10 Development Cycle (09:33)

Progressing the FIPS certification for 24.04 though NIST

Implementation of OpenVEX and OSV data formats for machine readable vulnerability information

Historically have generated OVAL data for this purpose

XML-based format, existed for over 20 years

more recently, OpenVEX and OSV have appeared which also serve the same

purpose and have a more vibrant community around them

Similarly, next version of the SPDX format will also support vulnerability

descriptions too

Finally, given the recent announcement that

CIS has

relinquished the role in sponsoring OVAL project and there doesn’t appear

to be any other sponsor on the horizon, thought it was prudent to develop a

“second-supplier” approach given this uncertain future for OVAL upstream

likely will have more to say on this in the future

Improvements to the process the team uses for working with the snap store and doing reviews etc

AppArmor profile development across the 24.10 release

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@[email protected], @ubuntu_sec on twitter

...more

View all episodes

By Ubuntu Security Team

4.8

1010 ratings

May 24, 2024

Episode 228

15 minutes

Overview

The team is back from Madrid and this week we bring you some of our plans for

the upcoming Ubuntu 24.10 release, plus we talk about Google’s kernelCTF project

and Mozilla’s PDF.js sandbox when covering security updates for the Linux

kernel, Firefox, Spreadsheet::ParseExcel, idna and more.

This week in Ubuntu Security Updates

121 unique CVEs addressed

[USN-6766-2] Linux kernel vulnerabilities (01:07)

92 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)

CVE-2024-26697

CVE-2023-52489

CVE-2024-26644

CVE-2024-26702

CVE-2023-52492

CVE-2023-52616

CVE-2024-26808

CVE-2024-26920

CVE-2023-52494

CVE-2024-26698

CVE-2024-26695

CVE-2023-52635

CVE-2024-26707

CVE-2024-26715

CVE-2023-52597

CVE-2023-52435

CVE-2024-26668

CVE-2023-52598

CVE-2024-26593

CVE-2023-52643

CVE-2024-26717

CVE-2023-52604

CVE-2024-26602

CVE-2024-26664

CVE-2023-52491

CVE-2024-26635

CVE-2024-26640

CVE-2024-26696

CVE-2024-26627

CVE-2023-52623

CVE-2024-26641

CVE-2024-26829

CVE-2024-26679

CVE-2024-26600

CVE-2024-26916

CVE-2024-26606

CVE-2023-52614

CVE-2024-26675

CVE-2024-26712

CVE-2023-52587

CVE-2023-52642

CVE-2024-26636

CVE-2023-52615

CVE-2024-26615

CVE-2024-26722

CVE-2023-52608

CVE-2023-52607

CVE-2023-52631

CVE-2023-52486

CVE-2024-26645

CVE-2023-52617

CVE-2024-26660

CVE-2023-52595

CVE-2023-52599

CVE-2024-26592

CVE-2024-26610

CVE-2024-26608

CVE-2024-26704

CVE-2024-26671

CVE-2024-26676

CVE-2023-52583

CVE-2024-26689

CVE-2024-26910

CVE-2023-52619

CVE-2023-52498

CVE-2023-52638

CVE-2024-26685

CVE-2024-26673

CVE-2023-52602

CVE-2023-52627

CVE-2024-26614

CVE-2024-26720

CVE-2024-26625

CVE-2024-26594

CVE-2023-52606

CVE-2024-26825

CVE-2023-52637

CVE-2023-52588

CVE-2023-52618

CVE-2024-26663

CVE-2024-26684

CVE-2023-52633

CVE-2023-52493

CVE-2024-26665

CVE-2023-52622

CVE-2024-26826

CVE-2023-52601

CVE-2023-52594

CVE-2024-23849

CVE-2024-2201

CVE-2022-0001

CVE-2024-1151

5.15 - raspi kernel on 22.04 and OEM or optional HWE on 20.04

Linux kernel CNA has been quite busy assigning both historical and recent CVEs against the kernel

As discussed previously Linux kernel becomes a CNA from Episode 219 Follow up

to Linux kernel CNA from Episode 220, the impact of these CVEs is often not

apparent so it makes it quite hard to assign a proper priority - even the

kernel CNA themselves are not assigning a CVSS score - so for now we have

little information which we can glean for each of these

As such, the USNs contain quite little detail and are very generic - and for

each we will be assigning just a medium priority unless we have some good

evidence otherwise

One example here is CVE-2024-26808 - UAF in netfilter - was reported via

Google’s kernelCTF (not to be confused with their kCTF which is their

kubernetes-based CTF hosting platform - but which also has a vulnerabilities

reward program (VRP)) - kernelCTF - program to offer rewards for exploits

against the kernel - but not just any exploits - can’t use io_uring or

nftables since they were disabled in their target kernel configuration due to

high number of historical vulns in both subsystems

base reward of $21k, $10k bonus if is reliable more than 90% of the time,

additional $20k bonus if works without using unprivileged user namespaces,

and a final additional $20k bonus if it is 0-day (ie not patched in the

mainline tree and not disclosed anywhere - including via syzkaller)

