Ubuntu Security Podcast

Episode 65

Listen Later
Overview

Whilst avoiding Coronavirus, this week we look at updates for libarchive,

OpenSMTPD, rake and more, plus Joe and Alex discuss ROS, the Robot
Operating System and how the Ubuntu Security Team is involved in the
ongoing development of secure foundations for robotics.

This week in Ubuntu Security Updates

7 unique CVEs addressed

[USN-4293-1] libarchive vulnerabilities [00:18]
  • 2 CVEs addressed in Xenial, Bionic, Eoan
    • CVE-2020-9308
    • CVE-2019-19221
    • OSS-Fuzz: RAR unpacker would try and unpack a file with a corrupted /
      • malformed header (ie. zero length etc) - OOB read - crash/DoS
    • OOB read due to use of wrong length parameter to mbtowc()
      • [USN-4294-1] OpenSMTPD vulnerabilities [02:00]
      • 2 CVEs addressed in Bionic, Eoan
        • CVE-2020-8793
        • CVE-2020-8794
        • Remote code exec on both clients and server (as server reuses client-side code for debouncing)
        • Possible arbitrary file read due to race-condition in offline
          • functionality - a user could create a hardlink to a root-owned file which
          opensmtpd would then read - mitigated on Ubuntu since we enable
          protected_hardlinks sysctl which stops regular users creating hardlinks
          to root-owned files
          [USN-4288-2] ppp vulnerability [03:12]
          • 1 CVEs addressed in Precise ESM, Trusty ESM
            • CVE-2020-8597
            • Episode 64 (possible buffer overflow)
              • [USN-4290-2] libpam-radius-auth vulnerability [03:23]
              • 1 CVEs addressed in Precise ESM, Trusty ESM
                • CVE-2015-9542
                • Episode 64 (stack overflow in password field handling)
                  • [USN-4295-1] Rake vulnerability [03:31]
                  • 1 CVEs addressed in Xenial, Bionic, Eoan
                    • CVE-2020-8130
                    • Command injection vulnerability via Rake::FileList - used the Kernel
                      • open() method rather than File.open() - this supports launching a process
                      if the file-name starts with a pipe `|` - so instead just use File.open()
                      Goings on in Ubuntu Security Community
                      Joe and Alex discuss ROS, the Robot Operating System [04:28]
                      Kyle Fazzari’s ROS and Ubuntu Video Series
                      • https://ubuntu.com/blog/from-ros-prototype-to-production-on-ubuntu-core
                      • https://ubuntu.com/blog/your-first-robot-a-beginners-guide-to-ros-and-ubuntu-core-1-5
                        • Hiring
                        Robotics Security Engineer
                        • https://canonical.com/careers/1550997
                          • Security Engineer - Certifications (FIPS, Common Criteria)
                          • https://canonical.com/careers/2085468
                            • Ubuntu Security Engineer
                            • https://canonical.com/careers/2085023
                              • Get in contact
                              • [email protected]
                              • #ubuntu-security on the Libera.Chat IRC network
                              • ubuntu-hardened mailing list
                              • Security section on discourse.ubuntu.com
                              • @ubuntu_sec on twitter
                                • ...more
                                View all episodesView all episodes
                                Download on the App Store
                                Ubuntu Security PodcastBy Ubuntu Security Team
                                • 4.8
                                • 4.8
                                • 4.8
                                • 4.8
                                • 4.8

                                4.8

                                10 ratings