To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Jasne!
Artwork

Alex Murray Ubuntu Security Team Linux Tech Operating Systems Alex and Joe Security Software Development
Treść dostarczona przez Alex Murray and Ubuntu Security Team. Cała zawartość podcastów, w tym odcinki, grafika i opisy podcastów, jest przesyłana i udostępniana bezpośrednio przez Alex Murray and Ubuntu Security Team lub jego partnera na platformie podcastów. Jeśli uważasz, że ktoś wykorzystuje Twoje dzieło chronione prawem autorskim bez Twojej zgody, możesz postępować zgodnie z procedurą opisaną tutaj https://pl.player.fm/legal.

Podobny do Ubuntu Security Podcast

Player FM - aplikacja do podcastów
Przejdź do trybu offline z Player FM !
Get it on App Store Get it on Google Play

Ubuntu Security Podcast « »
Episode 229

13:22
 
Odtwórz
Odtwarzany
Udostępnij
 

MP3Źródło odcinka
Manage episode 421290257 series 2423058
Treść dostarczona przez Alex Murray and Ubuntu Security Team. Cała zawartość podcastów, w tym odcinki, grafika i opisy podcastów, jest przesyłana i udostępniana bezpośrednio przez Alex Murray and Ubuntu Security Team lub jego partnera na platformie podcastów. Jeśli uważasz, że ktoś wykorzystuje Twoje dzieło chronione prawem autorskim bez Twojej zgody, możesz postępować zgodnie z procedurą opisaną tutaj https://pl.player.fm/legal.

Overview

As the podcast winds down for a break over the next month, this week we talk about RSA timing side-channel attacks and the recently announced DNSBomb vulnerability as we cover security updates in VLC, OpenSSL, Netatalk, WebKitGTK, amavisd-new, Unbound, Intel Microcode and more.

This week in Ubuntu Security Updates

152 unique CVEs addressed

[USN-6783-1] VLC vulnerabilities (00:54)

  • 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10)
  • integer underflow and a heap buffer overflow -> RCE

[USN-6663-3] OpenSSL update (01:40)

  • Affecting Noble (24.04 LTS)
  • [USN-6663-1] OpenSSL update from Episode 220 - hardening improvement to return deterministic random bytes instead of an error when an incorrect padding length is detected during PKCS#1 v1.5 RSA to avoid this being used for possible Bleichenbacher timing attacks

[USN-6673-3] python-cryptography vulnerability (02:32)

[USN-6736-2] klibc vulnerabilities (02:43)

[USN-6784-1] cJSON vulnerabilities (02:58)

  • 3 CVEs addressed in Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
  • 2 different researchers fuzzing cJSON APIs
    • all different NULL ptr deref - requires particular / “incorrect” or possible misuse use of the APIs (like passing in purposefully corrupted values) so unlikely to be an issue in practice

[USN-6785-1] GNOME Remote Desktop vulnerability (03:52)

  • 1 CVEs addressed in Noble (24.04 LTS)
  • Discovered by a member of the SUSE security team when reviewing g-r-d
  • Exposed various DBus services that were able to be called by any unprivileged user which would then return the SSL private key used to encrypt the connection - so could allow a local user to possibly spy on the sessions of other users remotely connected to the system

[USN-6786-1] Netatalk vulnerabilities (04:45)

  • 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
  • Apple file sharing implementation for Linux
  • If the same path was shared via both AFP and SMB then a remote attacker could combine various operations through both file-systems (like creating a crafted symlink, which would then be followed during a second operation where a file is renamed) to allow them to overwrite arbirary files and hence achieve arbitrary code execution on the host

[USN-6788-1] WebKitGTK vulnerabilities (05:48)

  • 1 CVEs addressed in Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
  • Possible pointer authentication bypass - used on arm64 in particular - demonstrated at Pwn2Own earlier this year by Manfred Paul - $60k

[USN-6789-1] LibreOffice vulnerability (06:28)

  • 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
  • Unchecked script execution triggered when clicking on a graphic - allows to run arbitrary scripts without the usual prompt

[USN-6790-1] amavisd-new vulnerability (07:09)

  • 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
  • MTA / AV interface - often used in conjunction with Postfix, not just for AV but also can be used to do DKIM verification and integration with spamassassin etc
  • Misinterpreted MIME message boundaries in emails, allowing email parts to possibly bypass usual checks

[USN-6791-1] Unbound vulnerability (07:46)

  • 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
  • DNSBomb attack announced recently at IEEE S&P - affecting multiple different DNS implementations including BIND, Unbound, PowerDNS, Knot, DNSMasq and others
  • Unbound itself was not necessarily vulnerable to such an attack specifically, but could be used to generate such an attack against others - in particular Unbound had the highest amplification factor of ~22k times - next highest was DNSMasq at ~3k times
  • Fix involves introducing a number of timeout parameters for various operations and discarding operations if they take longer than this to avoid the ability to “store up” responses to be released at a later time

[USN-6793-1] Git vulnerabilities (09:31)

[USN-6792-1] Flask-Security vulnerability

  • 1 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS)

[USN-6794-1] FRR vulnerabilities

[USN-6777-4] Linux kernel (HWE) vulnerabilities (09:40)

