December 09, 2019

Episode 55

25 minutes

Overview

This week we cover security updates for NSS, SQLite, the Linux kernel and

more, plus Joe and Alex discuss a recent FBI advisory warning about

possible dangers of Smart TVs.

This week in Ubuntu Security Updates

49 unique CVEs addressed

[USN-4203-1, USN-4203-2] NSS vulnerability [00:59]

1 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Disco, Eoan

CVE-2019-11745

OOB write if using an output buffer smaller than the block size (since

used block size instead of buffer size) when writing output for

NSC_EncryptUpdate()

[USN-4204-1] psutil vulnerability [02:05]

1 CVEs addressed in Xenial, Bionic, Disco, Eoan

CVE-2019-18874

Double free due to mishandling of reference counting when handling errors

during conversion of system data into Python objects - could be triggered

when using a malicious disk partition label with an invalid character

that fails to decode - so triggers error than fails to cleanup properly

and results in a double free

[USN-4205-1] SQLite vulnerabilities [02:59]

6 CVEs addressed in Precise ESM, Xenial, Bionic, Disco, Eoan

CVE-2019-5827

CVE-2019-5018

CVE-2019-19244

CVE-2019-19242

CVE-2019-16168

CVE-2018-8740

Various robustness updates for SQLite related to CVEs from other

applications that misuse SQLite - so this makes SQLite more tolerant if

it is misused in the future - plus a fix of a possible crash (DoS) under

certain usage scenarios.

[USN-4208-1] Linux kernel vulnerabilities [03:42]

12 CVEs addressed in Bionic (gcp-edge), Eoan (5.3 kernel)

CVE-2019-17075

CVE-2019-19083

CVE-2019-19075

CVE-2019-19069

CVE-2019-19067

CVE-2019-19065

CVE-2019-19061

CVE-2019-19060

CVE-2019-19048

CVE-2019-18810

CVE-2019-17133

CVE-2019-15794

Buffer overflow in wifi driver stack - able to be triggered by a remote

user in wifi range

Ubuntu specific OverlayFS and ShiftFS memory mapped reference counting

issue - can be triggered when combined with that when combined with AUFS

by a local attacker.

Memory leak based denial of service issues in various drivers (usually

during error conditions so unlikely to ever be hit in real use or able to

be easily triggered by malicious local users):

AMD Display Engine

Qualcomm FastRPC

Cascoda CA8210 SPI 802.15.4 wireless controller

AMD Audio CoProcessor

Intel OPA Gen1 Infiniband

ADIS16400 IIO IMU

VirtualBox guest

ARM Komeda display

[USN-4209-1] Linux kernel vulnerabilities [06:07]

3 CVEs addressed in Bionic (HWE), Disco (5.0 kernel)

CVE-2019-19076

CVE-2019-16746

CVE-2019-15794

Memory leak in Netronome NFP4000/NFP6k000 driver

Buffer overflow via 802.11 wifi config interface - local user onlu

OverlayFS/ShiftFS issue above

[USN-4210-1] Linux kernel vulnerabilities [06:47]

6 CVEs addressed in Xenial (HWE), Bionic (4.15)

CVE-2019-17075

CVE-2019-19075

CVE-2019-19065

CVE-2019-19060

CVE-2019-17133

CVE-2019-16746

See above:

Wifi stack buffer overflow from remote user

Wifi config buffer overflow from local user

Memory leaks above:

Cascoda CA8210 SPI 802.15.4 wireless controller

Intel OPA Gen1 Infiniband

ADIS16400 IIO IMU

[USN-4211-1, USN-4211-2] Linux kernel vulnerabilities [07:22]

3 CVEs addressed in Xenial, Trusty ESM (Xenial HWE)

CVE-2019-17075

CVE-2019-17133

CVE-2018-20784

Wifi stack remote user buffer overflow

Infinite loop in the CFS scheduler able to be triggered by a local user

-> DoS

[USN-4206-1] GraphicsMagick vulnerabilities [07:55]

