October 02, 2018

Episode 6

11 minutes

Overview

This week we look at some details of the 17 unique CVEs addressed across the supported Ubuntu releases and more.

This week in Ubuntu Security Updates

17 unique CVEs addressed

[USN-3771-1] strongSwan vulnerabilities

4 CVEs addressed in Trusty, Xenial, Bionic

CVE-2018-5388

CVE-2018-16152

CVE-2018-16151

CVE-2018-10811

2 CVEs: flaws in RSA implementation allow Bleichenbacher-style attacks in parsing of the ASN.1 encoded digestInfo

strongSwan implementation was too lenient and would allow arbitrary random data to be contained following various elements in the ASN.1

Also would not check the correct amount of padding had been used

Allows attackers to potentially forge low-exponent signature forgery and hence authentication during IKE authentication

2 CVEs for DoS due to missing length check and missing variable initialization

[USN-3772-1] UDisks vulnerability

1 CVEs addressed in Bionic

CVE-2018-17336

Format string vulnerability which could be exploited via specially crafted disk label

udisks prints volume label via printf() passing the label as part of the format string

Simple fix to replace the label with a %s directive and then pass the label to that

ie. don’t interpret label as printf() directives directly

[USN-3719-3] Mutt vulnerabilities

12 CVEs addressed in Xenial

CVE-2018-14349

CVE-2018-14362

CVE-2018-14351

CVE-2018-14356

CVE-2018-14355

CVE-2018-14357

CVE-2018-14353

CVE-2018-14358

CVE-2018-14359

CVE-2018-14354

CVE-2018-14352

CVE-2018-14350

Goings on in Ubuntu Security Community

LSM Stacking upstreaming

Casey Schaufler (Intel, SMACK maintainer) primary developer along with John Johansen and Kees Cook (Google) to upstream support for LSM stacking

Currently upstream allows use of one ‘major’ module (SELinux / AppArmor / Tomoyo) with a minor module (Yama etc)

Goal of stacking is to allow multiple major modules to be used in conjunction (AppArmor with SELinux)

Primary use-case is containers

Current stacking patches allow to stack Tomoyo with either SELinux / AppArmor

Eventually should be able to stack SELinux with AppArmor but still WIP

Ubuntu already carries these patches in Bionic etc

Likely to be merged in the near future

Evince AppArmor hardening LP #1788929

Jann Horn (GPZ) reported gaps in evince AppArmor profile

Clever use of GNOME thumbnailer infrastructure to specify a new ’evil’ thumbnailer and the use of systemd via DBus to escape AppArmor confinement

Policy fixed in Cosmic, in process of updating for Bionic etc

New Ubuntu Security Manager

Joe McManus

Hiring

Ubuntu Security Engineer

https://boards.greenhouse.io/canonical/jobs/1158266

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

@ubuntu_sec on twitter

...more

View all episodes

By Ubuntu Security Team

4.8

1010 ratings

October 02, 2018

Episode 6

11 minutes

Overview

This week we look at some details of the 17 unique CVEs addressed across the supported Ubuntu releases and more.

This week in Ubuntu Security Updates

17 unique CVEs addressed

[USN-3771-1] strongSwan vulnerabilities

4 CVEs addressed in Trusty, Xenial, Bionic

CVE-2018-5388

CVE-2018-16152

CVE-2018-16151

CVE-2018-10811

2 CVEs: flaws in RSA implementation allow Bleichenbacher-style attacks in parsing of the ASN.1 encoded digestInfo

strongSwan implementation was too lenient and would allow arbitrary random data to be contained following various elements in the ASN.1

Also would not check the correct amount of padding had been used

Allows attackers to potentially forge low-exponent signature forgery and hence authentication during IKE authentication

2 CVEs for DoS due to missing length check and missing variable initialization

[USN-3772-1] UDisks vulnerability

1 CVEs addressed in Bionic

CVE-2018-17336

Format string vulnerability which could be exploited via specially crafted disk label

udisks prints volume label via printf() passing the label as part of the format string

Simple fix to replace the label with a %s directive and then pass the label to that

ie. don’t interpret label as printf() directives directly

[USN-3719-3] Mutt vulnerabilities

12 CVEs addressed in Xenial

CVE-2018-14349

CVE-2018-14362

CVE-2018-14351

CVE-2018-14356

CVE-2018-14355

CVE-2018-14357

CVE-2018-14353

CVE-2018-14358

CVE-2018-14359

CVE-2018-14354

CVE-2018-14352

CVE-2018-14350

Goings on in Ubuntu Security Community

LSM Stacking upstreaming

Casey Schaufler (Intel, SMACK maintainer) primary developer along with John Johansen and Kees Cook (Google) to upstream support for LSM stacking

Currently upstream allows use of one ‘major’ module (SELinux / AppArmor / Tomoyo) with a minor module (Yama etc)

Goal of stacking is to allow multiple major modules to be used in conjunction (AppArmor with SELinux)

Primary use-case is containers

Current stacking patches allow to stack Tomoyo with either SELinux / AppArmor

Eventually should be able to stack SELinux with AppArmor but still WIP

Ubuntu already carries these patches in Bionic etc

Likely to be merged in the near future

Evince AppArmor hardening LP #1788929

Jann Horn (GPZ) reported gaps in evince AppArmor profile

Clever use of GNOME thumbnailer infrastructure to specify a new ’evil’ thumbnailer and the use of systemd via DBus to escape AppArmor confinement

Policy fixed in Cosmic, in process of updating for Bionic etc

New Ubuntu Security Manager

Joe McManus

Hiring

Ubuntu Security Engineer

https://boards.greenhouse.io/canonical/jobs/1158266

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

@ubuntu_sec on twitter

...more

Share Episode 6

Sign up to save your podcasts

Episode 6

Episode 6