Sign up to save your podcasts
Or
Share Episode 229
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 229
Overview
As the podcast winds down for a break over the next month, this week we talk
about RSA timing side-channel attacks and the recently announced DNSBomb
vulnerability as we cover security updates in VLC, OpenSSL, Netatalk, WebKitGTK,
amavisd-new, Unbound, Intel Microcode and more.
This week in Ubuntu Security Updates
152 unique CVEs addressed
[USN-6783-1] VLC vulnerabilities (00:54)
[USN-6663-3] OpenSSL update (01:40)
deterministic random bytes instead of an error when an incorrect padding
length is detected during PKCS#1 v1.5 RSA to avoid this being used for
possible Bleichenbacher timing attacks
[USN-6673-3] python-cryptography vulnerability (02:32)
counterpart to the OpenSSL update mentioned earlier
[USN-6736-2] klibc vulnerabilities (02:43)
[USN-6784-1] cJSON vulnerabilities (02:58)
misuse use of the APIs (like passing in purposefully corrupted values) so
unlikely to be an issue in practice
[USN-6785-1] GNOME Remote Desktop vulnerability (03:52)
user which would then return the SSL private key used to encrypt the
connection - so could allow a local user to possibly spy on the sessions of
other users remotely connected to the system
[USN-6786-1] Netatalk vulnerabilities (04:45)
combine various operations through both file-systems (like creating a crafted
symlink, which would then be followed during a second operation where a file
is renamed) to allow them to overwrite arbirary files and hence achieve
arbitrary code execution on the host
[USN-6788-1] WebKitGTK vulnerabilities (05:48)
demonstrated at Pwn2Own earlier this year by Manfred Paul - $60k
[USN-6789-1] LibreOffice vulnerability (06:28)
run arbitrary scripts without the usual prompt
[USN-6790-1] amavisd-new vulnerability (07:09)
but also can be used to do DKIM verification and integration with spamassassin
etc
possibly bypass usual checks
[USN-6791-1] Unbound vulnerability (07:46)
DNS implementations including BIND, Unbound, PowerDNS, Knot, DNSMasq and others
but could be used to generate such an attack against others - in particular
Unbound had the highest amplification factor of ~22k times - next highest was
DNSMasq at ~3k times
and discarding operations if they take longer than this to avoid the ability
to “store up” responses to be released at a later time
[USN-6793-1] Git vulnerabilities (09:31)
[USN-6792-1] Flask-Security vulnerability
[USN-6794-1] FRR vulnerabilities
[USN-6777-4] Linux kernel (HWE) vulnerabilities (09:40)
[USN-6795-1] Linux kernel (Intel IoTG) vulnerabilities (10:00)
Atom-based devices - low power x86
[USN-6779-2] Firefox regressions (10:30)
[USN-6787-1] Jinja2 vulnerability (10:48)
inject arbitrary HTML attrs/values and hence inject JS code to peform XSS
attacks etc
[USN-6797-1] Intel Microcode vulnerabilities (11:22)
Get in contact
View all episodes
By Ubuntu Security Team
4.8
1010 ratings
Overview
As the podcast winds down for a break over the next month, this week we talk
about RSA timing side-channel attacks and the recently announced DNSBomb
vulnerability as we cover security updates in VLC, OpenSSL, Netatalk, WebKitGTK,
amavisd-new, Unbound, Intel Microcode and more.
This week in Ubuntu Security Updates
152 unique CVEs addressed
[USN-6783-1] VLC vulnerabilities (00:54)
[USN-6663-3] OpenSSL update (01:40)
deterministic random bytes instead of an error when an incorrect padding
length is detected during PKCS#1 v1.5 RSA to avoid this being used for
possible Bleichenbacher timing attacks
[USN-6673-3] python-cryptography vulnerability (02:32)
counterpart to the OpenSSL update mentioned earlier
[USN-6736-2] klibc vulnerabilities (02:43)
[USN-6784-1] cJSON vulnerabilities (02:58)
misuse use of the APIs (like passing in purposefully corrupted values) so
unlikely to be an issue in practice
[USN-6785-1] GNOME Remote Desktop vulnerability (03:52)
user which would then return the SSL private key used to encrypt the
connection - so could allow a local user to possibly spy on the sessions of
other users remotely connected to the system
[USN-6786-1] Netatalk vulnerabilities (04:45)
combine various operations through both file-systems (like creating a crafted
symlink, which would then be followed during a second operation where a file
is renamed) to allow them to overwrite arbirary files and hence achieve
arbitrary code execution on the host
[USN-6788-1] WebKitGTK vulnerabilities (05:48)
demonstrated at Pwn2Own earlier this year by Manfred Paul - $60k
[USN-6789-1] LibreOffice vulnerability (06:28)
run arbitrary scripts without the usual prompt
[USN-6790-1] amavisd-new vulnerability (07:09)
but also can be used to do DKIM verification and integration with spamassassin
etc
possibly bypass usual checks
[USN-6791-1] Unbound vulnerability (07:46)
DNS implementations including BIND, Unbound, PowerDNS, Knot, DNSMasq and others
but could be used to generate such an attack against others - in particular
Unbound had the highest amplification factor of ~22k times - next highest was
DNSMasq at ~3k times
and discarding operations if they take longer than this to avoid the ability
to “store up” responses to be released at a later time
[USN-6793-1] Git vulnerabilities (09:31)
[USN-6792-1] Flask-Security vulnerability
[USN-6794-1] FRR vulnerabilities
[USN-6777-4] Linux kernel (HWE) vulnerabilities (09:40)
[USN-6795-1] Linux kernel (Intel IoTG) vulnerabilities (10:00)
Atom-based devices - low power x86
[USN-6779-2] Firefox regressions (10:30)
[USN-6787-1] Jinja2 vulnerability (10:48)
inject arbitrary HTML attrs/values and hence inject JS code to peform XSS
attacks etc
[USN-6797-1] Intel Microcode vulnerabilities (11:22)
Get in contact