Ubuntu Security Podcast

Episode 75

Listen Later
Overview

In episode 75 we look at security updates for APT, json-c, Bind, the Linux

kernel and more, plus Joe and Alex discuss recent phishing attacks and the
Wired biopic of Marcus Hutchins.

This week in Ubuntu Security Updates

26 unique CVEs addressed

[USN-4358-1] libexif vulnerabilities [00:44]
  • 2 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
    • CVE-2020-12767
    • CVE-2018-20030
    • Divide by zero and a CPU infinite loop (DoS) for handling crafted exif
      • content
      [USN-4359-1] APT vulnerability [01:19]
      • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
        • CVE-2020-3810
        • Own ar archive handling code
        • Stack buffer OOB read for ar archive members with specially crafted
          • names - tried to handle spaces etc in names but if the name was all
          spaces would overrun the name and read past the end of it
          [USN-4360-1] json-c vulnerability [02:04]
          • 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
            • CVE-2020-12762
            • Integer overflow -> OOB write from a large json file
              • [USN-4360-2, USN-4360-3] json-c regression [02:27]
              • Affecting Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
              • Upstream fix had a bug where logic for trying to handle integer overflow
                • was inverted and so would cause INT_MAX (2GB) memory to be allocated
              • On machines with a small amount of memory this could exhaust all and
                • trigger OOM killer
              • Part of logic of the package is to trigger a rexec of upstart (which
                • serialises itself via libjson) - so this could cause upstart to consume
                all memory, get killed to OOM killer and cause fail to boot etc
              • upstart not used as default init on xenial+ and initial update was
                • delayed for ESM so only a small number of users would be affected (those
                running 16.04 LTS/xenial who had manually configured upstart as init)
                [USN-4361-1] Dovecot vulnerabilities [04:13]
                • 3 CVEs addressed in Eoan (19.10), Focal (20.04 LTS)
                  • CVE-2020-10958
                  • CVE-2020-10967
                  • CVE-2020-10957
                  • 3 issues discovered by Philippe Antoine
                    • UAF sending command is followed by a sufficient number of newlines -> crash
                    • Sending with empty quoted localpart or malformed NOOP commands -> crash
                      • [USN-4362-1] DPDK vulnerabilities [04:47]
                      • 5 CVEs addressed in Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
                        • CVE-2020-10726
                        • CVE-2020-10725
                        • CVE-2020-10724
                        • CVE-2020-10723
                        • CVE-2020-10722
                        • Data-plane development kit (provides TCP offloading to userspace to
                          • accelerate package processing workloads)
                        • Used by openvswitch for OpenStack software defined networking
                        • Memory leak and file-descriptor leak -> DoS
                        • Guest to host crash via a missing check on an address in an io descriptor
                        • Failure to validate key lengths
                        • Integer overflow on host from guest -> crash
                          • [USN-4367-1] Linux kernel vulnerabilities [05:51]
                          • 3 CVEs addressed in Focal (20.04 LTS)
                            • CVE-2020-12657
                            • CVE-2020-11565
                            • CVE-2019-19377
                            • 5.4 kernel
                            • UAF due to a race-condition in bfq block io scheduler in block subsystem
                            • Bug in parsing of mount options for tmpfs -> stack overflow (need root
                              • privileges etc to specify mount options)
                            • UAF in btrfs when handling a specially crafted file-system image
                              • [USN-4363-1] Linux kernel vulnerabilities [06:42]
                              • 4 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)
                                • CVE-2020-12657
                                • CVE-2020-11669
                                • CVE-2020-11565
                                • CVE-2020-11494
                                • 4.15 kernel
                                • block io scheduler UAF
                                • PowerPC specific guest -> host VM crash on save / restore of authority
                                  • mask registers
                                • tmpfs mount option parsing
                                • Serial CAN driver did not initialise stack data so could leak stack
                                  • memory to userspace etc
                                  [USN-4364-1] Linux kernel vulnerabilities [07:30]
                                  • 7 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS)
                                    • CVE-2020-11668
                                    • CVE-2020-11609
                                    • CVE-2020-11608
                                    • CVE-2020-11565
                                    • CVE-2020-11494
                                    • CVE-2020-10942
                                    • CVE-2019-19060
                                    • 4.4 kernel
                                    • USB camera drivers fail to validate device metadata -> NULL ptr deref etc (crash)
                                    • tmpfs & serial CAN above
                                      • [USN-4368-1] Linux kernel vulnerabilities [07:59]
                                      • 8 CVEs addressed in Bionic (18.04 LTS)
                                        • CVE-2020-12657
                                        • CVE-2020-11669
                                        • CVE-2020-11668
                                        • CVE-2020-11609
                                        • CVE-2020-11608
                                        • CVE-2020-11565
                                        • CVE-2020-11494
                                        • CVE-2019-19769
                                        • 5.0 gke/eom (based off Ubuntu 19.04 disco kernel)
                                        • block io scheduler UAF
                                        • ppc specific guest -> host VM crash on save / restore of authority mask
                                          • registers
                                        • USB camera drivers fail to validate device metadata
                                        • tmpfs & serial CAN above
                                          • [USN-4365-1] Bind vulnerabilities [08:31]
                                          • 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
                                            • CVE-2020-8617
                                            • CVE-2020-8616
                                            • DNS refelection attack via recursive resolution -
                                              • http://www.nxnsattack.com/
                                              [USN-4366-1] Exim vulnerability [09:14]
                                              • 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
                                                • CVE-2020-12783
                                                • OOB read in Secure Password Authentication (SPA, also known as NTLM)
                                                  • authenticator, could result in SPA/NTLM auth bypass
                                                  Goings on in Ubuntu Security Community
                                                  Alex and Joe discuss recent trends in phishing attacks and Marcus Hutchins (aka MalwareTech) [09:43]
                                                  • https://www.wired.com/story/confessions-marcus-hutchins-hacker-who-saved-the-internet/
                                                    • Get in contact
                                                    • [email protected]
                                                    • #ubuntu-security on the Libera.Chat IRC network
                                                    • ubuntu-hardened mailing list
                                                    • Security section on discourse.ubuntu.com
                                                    • @ubuntu_sec on twitter
                                                      • ...more
                                                      View all episodesView all episodes
                                                      Download on the App Store
                                                      Ubuntu Security PodcastBy Ubuntu Security Team
                                                      • 4.8
                                                      • 4.8
                                                      • 4.8
                                                      • 4.8
                                                      • 4.8

                                                      4.8

                                                      10 ratings