October 10, 2019

Episode 48

24 minutes

Overview

This week we look at security updates for the Linux kernel, SDL 2, ClamAV

and more, plus Alex and Joe talk security and performance trade-offs, snaps

and OWASP Top 10 Cloud Security recommendations, and finally Alex covers

some recent concerns about the security of the Snap Store.

This week in Ubuntu Security Updates

31 unique CVEs addressed

[USN-4142-1, USN-4142-2] e2fsprogs vulnerability [00:37]

1 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Disco

CVE-2019-5094

Cisco TALOS - possible code execution via OOB write to the heap for code

which handles quota support in ext4 - so possible to trigger via a

specially crafted ext4 partition - could be triggered during an fsck on

the partition etc.

[USN-4143-1] SDL 2.0 vulnerabilities [01:37]

5 CVEs addressed in Xenial, Bionic, Disco

CVE-2019-7638

CVE-2019-7637

CVE-2019-7636

CVE-2019-7635

CVE-2017-2888

3 different heap based buffer over-reads -> crash, DoS

Heap based buffer over-write -> possible code execution or at least crash -> DoS

Integer overflow -> small alloc -> heap based buffer overflow -> possible

code execution

[USN-4147-1] Linux kernel vulnerabilities [02:23]

18 CVEs addressed in Bionic (HWE), Disco

CVE-2019-15223

CVE-2019-15221

CVE-2019-15218

CVE-2019-15217

CVE-2019-9506

CVE-2019-15926

CVE-2019-15925

CVE-2019-15538

CVE-2019-15220

CVE-2019-15215

CVE-2019-15212

CVE-2019-15211

CVE-2019-15118

CVE-2019-15117

CVE-2019-15090

CVE-2019-13631

CVE-2019-10207

CVE-2019-0136

OOB read in ath6kl driver - possible to trigger remotely from the network - crash, DoS

Bluetooth KNOB attack

Crashes from malicious USB audio devices:

Infinite recursion when parsing device descriptors (if

had multiple identical device descriptors could be triggered)

OOB read if specified an invalid input pin

OOB read in QLogic QEDI iSCSI driver

2 covered in Episode 46

Possible code execution via a NULL pointer dereference in bluetooth UART

driver - so if an attacker can map executable code at address zero can

achieve code execution - in Ubuntu we have mmap_min_addr set to a

non-zero value so this is mitigated by default

DoS in Intel wifi driver - allows a malicious client to knock a peer of

the network

[USN-4144-1] Linux kernel vulnerabilities [05:02]

2 CVEs addressed in Xenial (HWE), Bionic

CVE-2019-15538

CVE-2018-20976

2 different XFS issues

UAF triggered from a malicious XFS image -> code exection? -> crash, DoS

CPU based DoS if can trigger a chgrp() error due to out-of-quota

[USN-4145-1] Linux kernel vulnerabilities [05:46]

11 CVEs addressed in Xenial

CVE-2019-15926

CVE-2019-15215

CVE-2019-15211

CVE-2019-13631

CVE-2019-11487

CVE-2019-10207

CVE-2019-0136

CVE-2018-20976

CVE-2018-20961

CVE-2017-18509

CVE-2016-10905

Most covered above

[USN-4146-1, USN-4146-2] ClamAV vulnerabilities [06:00]

2 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Disco

CVE-2019-12900

CVE-2019-12625

Update to latest upstream version (0.101.4)

OOB read when handling crafted BZIP2 and ZIP files - was covered for

bzip2 itself in Ubuntu in Episode 38 - vendored in clamav

Goings on in Ubuntu Security Community

Alex and Joe talk security and performance trade-offs, snaps and OWASP Top 10 Cloud Security recommendations [07:01]

https://snapcraft.io/teamtime

https://threatpost.com/intimate-details-healthcare-workers-exposed-cloud-security/149007/

https://www.owasp.org/index.php/Category:OWASP_Cloud_%E2%80%90_10_Project

Alex addresses some concerns with the perceived security of the Snap Store [20:44]

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@ubuntu_sec on twitter

...more

View all episodes

By Ubuntu Security Team

4.8

1010 ratings

October 10, 2019

Episode 48

24 minutes

Overview

This week we look at security updates for the Linux kernel, SDL 2, ClamAV

and more, plus Alex and Joe talk security and performance trade-offs, snaps

and OWASP Top 10 Cloud Security recommendations, and finally Alex covers

some recent concerns about the security of the Snap Store.