10 CVEs addressed in Xenial

CVE-2017-6335

CVE-2017-14042

CVE-2017-13147

CVE-2017-11637

CVE-2017-11636

CVE-2017-11403

CVE-2017-11140

CVE-2017-11102

CVE-2017-10799

CVE-2017-10794

Usual sorts of memory mismanagement issues seen in large C codebases

(most resulting in crash -> DoS)

OOB read

Various memory allocation failure issues - trigger crash -> DoS

NULL pointer dereference

Heap buffer overflow for RGB images with multiple frames with

non-identical widths

UAF via a crafted MNG image

Resource consumption via crafted JPEG which specifies invalid scanlines

Memory leaks -> memory exhaustion -> crash -> DoS

[USN-4207-1] GraphicsMagick vulnerabilities [09:18]

13 CVEs addressed in Bionic

CVE-2019-11506

CVE-2019-11505

CVE-2019-11474

CVE-2019-11473

CVE-2019-11010

CVE-2019-11009

CVE-2019-11008

CVE-2019-11007

CVE-2019-11006

CVE-2019-11005

CVE-2018-20189

CVE-2018-20185

CVE-2018-20184

[USN-4194-2] postgresql-common vulnerability [09:29]

1 CVEs addressed in Trusty ESM

CVE-2019-3466

Episode 54 - Debian specific package - privesc

[USN-4182-3, USN-4182-4] Intel Microcode regression [09:44]

2 CVEs addressed in Trusty ESM, Xenial, Bionic, Disco, Eoan

CVE-2019-11139

CVE-2019-11135

Previous microcode update resulted in some Skylake processors hanging on

a warm reboot - not Ubuntu specific and is tracked upstream by Intel

https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21 -

so this update reverts the microcode only for those specific processor

models

Goings on in Ubuntu Security Community

Joe and Alex discuss a recent FBI Advisory concerning SmartTVs [10:50]

https://threatpost.com/smart-tvs-cyberthreat-living-room-feds/150713/

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@ubuntu_sec on twitter

...more

View all episodes

By Ubuntu Security Team

4.8

1010 ratings

December 09, 2019

Episode 55

25 minutes

Overview

This week we cover security updates for NSS, SQLite, the Linux kernel and

more, plus Joe and Alex discuss a recent FBI advisory warning about

possible dangers of Smart TVs.

This week in Ubuntu Security Updates

49 unique CVEs addressed

[USN-4203-1, USN-4203-2] NSS vulnerability [00:59]

1 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Disco, Eoan

CVE-2019-11745

OOB write if using an output buffer smaller than the block size (since

used block size instead of buffer size) when writing output for

NSC_EncryptUpdate()

[USN-4204-1] psutil vulnerability [02:05]

1 CVEs addressed in Xenial, Bionic, Disco, Eoan

CVE-2019-18874

Double free due to mishandling of reference counting when handling errors

during conversion of system data into Python objects - could be triggered

when using a malicious disk partition label with an invalid character

that fails to decode - so triggers error than fails to cleanup properly

and results in a double free

[USN-4205-1] SQLite vulnerabilities [02:59]

6 CVEs addressed in Precise ESM, Xenial, Bionic, Disco, Eoan

CVE-2019-5827

CVE-2019-5018

CVE-2019-19244

CVE-2019-19242

CVE-2019-16168

CVE-2018-8740

Various robustness updates for SQLite related to CVEs from other

applications that misuse SQLite - so this makes SQLite more tolerant if

it is misused in the future - plus a fix of a possible crash (DoS) under

certain usage scenarios.

[USN-4208-1] Linux kernel vulnerabilities [03:42]

12 CVEs addressed in Bionic (gcp-edge), Eoan (5.3 kernel)

CVE-2019-17075

CVE-2019-19083

CVE-2019-19075

CVE-2019-19069

CVE-2019-19067

CVE-2019-19065

CVE-2019-19061

CVE-2019-19060

CVE-2019-19048

CVE-2019-18810

CVE-2019-17133

CVE-2019-15794

Buffer overflow in wifi driver stack - able to be triggered by a remote

user in wifi range

Ubuntu specific OverlayFS and ShiftFS memory mapped reference counting

issue - can be triggered when combined with that when combined with AUFS

by a local attacker.

