Sign up to save your podcasts
Or
Share Episode 45
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 45
Overview
This week we look at security updates for Dovecot, Ghostscript, a livepatch update for the Linux kernel, Ceph and Apache, plus Alex and Joe discuss recent Wordpress plugin vulnerabilities and the Hostinger breach, and more.
This week in Ubuntu Security Updates
22 unique CVEs addressed
[USN-4110-1, USN-4110-2] Dovecot vulnerability [00:52]
string bounds as the first character which needed unescaping
rewrites the string on the fly, and so would then go and rewrite
outside the bounds of the string
first unescaped character but instead loop over the whole string in
unescaping
[USN-4110-3, USN-4110-4] Dovecot regression [02:08]
contained an error such that the checking of NUL bytes was skipped -
re-released with correct final upstream fix
[LSN-0054-1] Linux kernel vulnerability [02:38]
pointer dereferences
[USN-4111-1] Ghostscript vulnerabilities [03:20]
sandbox
[USN-4112-1] Ceph vulnerability [04:01]
disconnecting at certain time (triggering a NULL pointer deference when
looking up the remote address for a connected client)
frontend - which is not in the versions in trusty / xenial - and only
in the bionic version as an experimental feature
[USN-4113-1] Apache HTTP Server vulnerabilities [04:41]
7 CVEs addressed in Xenial, Bionic, Disco
HTTP/2 DoS issue (Internal Data Buffering) - Episode 43 for nginx
Open redirect in mod_rewrite if have self-referential redirects
Stack buffer overflow + NULL pointer dereference in mod_remoteip
Possible XSS in mod_proxy where the link shown on error pages could be
controlled by an attacker - but only possible where configured with
proxying enable but misconfigured so that Proxy Error page is shown.
UAF (read) during HTTP/2 connection shutdown
HTTP/2 push - allows server to send resources to a client before it
requests them - could overwrite memory of the server’s request pool -
this is preconfigured and not under control of client but could cause a
crash etc.
HTTP/2 upgrade - can configure to automatically upgrade HTTP/1.1 requests
to HTTP/2 - but if this was not the first request on the connection could
lead to crash
Goings on in Ubuntu Security Community
Alex and Joe talk Wordpress plugin vulnerabiliies and Hostinger password breach [07:03]
OpenSSL 1.1.1 with TLS 1.3 support complete for Ubuntu 18.04 LTS (Bionic) [17:29]
1.3 - now published via -updates and -security
Get in contact
View all episodes
By Ubuntu Security Team
4.8
1010 ratings
Overview
This week we look at security updates for Dovecot, Ghostscript, a livepatch update for the Linux kernel, Ceph and Apache, plus Alex and Joe discuss recent Wordpress plugin vulnerabilities and the Hostinger breach, and more.
This week in Ubuntu Security Updates
22 unique CVEs addressed
[USN-4110-1, USN-4110-2] Dovecot vulnerability [00:52]
string bounds as the first character which needed unescaping
rewrites the string on the fly, and so would then go and rewrite
outside the bounds of the string
first unescaped character but instead loop over the whole string in
unescaping
[USN-4110-3, USN-4110-4] Dovecot regression [02:08]
contained an error such that the checking of NUL bytes was skipped -
re-released with correct final upstream fix
[LSN-0054-1] Linux kernel vulnerability [02:38]
pointer dereferences
[USN-4111-1] Ghostscript vulnerabilities [03:20]
sandbox
[USN-4112-1] Ceph vulnerability [04:01]
disconnecting at certain time (triggering a NULL pointer deference when
looking up the remote address for a connected client)
frontend - which is not in the versions in trusty / xenial - and only
in the bionic version as an experimental feature
[USN-4113-1] Apache HTTP Server vulnerabilities [04:41]
7 CVEs addressed in Xenial, Bionic, Disco
HTTP/2 DoS issue (Internal Data Buffering) - Episode 43 for nginx
Open redirect in mod_rewrite if have self-referential redirects
Stack buffer overflow + NULL pointer dereference in mod_remoteip
Possible XSS in mod_proxy where the link shown on error pages could be
controlled by an attacker - but only possible where configured with
proxying enable but misconfigured so that Proxy Error page is shown.
UAF (read) during HTTP/2 connection shutdown
HTTP/2 push - allows server to send resources to a client before it
requests them - could overwrite memory of the server’s request pool -
this is preconfigured and not under control of client but could cause a
crash etc.
HTTP/2 upgrade - can configure to automatically upgrade HTTP/1.1 requests
to HTTP/2 - but if this was not the first request on the connection could
lead to crash
Goings on in Ubuntu Security Community
Alex and Joe talk Wordpress plugin vulnerabiliies and Hostinger password breach [07:03]
OpenSSL 1.1.1 with TLS 1.3 support complete for Ubuntu 18.04 LTS (Bionic) [17:29]
1.3 - now published via -updates and -security
Get in contact