Sign up to save your podcasts
Or
Share Episode 38
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 38
Overview
This week we look at the latest security updates for the Linux kernel, Firefox, ImageMagick, OpenStack and more, plus we have a special guest, the maintainer and lead developer of the AppArmor project, John Johansen, to talk about the project and some of the upcoming features.
This week in Ubuntu Security Updates
55 unique CVEs addressed
[USN-4031-1] Linux kernel vulnerability
kernel - so only affects Cosmic/Disco or Bionic when using the HWE kernel
memory
Power5/6/7/8/9
unless have explicitly disabled this via the kernel command-line
explicitly configured to use the HPT MMU
affected as they always use HPT MMU
mapping so can just read/write to the mappings above 512TB
context-id and so could then read/write also
to be running applications which allocate above 512TB so whilst is high
impact, low probability of being at risk
[USN-4032-1] Firefox vulnerability
to send a Prompt:Open message to the parent which would then process
web-content on behalf of the child
leveraging another vulnerability such as the one discussed last week for
Firefox) for arbitrary code execution
[USN-4033-1] libmysofa vulnerability
gstreamer, ffmpeg, smplayer, blender etc
code-execution
[USN-4034-1] ImageMagick vulnerabilities
(DoS) but might be possible to also get RCE
formats (since these are handle by GhostScript which has a long history
of security issues itself) - Cosmic + Disco
[USN-4035-1] Ceph vulnerabilities
read-only permissions - fixed to ensure need an explicit permission to
read keys
information for v4 auth -so encryption keys would be output in
plaintext to debug logs
there are many instances of other sensitive info being logged there
as well
could create connections to a RADOS gateway to exhaust file descriptors
for the gateway service causing it to run out and fail to create new
connections
[USN-4036-1] OpenStack Neutron vulnerability
driver using a particular underlying technology
a protocol was specified along with a port but the protocol doesn’t
support ports - like VRRP) then it would error out and not apply further
rules from the security group
support them
[USN-4037-1] policykit-desktop-privileges update
admin/sudo group) to overwrite disks (ie create bootable USB images)
without prompting for authentication
[USN-4038-1, USN-4038-2] bzip2 vulnerabilities
RCE
lbzip2 utility since it would use an invalid number of selectors -
upstream still pondering how to fix this
[USN-4040-1, USN-4040-2] Expat vulnerability
namespace prefix)
[USN-4042-1] poppler vulnerabilities
allocated buffer - crash, DoS or possible RCE via heap metadata or
object corruption
[USN-4041-1, USN-4041-2] Linux kernel update
usually hard-coded to 48) - so can be increased to avoid this DoS issue
Goings on in Ubuntu Security Community
AppArmor interview with John Johansen
Hiring
Robotics Security Engineer
Ubuntu Security Engineer
Get in contact
View all episodes
By Ubuntu Security Team
4.8
1010 ratings
Overview
This week we look at the latest security updates for the Linux kernel, Firefox, ImageMagick, OpenStack and more, plus we have a special guest, the maintainer and lead developer of the AppArmor project, John Johansen, to talk about the project and some of the upcoming features.
This week in Ubuntu Security Updates
55 unique CVEs addressed
[USN-4031-1] Linux kernel vulnerability
kernel - so only affects Cosmic/Disco or Bionic when using the HWE kernel
memory
Power5/6/7/8/9
unless have explicitly disabled this via the kernel command-line
explicitly configured to use the HPT MMU
affected as they always use HPT MMU
mapping so can just read/write to the mappings above 512TB
context-id and so could then read/write also
to be running applications which allocate above 512TB so whilst is high
impact, low probability of being at risk
[USN-4032-1] Firefox vulnerability
to send a Prompt:Open message to the parent which would then process
web-content on behalf of the child
leveraging another vulnerability such as the one discussed last week for
Firefox) for arbitrary code execution
[USN-4033-1] libmysofa vulnerability
gstreamer, ffmpeg, smplayer, blender etc
code-execution
[USN-4034-1] ImageMagick vulnerabilities
(DoS) but might be possible to also get RCE
formats (since these are handle by GhostScript which has a long history
of security issues itself) - Cosmic + Disco
[USN-4035-1] Ceph vulnerabilities
read-only permissions - fixed to ensure need an explicit permission to
read keys
information for v4 auth -so encryption keys would be output in
plaintext to debug logs
there are many instances of other sensitive info being logged there
as well
could create connections to a RADOS gateway to exhaust file descriptors
for the gateway service causing it to run out and fail to create new
connections
[USN-4036-1] OpenStack Neutron vulnerability
driver using a particular underlying technology
a protocol was specified along with a port but the protocol doesn’t
support ports - like VRRP) then it would error out and not apply further
rules from the security group
support them
[USN-4037-1] policykit-desktop-privileges update
admin/sudo group) to overwrite disks (ie create bootable USB images)
without prompting for authentication
[USN-4038-1, USN-4038-2] bzip2 vulnerabilities
RCE
lbzip2 utility since it would use an invalid number of selectors -
upstream still pondering how to fix this
[USN-4040-1, USN-4040-2] Expat vulnerability
namespace prefix)
[USN-4042-1] poppler vulnerabilities
allocated buffer - crash, DoS or possible RCE via heap metadata or
object corruption
[USN-4041-1, USN-4041-2] Linux kernel update
usually hard-coded to 48) - so can be increased to avoid this DoS issue
Goings on in Ubuntu Security Community
AppArmor interview with John Johansen
Hiring
Robotics Security Engineer
Ubuntu Security Engineer
Get in contact