Sign up to save your podcasts
Or
Share Episode 41
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 41
Overview
With Alex and Joe having been away at a Canonical sprint last week, we look back at the past fortnight’s security updates including new Linux kernel releases, MySQL, VLC, Django and more plus we discuss a recent Citrix password spraying attack.
This week in Ubuntu Security Updates
90 unique CVEs addressed
[USN-4066-2] ClamAV vulnerability
libmspack in older releases so is affected
[USN-4065-2] Squid vulnerabilities
Episode 40 (memory corruption issues)
[USN-4067-1] Evince vulnerability
[USN-4068-1, USN-4068-2] Linux kernel vulnerabilities
information (keys, pointers to help defeat ASLR etc)
to NUL terminate the name field
which are returned to user-space
(RDS) protocol module -> crash / code exec
description, this is not likely to be remotely exploitable since the
use-after-free only occurs on namespace cleanup
crash / code execution -> privilege escalation
[USN-4076-1] Linux kernel vulnerabilities
parameter from ioctl() for page size calculations - local attacker could
use this to cause various memory corruption issues possibly resulting in
privilege escalation or code execution (only enabled in Xenial 4.4
kernel)
on-the-air to the local USB wifi device - allows a remote attacker to
send firmware events to the device having unspecified impact
process could modify a syscall parameter after the seccomp decision for
that syscall had been made - so could violate the policy
UAF -> crash, or code execution
[LSN-0053-1] Linux kernel vulnerability
terminated string
[USN-4069-1, USN-4069-2] Linux kernel vulnerabilities
(4.15 kernel) - Bluetooth HIDP + Ext4 extents information disclosure
vulns covered earlier
for a process which can race with other memory managment handling and so
could result in access to invalid memory regions - crash -> DoS or
information disclosure
[USN-4070-1] MySQL vulnerabilities
access to all MySQL server data (modify / access etc)
crash MySQL server
[USN-4071-1, USN-4071-2] Patch vulnerabilities
characters to take control of patch
arbitrary files
[USN-4072-1] Ansible vulnerabilities
overwrite files outside of the specified destination
point to an arbitrary module / plugin under their control and so gain
code-execution as the ansible daemon
variable being substituted and thus an information disclosure
[USN-4073-1] libEBML vulnerability
code-execution
[USN-4074-1] VLC vulnerabilities
[USN-4075-1] Exim vulnerability
items that can be controlled by an attacker - ie. $domain etc
[USN-4054-2] Firefox regressions
[USN-3990-2] urllib3 vulnerability
[USN-4077-1] tmpreaper vulnerability
privilege escalation since can result in a file being placed elsewhere on
the fs hierarchy - so could drop a file in etc/cron.d for example to
get root code execution
[USN-4078-1] OpenLDAP vulnerabilities
could then perform operations which they were not entitled to - in SASL
authentication code paths
[USN-4079-1, USN-4079-2] SoX vulnerabilities
[USN-4080-1] OpenJDK 8 vulnerabilities
[USN-4083-1] OpenJDK 11 vulnerabilities
[USN-4081-1] Pango vulnerability
invalid utf8 to Pango APIs like pango_itemize()
[USN-4082-1] Subversion vulnerabilities
[USN-4084-1] Django vulnerabilities
large sequence of nested, incomplete HTML entities, other in truncating
due to use of regex with backtracking
[USN-4085-1] Sigil vulnerability
Goings on in Ubuntu Security Community
Alex and Joe discuss the recent Citrix password spraying attack
Get in contact
View all episodes
By Ubuntu Security Team
4.8
1010 ratings
Overview
With Alex and Joe having been away at a Canonical sprint last week, we look back at the past fortnight’s security updates including new Linux kernel releases, MySQL, VLC, Django and more plus we discuss a recent Citrix password spraying attack.
This week in Ubuntu Security Updates
90 unique CVEs addressed
[USN-4066-2] ClamAV vulnerability
libmspack in older releases so is affected
[USN-4065-2] Squid vulnerabilities
Episode 40 (memory corruption issues)
[USN-4067-1] Evince vulnerability
[USN-4068-1, USN-4068-2] Linux kernel vulnerabilities
information (keys, pointers to help defeat ASLR etc)
to NUL terminate the name field
which are returned to user-space
(RDS) protocol module -> crash / code exec
description, this is not likely to be remotely exploitable since the
use-after-free only occurs on namespace cleanup
crash / code execution -> privilege escalation
[USN-4076-1] Linux kernel vulnerabilities
parameter from ioctl() for page size calculations - local attacker could
use this to cause various memory corruption issues possibly resulting in
privilege escalation or code execution (only enabled in Xenial 4.4
kernel)
on-the-air to the local USB wifi device - allows a remote attacker to
send firmware events to the device having unspecified impact
process could modify a syscall parameter after the seccomp decision for
that syscall had been made - so could violate the policy
UAF -> crash, or code execution
[LSN-0053-1] Linux kernel vulnerability
terminated string
[USN-4069-1, USN-4069-2] Linux kernel vulnerabilities
(4.15 kernel) - Bluetooth HIDP + Ext4 extents information disclosure
vulns covered earlier
for a process which can race with other memory managment handling and so
could result in access to invalid memory regions - crash -> DoS or
information disclosure
[USN-4070-1] MySQL vulnerabilities
access to all MySQL server data (modify / access etc)
crash MySQL server
[USN-4071-1, USN-4071-2] Patch vulnerabilities
characters to take control of patch
arbitrary files
[USN-4072-1] Ansible vulnerabilities
overwrite files outside of the specified destination
point to an arbitrary module / plugin under their control and so gain
code-execution as the ansible daemon
variable being substituted and thus an information disclosure
[USN-4073-1] libEBML vulnerability
code-execution
[USN-4074-1] VLC vulnerabilities
[USN-4075-1] Exim vulnerability
items that can be controlled by an attacker - ie. $domain etc
[USN-4054-2] Firefox regressions
[USN-3990-2] urllib3 vulnerability
[USN-4077-1] tmpreaper vulnerability
privilege escalation since can result in a file being placed elsewhere on
the fs hierarchy - so could drop a file in etc/cron.d for example to
get root code execution
[USN-4078-1] OpenLDAP vulnerabilities
could then perform operations which they were not entitled to - in SASL
authentication code paths
[USN-4079-1, USN-4079-2] SoX vulnerabilities
[USN-4080-1] OpenJDK 8 vulnerabilities
[USN-4083-1] OpenJDK 11 vulnerabilities
[USN-4081-1] Pango vulnerability
invalid utf8 to Pango APIs like pango_itemize()
[USN-4082-1] Subversion vulnerabilities
[USN-4084-1] Django vulnerabilities
large sequence of nested, incomplete HTML entities, other in truncating
due to use of regex with backtracking
[USN-4085-1] Sigil vulnerability
Goings on in Ubuntu Security Community
Alex and Joe discuss the recent Citrix password spraying attack
Get in contact