August 21, 2020

Episode 87

23 minutes

Overview

This week we look at the Drovorub Linux malware outed by the NSA/FBI plus

we detail security updates for Dovecot, Apache, Salt, the Linux kernel and

more.

This week in Ubuntu Security Updates

24 unique CVEs addressed

[USN-4456-1, USN-4456-2] Dovecot vulnerabilities [00:46]

3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2020-12674

CVE-2020-12673

CVE-2020-12100

3 DoS issues - nested MIME -> resource exhaustion, Compuserve RPA auth

mechanism (rare) -> zero length message -> assert fail, NTLM missing

length check -> buffer over read -> crash

[USN-4457-1, USN-4457-2] Software Properties vulnerability [01:39]

1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2020-15709

add-apt-repository ANSI escape sequence display from launchpad PPA

description

[USN-4458-1] Apache HTTP Server vulnerabilities [02:27]

5 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2020-11993

CVE-2020-11984

CVE-2020-9490

CVE-2020-1934

CVE-2020-1927

mod_rewrite could be tricked into redirecting to an unexpected URL via

newlines encoded into the request URL

use of uninitialized memory when proxying to a malicious FTP server ->

info leak

2 HTTP/2 issues - improper handling of Cache-Digest headers and certain

logging statements -> crash, DoS

buffer overflow in mod_proxy_uwsgi - crash / code exec

[USN-4459-1] Salt vulnerabilities [03:18]

5 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)

CVE-2020-11652

CVE-2020-11651

CVE-2019-17361

CVE-2018-15751

CVE-2018-15750

File enumeration on remote server -> info leak

Authentication bypass

Command injection from unauthenticated users -> code exec on salt-api host

Failure to validate method calls and sanitize paths - access control

bypass

[USN-4460-1] Oniguruma vulnerabilities [03:58]

4 CVEs addressed in Trusty ESM (14.04 ESM)

CVE-2019-19246

CVE-2019-19204

CVE-2019-19012

CVE-2019-16163

regex library used by PHP and Ruby -> various issues leading to DoS /

info leak etc

[USN-4461-1] Ark vulnerability [04:20]

1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2020-16116

KDE archive handler - malicious ZIP files could contain files outside the

working directory (zip-slip)

[USN-4465-1] Linux kernel vulnerabilities [04:50]

3 CVEs addressed in Bionic (18.04 LTS)

CVE-2020-15393

CVE-2020-12771

CVE-2020-12655

5.3 (hwe)

Memory leak in USB testing driver on disconnect - so physical attacker

could add / remove device and eventually exhaust memory

bcache deadlock -> DoS

Crafted XFS metadata could cause a sync of excessive duration -> DoS

[USN-4462-1] Linux kernel vulnerability [05:53]

1 CVEs addressed in Bionic (18.04 LTS)

CVE-2020-12771

5.0 (gke / oem)

bcache deadlock -> DoS

[USN-4463-1] Linux kernel vulnerabilities [06:06]

2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS)

CVE-2020-15393

CVE-2020-12771

4.4 (xenial / trusy esm hwe)

bcache deadlock

usb testing driver memory leak

[USN-4464-1] GNOME Shell vulnerability [06:24]

1 CVEs addressed in Focal (20.04 LTS)

CVE-2020-17489

Could show the login password when logging out if had set it visible

during login

[USN-4466-1] curl vulnerability [06:53]

1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2020-8231

libcurl - improper handling of the CURLOPT_CONNECT_ONLY option -> could

connect to wrong destination and so expose sensitive info

Goings on in Ubuntu Security Community

Joe and Alex discuss Drovorub Linux malware [07:24]

https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@ubuntu_sec on twitter

...more

View all episodes

By Ubuntu Security Team

4.8

1010 ratings

August 21, 2020

Episode 87

23 minutes

Overview

This week we look at the Drovorub Linux malware outed by the NSA/FBI plus

we detail security updates for Dovecot, Apache, Salt, the Linux kernel and

more.

This week in Ubuntu Security Updates

24 unique CVEs addressed

[USN-4456-1, USN-4456-2] Dovecot vulnerabilities [00:46]

3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2020-12674

CVE-2020-12673

CVE-2020-12100

3 DoS issues - nested MIME -> resource exhaustion, Compuserve RPA auth

mechanism (rare) -> zero length message -> assert fail, NTLM missing

length check -> buffer over read -> crash

[USN-4457-1, USN-4457-2] Software Properties vulnerability [01:39]

1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2020-15709

add-apt-repository ANSI escape sequence display from launchpad PPA

description

[USN-4458-1] Apache HTTP Server vulnerabilities [02:27]

5 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2020-11993

CVE-2020-11984

CVE-2020-9490

CVE-2020-1934

CVE-2020-1927

mod_rewrite could be tricked into redirecting to an unexpected URL via

newlines encoded into the request URL

use of uninitialized memory when proxying to a malicious FTP server ->

info leak

2 HTTP/2 issues - improper handling of Cache-Digest headers and certain

logging statements -> crash, DoS

buffer overflow in mod_proxy_uwsgi - crash / code exec

[USN-4459-1] Salt vulnerabilities [03:18]

5 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)

CVE-2020-11652

CVE-2020-11651

CVE-2019-17361

CVE-2018-15751

CVE-2018-15750

File enumeration on remote server -> info leak

Authentication bypass

Command injection from unauthenticated users -> code exec on salt-api host

Failure to validate method calls and sanitize paths - access control

bypass

[USN-4460-1] Oniguruma vulnerabilities [03:58]

4 CVEs addressed in Trusty ESM (14.04 ESM)

CVE-2019-19246

CVE-2019-19204

CVE-2019-19012

CVE-2019-16163

regex library used by PHP and Ruby -> various issues leading to DoS /

info leak etc

[USN-4461-1] Ark vulnerability [04:20]

1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2020-16116

KDE archive handler - malicious ZIP files could contain files outside the

working directory (zip-slip)

[USN-4465-1] Linux kernel vulnerabilities [04:50]

3 CVEs addressed in Bionic (18.04 LTS)

CVE-2020-15393

CVE-2020-12771

CVE-2020-12655

5.3 (hwe)

Memory leak in USB testing driver on disconnect - so physical attacker

could add / remove device and eventually exhaust memory

bcache deadlock -> DoS

Crafted XFS metadata could cause a sync of excessive duration -> DoS

[USN-4462-1] Linux kernel vulnerability [05:53]

1 CVEs addressed in Bionic (18.04 LTS)

CVE-2020-12771

5.0 (gke / oem)

bcache deadlock -> DoS

[USN-4463-1] Linux kernel vulnerabilities [06:06]

2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS)

CVE-2020-15393

CVE-2020-12771

4.4 (xenial / trusy esm hwe)

bcache deadlock

usb testing driver memory leak

[USN-4464-1] GNOME Shell vulnerability [06:24]

1 CVEs addressed in Focal (20.04 LTS)

CVE-2020-17489

Could show the login password when logging out if had set it visible

during login

[USN-4466-1] curl vulnerability [06:53]

1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2020-8231

libcurl - improper handling of the CURLOPT_CONNECT_ONLY option -> could

connect to wrong destination and so expose sensitive info

Goings on in Ubuntu Security Community

Joe and Alex discuss Drovorub Linux malware [07:24]

https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@ubuntu_sec on twitter

...more

Share Episode 87

Sign up to save your podcasts

Episode 87

Episode 87