July 30, 2020

Episode 84

25 minutes

Overview

In a week when too many security updates are never enough, we cover the

biggest one of them all for a while, BootHole, with an interview between

Joe McManus and Alex Murray for some behind-the-scenes and in-depth

coverage, plus we also look briefly at the other 100-odd CVEs for the week

in FFmpeg, OpenJDK, LibVNCServer, ClamAV and more.

This week in Ubuntu Security Updates

109 unique CVEs addressed

[USN-4428-1] Python vulnerabilities [01:03]

4 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM),

Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2020-14422

CVE-2019-9674

CVE-2019-20907

CVE-2019-17514

CPU based DoS via infinite loop in parsing a crafted tar archive

[USN-4431-1] FFmpeg vulnerabilities [01:31]

9 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04

LTS)

CVE-2020-13904

CVE-2020-12284

CVE-2019-17542

CVE-2019-17539

CVE-2019-13390

CVE-2019-13312

CVE-2019-12730

CVE-2019-11338

CVE-2018-15822

UAF, use of uninitialised variables, heap buffer over-read, NULL pointer

deref etc - most via oss-fuzz

[USN-4430-2] Pillow vulnerabilities [02:15]

5 CVEs addressed in Focal (20.04 LTS)

CVE-2020-11538

CVE-2020-10994

CVE-2020-10379

CVE-2020-10378

CVE-2020-10177

2 buffer overflows in TIFF decoder

[USN-4433-1] OpenJDK vulnerabilities [02:33]

8 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2020-14621

CVE-2020-14593

CVE-2020-14583

CVE-2020-14581

CVE-2020-14577

CVE-2020-14573

CVE-2020-14562

CVE-2020-14556

11.0.8 upstream release - thanks to Tiago from Foundations for preparing

these

Usual mix of issues for Java - possible sandbox escape, crash in TIFF

decoder, failure to properly validate TLS certs in some cases etc

[USN-4434-1] LibVNCServer vulnerabilities [03:11]

12 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04

LTS)

CVE-2020-14405

CVE-2020-14404

CVE-2020-14403

CVE-2020-14402

CVE-2020-14401

CVE-2020-14400

CVE-2020-14399

CVE-2020-14398

CVE-2020-14397

CVE-2020-14396

CVE-2019-20840

CVE-2019-20839

2 NULL ptr deref, infinite loop -> DoS when closing connection,

misaligned data access leading to possible crash, integer overflow, OOB

read etc

[USN-4435-1, USN-4435-2] ClamAV vulnerabilities [04:03]

3 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM),

Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2020-3481

CVE-2020-3350

CVE-2020-3327

0.102.4 release

NULL ptr deref on crafted EGG, race condition where could replace target

dir with a symlink and get clamscan to remove that target, OOB read in

ARJ decoder (previous fix Episode 76 was incomplete)

[USN-4436-1, USN-4436-2] librsvg vulnerabilities / regression [04:55]

2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)

CVE-2019-20446

CVE-2017-11464

Update caused a regression since it removed a symbol - backed out,

waiting for a more complete fix from upstream

[USN-4437-1] libslirp vulnerability [05:26]

1 CVEs addressed in Focal (20.04 LTS)

CVE-2020-10756

OOB read in icmp6 echo reply - guest leaks contents of host memory ->

info disclosure

[USN-4438-1] SQLite vulnerability [05:45]

1 CVEs addressed in Focal (20.04 LTS)

CVE-2020-15358

Heap buffer overflow

[USN-4439-1] Linux kernel vulnerabilities [05:51]

14 CVEs addressed in Bionic (18.04 LTS)

CVE-2020-15780

CVE-2019-20908

CVE-2019-12380

CVE-2020-13974

CVE-2020-11935

CVE-2020-10768

CVE-2020-10767

CVE-2020-10766

CVE-2020-10757

CVE-2020-10732

CVE-2019-20810

CVE-2019-19462

CVE-2019-19036

CVE-2019-16089

5.0 (gke/oem)

[USN-4440-1] Linux kernel vulnerabilities [06:05]

12 CVEs addressed in Bionic (18.04 LTS)

CVE-2020-15780

CVE-2020-13974

CVE-2020-11935

CVE-2020-10768

CVE-2020-10767

CVE-2020-10766

CVE-2020-10757

CVE-2020-10732

CVE-2019-20908

CVE-2019-20810

CVE-2019-19462

CVE-2019-16089

5.3 (hwe / azure / gcp / gke / oracle)

[USN-4441-1] MySQL vulnerabilities [06:17]

