Sign up to save your podcasts
Or
Share Episode 37
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 37
Overview
The big new this week is SackPANIC! updates for the Linux kernel, plus we look at vulnerabilities in, and updates for, Samba, SQLite, Bind, Thunderbird and more, and we are hiring!
This week in Ubuntu Security Updates
36 unique CVEs addressed
[USN-4017-1, USN-4017-2] Linux kernel vulnerabilities
[USN-4018-1] Samba vulnerabilities
trigger NULL ptr dereference via the paged search control
[USN-4019-1, USN-4019-2] SQLite vulnerabilities
possible information disclosure), incorrect use of temporary
directories, race-condition leading to NULL pointer dereference,
integer overflow -> buffer overflow -> crash / code execution
[USN-4021-1] libvirt vulnerabilities
users - this would cause libvirt to block and cause a DoS
virt-logd UNIX domain sockets - these are created by systemd unit files
but were created as world writable - and the daemons don’t try and
authenticate the user - so anyone could use these sockets to potentially
elevate privileges - so fixed by ensuring the systemd socket definitions
specify the right mode.
[USN-4020-1] Firefox vulnerability
execution problem due to type confusion in the Javascript engine -
reports this was used to target various cryptocurrency exchanges by
delivering Windows and Mac malware to them
[USN-4024-1] Evince update
various private file directories, and to address various issues raised by
Jann Horn of GPZ - in particular limiting access to various DBus services
[USN-4026-1] Bind vulnerability
handling malformed packets
[USN-4028-1] Thunderbird vulnerabilities
potentially be exploitable to execute arbitrary code
[USN-4027-1] PostgreSQL vulnerability
set their password to a specially constructed value which when processed
by PostgreSQL would cause it to crash, or possible execute arbitrary code
in the context of the PostgreSQL server
[USN-4023-1] Mosquitto vulnerabilities
to crash the Mosquitto Broker -> DoS
sending invalid an UTF-8 topic string - which would cause other clients
which do reject invalid UTF-8 to disconnect themselves
[USN-3977-3] Intel Microcode update
mitigated by a combination of microcode and kernel updates - this
provides microcode updates for the Sandy Bridge family of Intel
processors
[USN-4030-1] web2py vulnerabilities
cookie) which could then be read by an attacker since it also made
session cookie accessible via an API endpoint
also allow attackers to do RCE as they could easily interpose on the
session
exposed host info and so remote attackers could then possibly gain
admin access
denied hosts from repeatedly trying
Goings on in Ubuntu Security Community
Alex and Joe talk about the SACK Panic issues discovered by Netflix
Hiring
Robotics Security Engineer
Ubuntu Security Engineer
Get in contact
View all episodes
By Ubuntu Security Team
4.8
1010 ratings
Overview
The big new this week is SackPANIC! updates for the Linux kernel, plus we look at vulnerabilities in, and updates for, Samba, SQLite, Bind, Thunderbird and more, and we are hiring!
This week in Ubuntu Security Updates
36 unique CVEs addressed
[USN-4017-1, USN-4017-2] Linux kernel vulnerabilities
[USN-4018-1] Samba vulnerabilities
trigger NULL ptr dereference via the paged search control
[USN-4019-1, USN-4019-2] SQLite vulnerabilities
possible information disclosure), incorrect use of temporary
directories, race-condition leading to NULL pointer dereference,
integer overflow -> buffer overflow -> crash / code execution
[USN-4021-1] libvirt vulnerabilities
users - this would cause libvirt to block and cause a DoS
virt-logd UNIX domain sockets - these are created by systemd unit files
but were created as world writable - and the daemons don’t try and
authenticate the user - so anyone could use these sockets to potentially
elevate privileges - so fixed by ensuring the systemd socket definitions
specify the right mode.
[USN-4020-1] Firefox vulnerability
execution problem due to type confusion in the Javascript engine -
reports this was used to target various cryptocurrency exchanges by
delivering Windows and Mac malware to them
[USN-4024-1] Evince update
various private file directories, and to address various issues raised by
Jann Horn of GPZ - in particular limiting access to various DBus services
[USN-4026-1] Bind vulnerability
handling malformed packets
[USN-4028-1] Thunderbird vulnerabilities
potentially be exploitable to execute arbitrary code
[USN-4027-1] PostgreSQL vulnerability
set their password to a specially constructed value which when processed
by PostgreSQL would cause it to crash, or possible execute arbitrary code
in the context of the PostgreSQL server
[USN-4023-1] Mosquitto vulnerabilities
to crash the Mosquitto Broker -> DoS
sending invalid an UTF-8 topic string - which would cause other clients
which do reject invalid UTF-8 to disconnect themselves
[USN-3977-3] Intel Microcode update
mitigated by a combination of microcode and kernel updates - this
provides microcode updates for the Sandy Bridge family of Intel
processors
[USN-4030-1] web2py vulnerabilities
cookie) which could then be read by an attacker since it also made
session cookie accessible via an API endpoint
also allow attackers to do RCE as they could easily interpose on the
session
exposed host info and so remote attackers could then possibly gain
admin access
denied hosts from repeatedly trying
Goings on in Ubuntu Security Community
Alex and Joe talk about the SACK Panic issues discovered by Netflix
Hiring
Robotics Security Engineer
Ubuntu Security Engineer
Get in contact