So in this case, we rated this CVE with a high priority since it is known

exploitable

can see it listed in their public spreadsheet

[USN-6766-3] Linux kernel (AWS) vulnerabilities (04:48)

92 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)

CVE-2024-26697

CVE-2023-52489

CVE-2024-26644

CVE-2024-26702

CVE-2023-52492

CVE-2023-52616

CVE-2024-26808

CVE-2024-26920

CVE-2023-52494

CVE-2024-26698

CVE-2024-26695

CVE-2023-52635

CVE-2024-26707

CVE-2024-26715

CVE-2023-52597

CVE-2023-52435

CVE-2024-26668

CVE-2023-52598

CVE-2024-26593

CVE-2023-52643

CVE-2024-26717

CVE-2023-52604

CVE-2024-26602

CVE-2024-26664

CVE-2023-52491

CVE-2024-26635

CVE-2024-26640

CVE-2024-26696

CVE-2024-26627

CVE-2023-52623

CVE-2024-26641

CVE-2024-26829

CVE-2024-26679

CVE-2024-26600

CVE-2024-26916

CVE-2024-26606

CVE-2023-52614

CVE-2024-26675

CVE-2024-26712

CVE-2023-52587

CVE-2023-52642

CVE-2024-26636

CVE-2023-52615

CVE-2024-26615

CVE-2024-26722

CVE-2023-52608

CVE-2023-52607

CVE-2023-52631

CVE-2023-52486

CVE-2024-26645

CVE-2023-52617

CVE-2024-26660

CVE-2023-52595

CVE-2023-52599

CVE-2024-26592

CVE-2024-26610

CVE-2024-26608

CVE-2024-26704

CVE-2024-26671

CVE-2024-26676

CVE-2023-52583

CVE-2024-26689

CVE-2024-26910

CVE-2023-52619

CVE-2023-52498

CVE-2023-52638

CVE-2024-26685

CVE-2024-26673

CVE-2023-52602

CVE-2023-52627

CVE-2024-26614

CVE-2024-26720

CVE-2024-26625

CVE-2024-26594

CVE-2023-52606

CVE-2024-26825

CVE-2023-52637

CVE-2023-52588

CVE-2023-52618

CVE-2024-26663

CVE-2024-26684

CVE-2023-52633

CVE-2023-52493

CVE-2024-26665

CVE-2023-52622

CVE-2024-26826

CVE-2023-52601

CVE-2023-52594

CVE-2024-23849

CVE-2024-2201

CVE-2022-0001

CVE-2024-1151

5.15 - AWS on both 22.04 and 20.04

[USN-6774-1] Linux kernel vulnerabilities (05:01)

13 CVEs addressed in Jammy (22.04 LTS), Mantic (23.10)

CVE-2024-26801

CVE-2023-52601

CVE-2024-26622

CVE-2024-26635

CVE-2023-52602

CVE-2024-26614

CVE-2023-52604

CVE-2024-26805

CVE-2023-52615

CVE-2024-26704

CVE-2024-2201

CVE-2022-0001

CVE-2023-47233

6.5 - all on 23.10, HWE (all) on 22.04

[USN-6775-1] Linux kernel vulnerabilities

3 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)

CVE-2023-52530

CVE-2024-26622

CVE-2023-47233

5.15 all on 22.04, HWE (all) on 20.04

[USN-6775-2] Linux kernel vulnerabilities

3 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)

CVE-2023-52530

CVE-2024-26622

CVE-2023-47233

5.15 AWS/GKE

[USN-6776-1] Linux kernel vulnerabilities

4 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS)

CVE-2024-26622

CVE-2023-52530

CVE-2024-26614

CVE-2023-47233

5.4 all on 20.04, HWE (all) on 18.04

[USN-6777-1] Linux kernel vulnerabilities

17 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM)

CVE-2023-52583

CVE-2024-26801

CVE-2024-26805

CVE-2024-26735

CVE-2024-26622

CVE-2021-46981

CVE-2023-52566

CVE-2023-52604

CVE-2024-26704

CVE-2024-26614

CVE-2023-52602

CVE-2024-26635

CVE-2023-52439

CVE-2023-52601

CVE-2023-52530

CVE-2023-52524

CVE-2023-47233

4.15 - all on 18.04, HWE (all) on 16.04

[USN-6777-2] Linux kernel (Azure) vulnerabilities

17 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)