30 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04

LTS)

CVE-2020-14702

CVE-2020-14697

CVE-2020-14680

CVE-2020-14678

CVE-2020-14663

CVE-2020-14656

CVE-2020-14654

CVE-2020-14651

CVE-2020-14643

CVE-2020-14641

CVE-2020-14634

CVE-2020-14633

CVE-2020-14632

CVE-2020-14631

CVE-2020-14624

CVE-2020-14623

CVE-2020-14620

CVE-2020-14619

CVE-2020-14597

CVE-2020-14591

CVE-2020-14586

CVE-2020-14576

CVE-2020-14575

CVE-2020-14568

CVE-2020-14559

CVE-2020-14553

CVE-2020-14550

CVE-2020-14547

CVE-2020-14540

CVE-2020-14539

8.0.21 (focal)

5.7.31 (bionic / xenial)

[USN-4442-1] Sympa vulnerabilities [06:54]

3 CVEs addressed in Trusty ESM (14.04 ESM)

CVE-2020-10936

CVE-2018-1000671

CVE-2018-1000550

Mailing list manager - possible privesc via injection of environment

variables to run setuid wrappers arbitrary code

[USN-4443-1] Firefox vulnerabilities [07:27]

9 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04

LTS)

CVE-2020-15655

CVE-2020-15659

CVE-2020-15658

CVE-2020-15656

CVE-2020-15654

CVE-2020-15653

CVE-2020-15652

CVE-2020-6514

CVE-2020-6463

79.0

[USN-4432-1] GRUB 2 vulnerabilities [07:39]

8 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2020-15707

CVE-2020-15705

CVE-2020-14308

CVE-2020-14311

CVE-2020-14310

CVE-2020-14309

CVE-2020-15706

CVE-2020-10713

Goings on in Ubuntu Security Community

Alex and Joe take an in-depth and behind-the-scenes look at BootHole / GRUB 2 [08:14]

https://ubuntu.com/blog/mitigating-boothole-theres-a-hole-in-the-boot-cve-2020-10713-and-related-vulnerabilities

https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass

Alex hints at pending future secureboot-db update [23:55]

https://uefi.org/revocationlistfile

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@ubuntu_sec on twitter

...more

View all episodes

By Ubuntu Security Team

4.8

1010 ratings

July 30, 2020

Episode 84

25 minutes

Overview

In a week when too many security updates are never enough, we cover the

biggest one of them all for a while, BootHole, with an interview between

Joe McManus and Alex Murray for some behind-the-scenes and in-depth

coverage, plus we also look briefly at the other 100-odd CVEs for the week

in FFmpeg, OpenJDK, LibVNCServer, ClamAV and more.

This week in Ubuntu Security Updates

109 unique CVEs addressed

[USN-4428-1] Python vulnerabilities [01:03]

4 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM),

Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2020-14422

CVE-2019-9674

CVE-2019-20907

CVE-2019-17514

CPU based DoS via infinite loop in parsing a crafted tar archive

[USN-4431-1] FFmpeg vulnerabilities [01:31]

9 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04

LTS)

CVE-2020-13904

CVE-2020-12284

CVE-2019-17542

CVE-2019-17539

CVE-2019-13390

CVE-2019-13312

CVE-2019-12730

CVE-2019-11338

CVE-2018-15822

UAF, use of uninitialised variables, heap buffer over-read, NULL pointer

deref etc - most via oss-fuzz

[USN-4430-2] Pillow vulnerabilities [02:15]

5 CVEs addressed in Focal (20.04 LTS)

CVE-2020-11538

CVE-2020-10994

CVE-2020-10379

CVE-2020-10378

CVE-2020-10177

2 buffer overflows in TIFF decoder

[USN-4433-1] OpenJDK vulnerabilities [02:33]

8 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2020-14621

CVE-2020-14593

CVE-2020-14583

CVE-2020-14581

CVE-2020-14577

CVE-2020-14573

CVE-2020-14562

CVE-2020-14556

11.0.8 upstream release - thanks to Tiago from Foundations for preparing

these

Usual mix of issues for Java - possible sandbox escape, crash in TIFF

decoder, failure to properly validate TLS certs in some cases etc

[USN-4434-1] LibVNCServer vulnerabilities [03:11]

12 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04

LTS)

CVE-2020-14405

CVE-2020-14404

CVE-2020-14403

CVE-2020-14402

CVE-2020-14401

CVE-2020-14400

CVE-2020-14399

CVE-2020-14398

CVE-2020-14397

CVE-2020-14396

CVE-2019-20840

CVE-2019-20839

2 NULL ptr deref, infinite loop -> DoS when closing connection,

misaligned data access leading to possible crash, integer overflow, OOB

read etc

[USN-4435-1, USN-4435-2] ClamAV vulnerabilities [04:03]