Memory leak based denial of service issues in various drivers (usually

during error conditions so unlikely to ever be hit in real use or able to

be easily triggered by malicious local users):

AMD Display Engine

Qualcomm FastRPC

Cascoda CA8210 SPI 802.15.4 wireless controller

AMD Audio CoProcessor

Intel OPA Gen1 Infiniband

ADIS16400 IIO IMU

VirtualBox guest

ARM Komeda display

[USN-4209-1] Linux kernel vulnerabilities [06:07]

3 CVEs addressed in Bionic (HWE), Disco (5.0 kernel)

CVE-2019-19076

CVE-2019-16746

CVE-2019-15794

Memory leak in Netronome NFP4000/NFP6k000 driver

Buffer overflow via 802.11 wifi config interface - local user onlu

OverlayFS/ShiftFS issue above

[USN-4210-1] Linux kernel vulnerabilities [06:47]

6 CVEs addressed in Xenial (HWE), Bionic (4.15)

CVE-2019-17075

CVE-2019-19075

CVE-2019-19065

CVE-2019-19060

CVE-2019-17133

CVE-2019-16746

See above:

Wifi stack buffer overflow from remote user

Wifi config buffer overflow from local user

Memory leaks above:

Cascoda CA8210 SPI 802.15.4 wireless controller

Intel OPA Gen1 Infiniband

ADIS16400 IIO IMU

[USN-4211-1, USN-4211-2] Linux kernel vulnerabilities [07:22]

3 CVEs addressed in Xenial, Trusty ESM (Xenial HWE)

CVE-2019-17075

CVE-2019-17133

CVE-2018-20784

Wifi stack remote user buffer overflow

Infinite loop in the CFS scheduler able to be triggered by a local user

-> DoS

[USN-4206-1] GraphicsMagick vulnerabilities [07:55]

10 CVEs addressed in Xenial

CVE-2017-6335

CVE-2017-14042

CVE-2017-13147

CVE-2017-11637

CVE-2017-11636

CVE-2017-11403

CVE-2017-11140

CVE-2017-11102

CVE-2017-10799

CVE-2017-10794

Usual sorts of memory mismanagement issues seen in large C codebases

(most resulting in crash -> DoS)

OOB read

Various memory allocation failure issues - trigger crash -> DoS

NULL pointer dereference

Heap buffer overflow for RGB images with multiple frames with

non-identical widths

UAF via a crafted MNG image

Resource consumption via crafted JPEG which specifies invalid scanlines

Memory leaks -> memory exhaustion -> crash -> DoS

[USN-4207-1] GraphicsMagick vulnerabilities [09:18]

13 CVEs addressed in Bionic

CVE-2019-11506

CVE-2019-11505

CVE-2019-11474

CVE-2019-11473

CVE-2019-11010

CVE-2019-11009

CVE-2019-11008

CVE-2019-11007

CVE-2019-11006

CVE-2019-11005

CVE-2018-20189

CVE-2018-20185

CVE-2018-20184

[USN-4194-2] postgresql-common vulnerability [09:29]

1 CVEs addressed in Trusty ESM

CVE-2019-3466

Episode 54 - Debian specific package - privesc

[USN-4182-3, USN-4182-4] Intel Microcode regression [09:44]

2 CVEs addressed in Trusty ESM, Xenial, Bionic, Disco, Eoan

CVE-2019-11139

CVE-2019-11135

Previous microcode update resulted in some Skylake processors hanging on

a warm reboot - not Ubuntu specific and is tracked upstream by Intel

https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21 -

so this update reverts the microcode only for those specific processor

models

Goings on in Ubuntu Security Community

Joe and Alex discuss a recent FBI Advisory concerning SmartTVs [10:50]

https://threatpost.com/smart-tvs-cyberthreat-living-room-feds/150713/

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@ubuntu_sec on twitter

...more

Share Episode 55

Sign up to save your podcasts

Episode 55

Episode 55