July 03, 2020

Episode 81

28 minutes

Overview

Joe talks cyber security policy with Dr David Reed from CU Boulder, plus

Alex covers the week in security updates including Mutt, NVIDIA graphics

drivers, Mailman and more.

This week in Ubuntu Security Updates

6 unique CVEs addressed

[USN-4403-1] Mutt vulnerability and regression [00:40]

1 CVEs addressed in Precise ESM (12.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)

CVE-2020-14954

When connecting to an IMAP/SMTP/POP3 server via STARTTLS, would read

additional data after the clear-text command to begin TLS - if someone

was able to intercept the connection they could inject content which

would then later get processed by Mutt as though it had come from the TLS

connection. Fixed to simply clear input buffer at the start of TLS

negotiation.

Also includes a fix for a possible regression in the previous security

update (Episode 80)

[USN-4404-1, USN-4404-2] NVIDIA graphics drivers & Linux kernel vulnerabilities [01:59]

3 CVEs addressed in Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)

CVE-2020-5973

CVE-2020-5967

CVE-2020-5963

CUDA driver failed to properly perform access control during IPC - could

allow a local attacker to DoS/RCE

UVM driver (Unified Virtual Memory - used with CUDA driver for better

performance) race condition - local attacker DoS

Virtual guest GPU driver unspecified vuln -> privileged operations -> DoS

Updates the linux kernel source package since this is used to provide the

DKMS packages

[USN-4405-1] GLib Networking vulnerability [03:15]

1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)

CVE-2020-13645

glib-networking - additional library for glib/gio to provide TLS (ie

links against gnutls etc.)

Would fail to verify that the hostname of a server’s TLS certificate

matches the expected hostname by the client - but only if the client

failed to specify the hostname itself. If did not provide hostname, would

expect it to fail validation completely. Balsa (GNOME mail client) did

this, so could possibly be tricked into connecting to a different mail

server as a result.

[USN-4406-1] Mailman vulnerability [04:48]

1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)

CVE-2020-15011

Failed to validate inputs to the private archive login page - would then

echo these back inside the generated page and so provides arbitrary

content injection from a crafted URL.

Goings on in Ubuntu Security Community

Joe talks cyber security policy with Dr David Reed, Scholar in Residence @ UC Boulder [05:51]

https://www.colorado.edu/program/tcp/people/david-reed

Stock price study:

https://www.comparitech.com/blog/information-security/data-breach-share-price-analysis/

FCC 5G FAST Plan

https://docs.fcc.gov/public/attachments/DOC-354326A1.pdf

Ubuntu Security Notices relocated [27:00]

Thanks to the design and web teams at Canonical

Notices now live at https://ubuntu.com/security/notices/

Old notices from https://usn.ubuntu.com will get redirected

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@ubuntu_sec on twitter

...more

View all episodes

By Ubuntu Security Team

4.8

1010 ratings

July 03, 2020

Episode 81

28 minutes

Overview

Joe talks cyber security policy with Dr David Reed from CU Boulder, plus

Alex covers the week in security updates including Mutt, NVIDIA graphics

drivers, Mailman and more.

This week in Ubuntu Security Updates

6 unique CVEs addressed

[USN-4403-1] Mutt vulnerability and regression [00:40]

1 CVEs addressed in Precise ESM (12.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)

CVE-2020-14954

When connecting to an IMAP/SMTP/POP3 server via STARTTLS, would read

additional data after the clear-text command to begin TLS - if someone

was able to intercept the connection they could inject content which

would then later get processed by Mutt as though it had come from the TLS

connection. Fixed to simply clear input buffer at the start of TLS

negotiation.

Also includes a fix for a possible regression in the previous security

update (Episode 80)

[USN-4404-1, USN-4404-2] NVIDIA graphics drivers & Linux kernel vulnerabilities [01:59]

3 CVEs addressed in Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)

CVE-2020-5973

CVE-2020-5967

CVE-2020-5963

CUDA driver failed to properly perform access control during IPC - could

allow a local attacker to DoS/RCE

UVM driver (Unified Virtual Memory - used with CUDA driver for better

performance) race condition - local attacker DoS

Virtual guest GPU driver unspecified vuln -> privileged operations -> DoS

Updates the linux kernel source package since this is used to provide the

DKMS packages

[USN-4405-1] GLib Networking vulnerability [03:15]

1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)

CVE-2020-13645

glib-networking - additional library for glib/gio to provide TLS (ie

links against gnutls etc.)

Would fail to verify that the hostname of a server’s TLS certificate

matches the expected hostname by the client - but only if the client

failed to specify the hostname itself. If did not provide hostname, would

expect it to fail validation completely. Balsa (GNOME mail client) did

this, so could possibly be tricked into connecting to a different mail

server as a result.

[USN-4406-1] Mailman vulnerability [04:48]

1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)

CVE-2020-15011

Failed to validate inputs to the private archive login page - would then

echo these back inside the generated page and so provides arbitrary

content injection from a crafted URL.

Goings on in Ubuntu Security Community

Joe talks cyber security policy with Dr David Reed, Scholar in Residence @ UC Boulder [05:51]

https://www.colorado.edu/program/tcp/people/david-reed

Stock price study:

https://www.comparitech.com/blog/information-security/data-breach-share-price-analysis/

FCC 5G FAST Plan

https://docs.fcc.gov/public/attachments/DOC-354326A1.pdf

Ubuntu Security Notices relocated [27:00]

Thanks to the design and web teams at Canonical

Notices now live at https://ubuntu.com/security/notices/

Old notices from https://usn.ubuntu.com will get redirected

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@ubuntu_sec on twitter

...more

Share Episode 81

Sign up to save your podcasts

Episode 81

Episode 81