This week in Ubuntu Security Updates

31 unique CVEs addressed

[USN-4142-1, USN-4142-2] e2fsprogs vulnerability [00:37]

1 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Disco

CVE-2019-5094

Cisco TALOS - possible code execution via OOB write to the heap for code

which handles quota support in ext4 - so possible to trigger via a

specially crafted ext4 partition - could be triggered during an fsck on

the partition etc.

[USN-4143-1] SDL 2.0 vulnerabilities [01:37]

5 CVEs addressed in Xenial, Bionic, Disco

CVE-2019-7638

CVE-2019-7637

CVE-2019-7636

CVE-2019-7635

CVE-2017-2888

3 different heap based buffer over-reads -> crash, DoS

Heap based buffer over-write -> possible code execution or at least crash -> DoS

Integer overflow -> small alloc -> heap based buffer overflow -> possible

code execution

[USN-4147-1] Linux kernel vulnerabilities [02:23]

18 CVEs addressed in Bionic (HWE), Disco

CVE-2019-15223

CVE-2019-15221

CVE-2019-15218

CVE-2019-15217

CVE-2019-9506

CVE-2019-15926

CVE-2019-15925

CVE-2019-15538

CVE-2019-15220

CVE-2019-15215

CVE-2019-15212

CVE-2019-15211

CVE-2019-15118

CVE-2019-15117

CVE-2019-15090

CVE-2019-13631

CVE-2019-10207

CVE-2019-0136

OOB read in ath6kl driver - possible to trigger remotely from the network - crash, DoS

Bluetooth KNOB attack

Crashes from malicious USB audio devices:

Infinite recursion when parsing device descriptors (if

had multiple identical device descriptors could be triggered)

OOB read if specified an invalid input pin

OOB read in QLogic QEDI iSCSI driver

2 covered in Episode 46

Possible code execution via a NULL pointer dereference in bluetooth UART

driver - so if an attacker can map executable code at address zero can

achieve code execution - in Ubuntu we have mmap_min_addr set to a

non-zero value so this is mitigated by default

DoS in Intel wifi driver - allows a malicious client to knock a peer of

the network

[USN-4144-1] Linux kernel vulnerabilities [05:02]

2 CVEs addressed in Xenial (HWE), Bionic

CVE-2019-15538

CVE-2018-20976

2 different XFS issues

UAF triggered from a malicious XFS image -> code exection? -> crash, DoS

CPU based DoS if can trigger a chgrp() error due to out-of-quota

[USN-4145-1] Linux kernel vulnerabilities [05:46]

11 CVEs addressed in Xenial

CVE-2019-15926

CVE-2019-15215

CVE-2019-15211

CVE-2019-13631

CVE-2019-11487

CVE-2019-10207

CVE-2019-0136

CVE-2018-20976

CVE-2018-20961

CVE-2017-18509

CVE-2016-10905

Most covered above

[USN-4146-1, USN-4146-2] ClamAV vulnerabilities [06:00]

2 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Disco

CVE-2019-12900

CVE-2019-12625

Update to latest upstream version (0.101.4)

OOB read when handling crafted BZIP2 and ZIP files - was covered for

bzip2 itself in Ubuntu in Episode 38 - vendored in clamav

Goings on in Ubuntu Security Community

Alex and Joe talk security and performance trade-offs, snaps and OWASP Top 10 Cloud Security recommendations [07:01]

https://snapcraft.io/teamtime

https://threatpost.com/intimate-details-healthcare-workers-exposed-cloud-security/149007/

https://www.owasp.org/index.php/Category:OWASP_Cloud_%E2%80%90_10_Project

Alex addresses some concerns with the perceived security of the Snap Store [20:44]

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@ubuntu_sec on twitter

...more

Share Episode 48

Sign up to save your podcasts

Episode 48

Episode 48