June 12, 2020

Episode 78

24 minutes

Overview

SRBDS aka CrossTalk, the latest Intel speculative execution attack, is the

big news this week in security updates for Ubuntu, as well as fixes for

GnuTLS, Firefox and more, plus Alex and Joe talk about using STRIDE for

threat modelling of software products.

This week in Ubuntu Security Updates

39 unique CVEs addressed

[USN-4381-2] Django vulnerabilities [01:00]

2 CVEs addressed in Trusty ESM (14.04 ESM)

CVE-2020-13596

CVE-2020-13254

Episode 77

[USN-4382-1] FreeRDP vulnerabilities [01:28]

14 CVEs addressed in Xenial (16.04 LTS)

CVE-2020-13398

CVE-2020-13397

CVE-2020-13396

CVE-2020-11526

CVE-2020-11525

CVE-2020-11523

CVE-2020-11522

CVE-2020-11521

CVE-2020-11058

CVE-2020-11049

CVE-2020-11048

CVE-2020-11046

CVE-2020-11045

CVE-2020-11042

Episode 77 covered a similar update for FreeRDP2 in 18.04 LTS, 19.10, 20.04 LTS

This is the corresponding update for FreeRDP 1 in 16.04 LTS

[USN-4383-1] Firefox vulnerabilities [02:09]

8 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)

CVE-2020-12399

CVE-2020-12411

CVE-2020-12410

CVE-2020-12409

CVE-2020-12408

CVE-2020-12407

CVE-2020-12406

CVE-2020-12405

77.0.1

[USN-4384-1] GnuTLS vulnerability [02:54]

1 CVEs addressed in Eoan (19.10), Focal (20.04 LTS)

CVE-2020-13777

Rare Friday update - high priority GnuTLS vulnerability - would use an

all-zero key for encrypting TLS session ticket

TLS1.3 -> enables a middleperson attack against resumed sessions

TLS1.2 -> enables passive decryption of traffic to/from servers when the

client supports session tickets

[USN-4386-1] libjpeg-turbo vulnerability [04:19]

1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)

CVE-2020-13790

Heap buffer over-read via crafted PPM file -> info disclosure / crash

[USN-4385-1] Intel Microcode vulnerabilities [04:49]

3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)

CVE-2020-0549

CVE-2020-0548

CVE-2020-0543

Latest Intel microarchitectural cache side-channel vulnerabilities - L1D

cache, vector registers, special registers

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS

Special register buffer data sampling (SRBDS) -> RDRAND, RDSEED etc ->

aka CrossTalk -> micro-arch buffer is shared across cores so old values

could be read by other processors

microcode clears buffers -> performance decrease for RDRAND etc as a

result -> kernel update contains support for a kernel command-line arg to

disable this mitigation

[USN-4387-1] Linux kernel vulnerabilities [07:25]

5 CVEs addressed in Bionic (18.04 LTS), Eoan (19.10)

CVE-2020-12659

CVE-2020-12464

CVE-2020-12114

CVE-2020-0543

CVE-2020-0067

5.3

Kernel command-line option to disable SRBDS mitigation

F2FS bounds check fail on xattrs -> OOB read -> info leak

USB scatter-gather UAF -> malicious USB device -> crash / RCE

XDP socket fail to validate userspace metadata -> OOB write -> requires

CAP_NET_ADMIN

[USN-4388-1] Linux kernel vulnerabilities [08:40]

6 CVEs addressed in Bionic (18.04 LTS)

CVE-2020-1749

CVE-2020-12659

CVE-2020-12464

CVE-2020-12114

CVE-2020-0543

CVE-2020-0067

5.0 gke & oem

[USN-4389-1] Linux kernel vulnerabilities [08:54]

6 CVEs addressed in Focal (20.04 LTS)

CVE-2020-10751

CVE-2020-12659

CVE-2020-12464

CVE-2020-12114

CVE-2020-0543

CVE-2020-0067

5.4

[USN-4390-1] Linux kernel vulnerabilities [09:02]

6 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS)

CVE-2020-10751

CVE-2020-1749

CVE-2020-12464

CVE-2020-12114

CVE-2020-0543

CVE-2020-0067

4.15 (14.04 ESM azure, 16.04 LTS - hwe, 18.04 LTS

all)

As above + IPsec fail to encrypt IPv6 in some conditions -> info leak

[USN-4391-1] Linux kernel vulnerabilities [09:35]

8 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS)

CVE-2020-10751

CVE-2020-1749

CVE-2020-12826

CVE-2020-12769

CVE-2020-12464

CVE-2020-12114

CVE-2020-0543

CVE-2019-19319

4.4

[USN-4392-1] Linux kernel vulnerabilities [09:46]

3 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM)

CVE-2020-12114

CVE-2020-0543

CVE-2020-12654

3.13

[USN-4393-1] Linux kernel vulnerabilities [09:46]

2 CVEs addressed in Precise ESM (12.04 ESM)

CVE-2020-0543

CVE-2020-12654

3.2

Goings on in Ubuntu Security Community

Joe and Alex discuss Threat Modelling via STRIDE [10:12]

https://en.wikipedia.org/wiki/STRIDE_(security)

https://threatmodelingbook.com/

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@ubuntu_sec on twitter

...more

View all episodes

By Ubuntu Security Team

4.8

1010 ratings

June 12, 2020

Episode 78

24 minutes

Overview

SRBDS aka CrossTalk, the latest Intel speculative execution attack, is the

big news this week in security updates for Ubuntu, as well as fixes for

GnuTLS, Firefox and more, plus Alex and Joe talk about using STRIDE for

threat modelling of software products.