CVE-2023-52583

CVE-2024-26801

CVE-2024-26805

CVE-2024-26735

CVE-2024-26622

CVE-2021-46981

CVE-2023-52566

CVE-2023-52604

CVE-2024-26704

CVE-2024-26614

CVE-2023-52602

CVE-2024-26635

CVE-2023-52439

CVE-2023-52601

CVE-2023-52530

CVE-2023-52524

CVE-2023-47233

4.15 - azure

[USN-6777-3] Linux kernel (GCP) vulnerabilities

17 CVEs addressed in Xenial ESM (16.04 ESM)

CVE-2023-52583

CVE-2024-26801

CVE-2024-26805

CVE-2024-26735

CVE-2024-26622

CVE-2021-46981

CVE-2023-52566

CVE-2023-52604

CVE-2024-26704

CVE-2024-26614

CVE-2023-52602

CVE-2024-26635

CVE-2023-52439

CVE-2023-52601

CVE-2023-52530

CVE-2023-52524

CVE-2023-47233

[USN-6778-1] Linux kernel vulnerabilities

14 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)

CVE-2023-52524

CVE-2023-52530

CVE-2023-52604

CVE-2024-26614

CVE-2021-46939

CVE-2024-26704

CVE-2023-52566

CVE-2024-26801

CVE-2023-52602

CVE-2024-26635

CVE-2024-26805

CVE-2024-26622

CVE-2023-52601

CVE-2023-47233

4.4 - all on 16.04, HWE on 14.04

[USN-6773-1] .NET vulnerabilities (05:34)

2 CVEs addressed in Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)

CVE-2024-30046

CVE-2024-30045

dotnet 7 and 8

[USN-6779-1] Firefox vulnerabilities (05:54)

14 CVEs addressed in Focal (20.04 LTS)

CVE-2024-4770

CVE-2024-4367

CVE-2024-4764

CVE-2024-4778

CVE-2024-4777

CVE-2024-4776

CVE-2024-4775

CVE-2024-4774

CVE-2024-4773

CVE-2024-4772

CVE-2024-4771

CVE-2024-4769

CVE-2024-4768

CVE-2024-4767

126.0

UAF due to multiple WebRTC threads trying to use an audio input device if it

was just added

type confusion bug in handling of missing fonts -> arbitrary JS execution via

PDF.js (this is in the context of PDF.js which uses the quickjs JS engine

inside the standard ComponentUtils.Sandbox implementation - which is the same

sandbox used to execute JS from websites etc in firefox) - unrelated to this

vuln but PDFs can contain JavaScript (e.g. in a form, to calculate values

based on user input)

also PDF.js doesn’t implement the PDF APIs related to network or disk etc to

avoid possible security issues

[USN-6782-1] Thunderbird vulnerabilities (07:29)

6 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10)

CVE-2024-4770

CVE-2024-4367

CVE-2024-4777

CVE-2024-4769

CVE-2024-4768

CVE-2024-4767

115.11.0

same PDF.js issues and others as above from Firefox

[USN-6781-1] Spreadsheet::ParseExcel vulnerability (07:51)

1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS)

CVE-2023-7101

RCE vuln via the use of eval() on untrusted user input - high profile,

disclosed by Mandiant - high profile since it affected Barracuda email gateway

devices and was publicly reported as being exploited against these by a

Chinese APT group

[USN-6780-1] idna vulnerability (08:59)

1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)

CVE-2024-3651

Python module for handling internationalised domain names (RFC 5895)

CPU-based DoS due to inefficient algorithm when encoding a domain name

Goings on in Ubuntu Security Community

Ubuntu Security Plans for 24.10 Development Cycle (09:33)

Progressing the FIPS certification for 24.04 though NIST

Implementation of OpenVEX and OSV data formats for machine readable vulnerability information

Historically have generated OVAL data for this purpose

XML-based format, existed for over 20 years

more recently, OpenVEX and OSV have appeared which also serve the same

purpose and have a more vibrant community around them

Similarly, next version of the SPDX format will also support vulnerability

descriptions too

Finally, given the recent announcement that

CIS has

relinquished the role in sponsoring OVAL project and there doesn’t appear

to be any other sponsor on the horizon, thought it was prudent to develop a

“second-supplier” approach given this uncertain future for OVAL upstream

likely will have more to say on this in the future

Improvements to the process the team uses for working with the snap store and doing reviews etc

AppArmor profile development across the 24.10 release

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@[email protected], @ubuntu_sec on twitter

...more

Share Episode 228

Sign up to save your podcasts

Episode 228

Episode 228