3 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM),

Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2020-3481

CVE-2020-3350

CVE-2020-3327

0.102.4 release

NULL ptr deref on crafted EGG, race condition where could replace target

dir with a symlink and get clamscan to remove that target, OOB read in

ARJ decoder (previous fix Episode 76 was incomplete)

[USN-4436-1, USN-4436-2] librsvg vulnerabilities / regression [04:55]

2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)

CVE-2019-20446

CVE-2017-11464

Update caused a regression since it removed a symbol - backed out,

waiting for a more complete fix from upstream

[USN-4437-1] libslirp vulnerability [05:26]

1 CVEs addressed in Focal (20.04 LTS)

CVE-2020-10756

OOB read in icmp6 echo reply - guest leaks contents of host memory ->

info disclosure

[USN-4438-1] SQLite vulnerability [05:45]

1 CVEs addressed in Focal (20.04 LTS)

CVE-2020-15358

Heap buffer overflow

[USN-4439-1] Linux kernel vulnerabilities [05:51]

14 CVEs addressed in Bionic (18.04 LTS)

CVE-2020-15780

CVE-2019-20908

CVE-2019-12380

CVE-2020-13974

CVE-2020-11935

CVE-2020-10768

CVE-2020-10767

CVE-2020-10766

CVE-2020-10757

CVE-2020-10732

CVE-2019-20810

CVE-2019-19462

CVE-2019-19036

CVE-2019-16089

5.0 (gke/oem)

[USN-4440-1] Linux kernel vulnerabilities [06:05]

12 CVEs addressed in Bionic (18.04 LTS)

CVE-2020-15780

CVE-2020-13974

CVE-2020-11935

CVE-2020-10768

CVE-2020-10767

CVE-2020-10766

CVE-2020-10757

CVE-2020-10732

CVE-2019-20908

CVE-2019-20810

CVE-2019-19462

CVE-2019-16089

5.3 (hwe / azure / gcp / gke / oracle)

[USN-4441-1] MySQL vulnerabilities [06:17]

30 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04

LTS)

CVE-2020-14702

CVE-2020-14697

CVE-2020-14680

CVE-2020-14678

CVE-2020-14663

CVE-2020-14656

CVE-2020-14654

CVE-2020-14651

CVE-2020-14643

CVE-2020-14641

CVE-2020-14634

CVE-2020-14633

CVE-2020-14632

CVE-2020-14631

CVE-2020-14624

CVE-2020-14623

CVE-2020-14620

CVE-2020-14619

CVE-2020-14597

CVE-2020-14591

CVE-2020-14586

CVE-2020-14576

CVE-2020-14575

CVE-2020-14568

CVE-2020-14559

CVE-2020-14553

CVE-2020-14550

CVE-2020-14547

CVE-2020-14540

CVE-2020-14539

8.0.21 (focal)

5.7.31 (bionic / xenial)

[USN-4442-1] Sympa vulnerabilities [06:54]

3 CVEs addressed in Trusty ESM (14.04 ESM)

CVE-2020-10936

CVE-2018-1000671

CVE-2018-1000550

Mailing list manager - possible privesc via injection of environment

variables to run setuid wrappers arbitrary code

[USN-4443-1] Firefox vulnerabilities [07:27]

9 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04

LTS)

CVE-2020-15655

CVE-2020-15659

CVE-2020-15658

CVE-2020-15656

CVE-2020-15654

CVE-2020-15653

CVE-2020-15652

CVE-2020-6514

CVE-2020-6463

79.0

[USN-4432-1] GRUB 2 vulnerabilities [07:39]

8 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2020-15707

CVE-2020-15705

CVE-2020-14308

CVE-2020-14311

CVE-2020-14310

CVE-2020-14309

CVE-2020-15706

CVE-2020-10713

Goings on in Ubuntu Security Community

Alex and Joe take an in-depth and behind-the-scenes look at BootHole / GRUB 2 [08:14]

https://ubuntu.com/blog/mitigating-boothole-theres-a-hole-in-the-boot-cve-2020-10713-and-related-vulnerabilities

https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass

Alex hints at pending future secureboot-db update [23:55]

https://uefi.org/revocationlistfile

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@ubuntu_sec on twitter

...more

Share Episode 84

Sign up to save your podcasts

Episode 84

Episode 84