Sign up to save your podcasts
Or
Share Episode 93
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 93
Overview
This week we cover security updates for NTP, Brotli, Spice, the Linux
kernel (including BleedingTooth) and a FreeType vulnerability which is
being exploited in-the-wild, plus we talk about the NSAs report into the
most exploited vulnerabilities as well as the release of Ubuntu 20.10
Groovy Gorilla.
This week in Ubuntu Security Updates
74 unique CVEs addressed
[USN-4559-1] Samba update [01:04]
enable secure channel - this one adds support for specifying per-machine
insecure netlogon usage plus additional hardening to check for possible
attacks from the client-specified challenge if have manually enabled
insecure channel in configuration
[USN-4563-1] NTP vulnerability [01:48]
could be triggered by a malicious client -> DoS
[USN-4568-1] Brotli vulnerability [02:12]
especially for web fonts etc
decompression option on attacker controlled data
[USN-4570-1] urllib3 vulnerability [03:00]
used in a call to urllib3 - can specify additional parameters such as
Host and Remainder after an injected CRLF to cause the request to
misbehave
[USN-4572-1, USN-4572-2] Spice vulnerability [03:41]
decoding of QUIC image compression algorithm - and this affected both the
client and server side - DoS, RCE etc
[USN-4576-1] Linux kernel vulnerabilities [04:36]
[USN-4577-1] Linux kernel vulnerabilities
[USN-4578-1] Linux kernel vulnerabilities
[USN-4579-1] Linux kernel vulnerabilities
[USN-4580-1] Linux kernel vulnerability
1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM)
DCCP protocol mishandled reuse of sockets, leading to a UAF - since can
be done by a local user could lead to root code execution, priv esc etc -
was reported to Canonical and we worked with upstream kernel devs on
resolving this etc
[LSN-0072-1] Linux kernel vulnerability
[USN-4591-1] Linux kernel vulnerabilities [06:20]
[USN-4592-1] Linux kernel vulnerabilities
much heads up to distros, kernel team worked quickly to respin affected
kernels (>= 4.8) over the weekend
blog post with more details but this got held back to give time for
distros etc to patch
[USN-4593-1] FreeType vulnerability [07:30]
being exploited in the wild
CVE a few lines higher since it still provided the chance of an integer
overflow -> heap buffer overflow
upstream FreeType developers
[USN-4558-1] libapreq2 vulnerabilities
[USN-4557-1] Tomcat vulnerabilities
[USN-4560-1] Gon gem vulnerability
[USN-4561-1] Rack vulnerabilities
[USN-4562-1] kramdown vulnerability
[USN-4569-1] Yaws vulnerabilities
[USN-4571-1] rack-cors vulnerability
[USN-4564-1] Apache Tika vulnerabilities
[USN-4565-1] OpenConnect vulnerability
[USN-4566-1] Cyrus IMAP Server vulnerabilities
[USN-4567-1] OpenDMARC vulnerability
[USN-4573-1] Vino vulnerabilities
[USN-4574-1] libseccomp-golang vulnerability
[USN-4575-1] dom4j vulnerability
[USN-4581-1] Python vulnerability
[USN-4582-1] Vim vulnerabilities
[USN-4583-1] PHP vulnerabilities
[USN-4589-1] containerd vulnerability
[USN-4589-2] Docker vulnerability
[USN-4585-1] Newsbeuter vulnerabilities
[USN-4584-1] HtmlUnit vulnerability
[USN-4546-2] Firefox regressions
[USN-4590-1] Collabtive vulnerability
[USN-4586-1] PHP ImageMagick vulnerability
[USN-4594-1] Quassel vulnerabilities
[USN-4595-1] Grunt vulnerability
Goings on in Ubuntu Security Community
NSA Report on 25 most exploited CVEs by Chinese State-Sponsored Actors [09:51]
in affected Ubuntu releases 5 days later on 12 February 2018
the low-level details to exploit it on 6th March 2018 but without an
actual PoC (although all details are there to reconstruct one)
since (exploitdb, github etc)
updated?