This week in Ubuntu Security Updates

39 unique CVEs addressed

[USN-4381-2] Django vulnerabilities [01:00]

2 CVEs addressed in Trusty ESM (14.04 ESM)

CVE-2020-13596

CVE-2020-13254

Episode 77

[USN-4382-1] FreeRDP vulnerabilities [01:28]

14 CVEs addressed in Xenial (16.04 LTS)

CVE-2020-13398

CVE-2020-13397

CVE-2020-13396

CVE-2020-11526

CVE-2020-11525

CVE-2020-11523

CVE-2020-11522

CVE-2020-11521

CVE-2020-11058

CVE-2020-11049

CVE-2020-11048

CVE-2020-11046

CVE-2020-11045

CVE-2020-11042

Episode 77 covered a similar update for FreeRDP2 in 18.04 LTS, 19.10, 20.04 LTS

This is the corresponding update for FreeRDP 1 in 16.04 LTS

[USN-4383-1] Firefox vulnerabilities [02:09]

8 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)

CVE-2020-12399

CVE-2020-12411

CVE-2020-12410

CVE-2020-12409

CVE-2020-12408

CVE-2020-12407

CVE-2020-12406

CVE-2020-12405

77.0.1

[USN-4384-1] GnuTLS vulnerability [02:54]

1 CVEs addressed in Eoan (19.10), Focal (20.04 LTS)

CVE-2020-13777

Rare Friday update - high priority GnuTLS vulnerability - would use an

all-zero key for encrypting TLS session ticket

TLS1.3 -> enables a middleperson attack against resumed sessions

TLS1.2 -> enables passive decryption of traffic to/from servers when the

client supports session tickets

[USN-4386-1] libjpeg-turbo vulnerability [04:19]

1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)

CVE-2020-13790

Heap buffer over-read via crafted PPM file -> info disclosure / crash

[USN-4385-1] Intel Microcode vulnerabilities [04:49]

3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)

CVE-2020-0549

CVE-2020-0548

CVE-2020-0543

Latest Intel microarchitectural cache side-channel vulnerabilities - L1D

cache, vector registers, special registers

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS

Special register buffer data sampling (SRBDS) -> RDRAND, RDSEED etc ->

aka CrossTalk -> micro-arch buffer is shared across cores so old values

could be read by other processors

microcode clears buffers -> performance decrease for RDRAND etc as a

result -> kernel update contains support for a kernel command-line arg to

disable this mitigation

[USN-4387-1] Linux kernel vulnerabilities [07:25]

5 CVEs addressed in Bionic (18.04 LTS), Eoan (19.10)

CVE-2020-12659

CVE-2020-12464

CVE-2020-12114

CVE-2020-0543

CVE-2020-0067

5.3

Kernel command-line option to disable SRBDS mitigation

F2FS bounds check fail on xattrs -> OOB read -> info leak

USB scatter-gather UAF -> malicious USB device -> crash / RCE

XDP socket fail to validate userspace metadata -> OOB write -> requires

CAP_NET_ADMIN

[USN-4388-1] Linux kernel vulnerabilities [08:40]

6 CVEs addressed in Bionic (18.04 LTS)

CVE-2020-1749

CVE-2020-12659

CVE-2020-12464

CVE-2020-12114

CVE-2020-0543

CVE-2020-0067

5.0 gke & oem

[USN-4389-1] Linux kernel vulnerabilities [08:54]

6 CVEs addressed in Focal (20.04 LTS)

CVE-2020-10751

CVE-2020-12659

CVE-2020-12464

CVE-2020-12114

CVE-2020-0543

CVE-2020-0067

5.4

[USN-4390-1] Linux kernel vulnerabilities [09:02]

6 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS)

CVE-2020-10751

CVE-2020-1749

CVE-2020-12464

CVE-2020-12114

CVE-2020-0543

CVE-2020-0067

4.15 (14.04 ESM azure, 16.04 LTS - hwe, 18.04 LTS

all)

As above + IPsec fail to encrypt IPv6 in some conditions -> info leak

[USN-4391-1] Linux kernel vulnerabilities [09:35]

8 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS)

CVE-2020-10751

CVE-2020-1749

CVE-2020-12826

CVE-2020-12769

CVE-2020-12464

CVE-2020-12114

CVE-2020-0543

CVE-2019-19319

4.4

[USN-4392-1] Linux kernel vulnerabilities [09:46]

3 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM)

CVE-2020-12114

CVE-2020-0543

CVE-2020-12654

3.13

[USN-4393-1] Linux kernel vulnerabilities [09:46]

2 CVEs addressed in Precise ESM (12.04 ESM)

CVE-2020-0543

CVE-2020-12654

3.2

Goings on in Ubuntu Security Community

Joe and Alex discuss Threat Modelling via STRIDE [10:12]

https://en.wikipedia.org/wiki/STRIDE_(security)

https://threatmodelingbook.com/

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@ubuntu_sec on twitter

...more

Share Episode 78

Sign up to save your podcasts

Episode 78

Episode 78