(although the most popular one was updated 9 days ago)
downstream like Ubuntu
Ubuntu 20.10 Groovy Gorilla Release [13:50]
Get in contact
View all episodes
By Ubuntu Security Team
4.8
1010 ratings
Overview
This week we cover security updates for NTP, Brotli, Spice, the Linux
kernel (including BleedingTooth) and a FreeType vulnerability which is
being exploited in-the-wild, plus we talk about the NSAs report into the
most exploited vulnerabilities as well as the release of Ubuntu 20.10
Groovy Gorilla.
This week in Ubuntu Security Updates
74 unique CVEs addressed
[USN-4559-1] Samba update [01:04]
enable secure channel - this one adds support for specifying per-machine
insecure netlogon usage plus additional hardening to check for possible
attacks from the client-specified challenge if have manually enabled
insecure channel in configuration
[USN-4563-1] NTP vulnerability [01:48]
could be triggered by a malicious client -> DoS
[USN-4568-1] Brotli vulnerability [02:12]
especially for web fonts etc
decompression option on attacker controlled data
[USN-4570-1] urllib3 vulnerability [03:00]
used in a call to urllib3 - can specify additional parameters such as
Host and Remainder after an injected CRLF to cause the request to
misbehave
[USN-4572-1, USN-4572-2] Spice vulnerability [03:41]
decoding of QUIC image compression algorithm - and this affected both the
client and server side - DoS, RCE etc
[USN-4576-1] Linux kernel vulnerabilities [04:36]
[USN-4577-1] Linux kernel vulnerabilities
[USN-4578-1] Linux kernel vulnerabilities
[USN-4579-1] Linux kernel vulnerabilities
[USN-4580-1] Linux kernel vulnerability
1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM)
DCCP protocol mishandled reuse of sockets, leading to a UAF - since can
be done by a local user could lead to root code execution, priv esc etc -
was reported to Canonical and we worked with upstream kernel devs on
resolving this etc
[LSN-0072-1] Linux kernel vulnerability
[USN-4591-1] Linux kernel vulnerabilities [06:20]
[USN-4592-1] Linux kernel vulnerabilities
much heads up to distros, kernel team worked quickly to respin affected
kernels (>= 4.8) over the weekend
blog post with more details but this got held back to give time for
distros etc to patch
[USN-4593-1] FreeType vulnerability [07:30]
being exploited in the wild
CVE a few lines higher since it still provided the chance of an integer
overflow -> heap buffer overflow
upstream FreeType developers
[USN-4558-1] libapreq2 vulnerabilities
[USN-4557-1] Tomcat vulnerabilities
[USN-4560-1] Gon gem vulnerability
[USN-4561-1] Rack vulnerabilities
[USN-4562-1] kramdown vulnerability
[USN-4569-1] Yaws vulnerabilities
[USN-4571-1] rack-cors vulnerability
[USN-4564-1] Apache Tika vulnerabilities
[USN-4565-1] OpenConnect vulnerability
[USN-4566-1] Cyrus IMAP Server vulnerabilities
[USN-4567-1] OpenDMARC vulnerability
[USN-4573-1] Vino vulnerabilities
[USN-4574-1] libseccomp-golang vulnerability
[USN-4575-1] dom4j vulnerability
[USN-4581-1] Python vulnerability
[USN-4582-1] Vim vulnerabilities
[USN-4583-1] PHP vulnerabilities
[USN-4589-1] containerd vulnerability
[USN-4589-2] Docker vulnerability
[USN-4585-1] Newsbeuter vulnerabilities
[USN-4584-1] HtmlUnit vulnerability
[USN-4546-2] Firefox regressions
[USN-4590-1] Collabtive vulnerability
[USN-4586-1] PHP ImageMagick vulnerability
[USN-4594-1] Quassel vulnerabilities
[USN-4595-1] Grunt vulnerability
Goings on in Ubuntu Security Community
NSA Report on 25 most exploited CVEs by Chinese State-Sponsored Actors [09:51]
in affected Ubuntu releases 5 days later on 12 February 2018
the low-level details to exploit it on 6th March 2018 but without an
actual PoC (although all details are there to reconstruct one)
since (exploitdb, github etc)
updated?
(although the most popular one was updated 9 days ago)
downstream like Ubuntu
Ubuntu 20.10 Groovy Gorilla Release [13:50]
Get in contact