[USN-6795-1] Linux kernel (Intel IoTG) vulnerabilities (10:00)

[USN-6779-2] Firefox regressions (10:30)

[USN-6787-1] Jinja2 vulnerability (10:48)

  • 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
  • Incorrect handling of various HTML attributes - attacker could then possibly inject arbitrary HTML attrs/values and hence inject JS code to peform XSS attacks etc

[USN-6797-1] Intel Microcode vulnerabilities (11:22)

  • 9 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
  • Latest release from upstream - mitigates against various hardware vulns
    • A couple issues in SGX/TDX on different Intel Xeon processors:
      • Invalid restrictions -> local root -> super-privesc
      • Invalid input on TDX -> local root -> super-privesc
      • Invalid SGX base key calculation -> info leak
    • Transient execution attacks to read privileged information
    • DoS through bus lock mishandling or through invalid instruction sequences

Get in contact

  continue reading

248 odcinków

#Alex Murray #Ubuntu Security Team #Linux #Tech #Operating Systems #Alex and Joe #Security #Software Development
Artwork

Episode 229

Ubuntu Security Podcast

148 subscribers

published

Odtwórz Odtwarzany
iconUdostępnij
 
MP3Źródło odcinka
Manage episode 421290257 series 2423058
Treść dostarczona przez Alex Murray and Ubuntu Security Team. Cała zawartość podcastów, w tym odcinki, grafika i opisy podcastów, jest przesyłana i udostępniana bezpośrednio przez Alex Murray and Ubuntu Security Team lub jego partnera na platformie podcastów. Jeśli uważasz, że ktoś wykorzystuje Twoje dzieło chronione prawem autorskim bez Twojej zgody, możesz postępować zgodnie z procedurą opisaną tutaj https://pl.player.fm/legal.

Overview

As the podcast winds down for a break over the next month, this week we talk about RSA timing side-channel attacks and the recently announced DNSBomb vulnerability as we cover security updates in VLC, OpenSSL, Netatalk, WebKitGTK, amavisd-new, Unbound, Intel Microcode and more.

This week in Ubuntu Security Updates

152 unique CVEs addressed

[USN-6783-1] VLC vulnerabilities (00:54)

  • 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10)
  • integer underflow and a heap buffer overflow -> RCE

[USN-6663-3] OpenSSL update (01:40)

  • Affecting Noble (24.04 LTS)
  • [USN-6663-1] OpenSSL update from Episode 220 - hardening improvement to return deterministic random bytes instead of an error when an incorrect padding length is detected during PKCS#1 v1.5 RSA to avoid this being used for possible Bleichenbacher timing attacks

[USN-6673-3] python-cryptography vulnerability (02:32)

[USN-6736-2] klibc vulnerabilities (02:43)

[USN-6784-1] cJSON vulnerabilities (02:58)

  • 3 CVEs addressed in Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
  • 2 different researchers fuzzing cJSON APIs
    • all different NULL ptr deref - requires particular / “incorrect” or possible misuse use of the APIs (like passing in purposefully corrupted values) so unlikely to be an issue in practice

[USN-6785-1] GNOME Remote Desktop vulnerability (03:52)

  • 1 CVEs addressed in Noble (24.04 LTS)
  • Discovered by a member of the SUSE security team when reviewing g-r-d
  • Exposed various DBus services that were able to be called by any unprivileged user which would then return the SSL private key used to encrypt the connection - so could allow a local user to possibly spy on the sessions of other users remotely connected to the system

[USN-6786-1] Netatalk vulnerabilities (04:45)

  • 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
  • Apple file sharing implementation for Linux
  • If the same path was shared via both AFP and SMB then a remote attacker could combine various operations through both file-systems (like creating a crafted symlink, which would then be followed during a second operation where a file is renamed) to allow them to overwrite arbirary files and hence achieve arbitrary code execution on the host

[USN-6788-1] WebKitGTK vulnerabilities (05:48)

  • 1 CVEs addressed in Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
  • Possible pointer authentication bypass - used on arm64 in particular - demonstrated at Pwn2Own earlier this year by Manfred Paul - $60k

[USN-6789-1] LibreOffice vulnerability (06:28)

  • 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
  • Unchecked script execution triggered when clicking on a graphic - allows to run arbitrary scripts without the usual prompt

[USN-6790-1] amavisd-new vulnerability (07:09)

  • 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
  • MTA / AV interface - often used in conjunction with Postfix, not just for AV but also can be used to do DKIM verification and integration with spamassassin etc
  • Misinterpreted MIME message boundaries in emails, allowing email parts to possibly bypass usual checks

[USN-6791-1] Unbound vulnerability (07:46)

  • 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
  • DNSBomb attack announced recently at IEEE S&P - affecting multiple different DNS implementations including BIND, Unbound, PowerDNS, Knot, DNSMasq and others
  • Unbound itself was not necessarily vulnerable to such an attack specifically, but could be used to generate such an attack against others - in particular Unbound had the highest amplification factor of ~22k times - next highest was DNSMasq at ~3k times
  • Fix involves introducing a number of timeout parameters for various operations and discarding operations if they take longer than this to avoid the ability to “store up” responses to be released at a later time

[USN-6793-1] Git vulnerabilities (09:31)

[USN-6792-1] Flask-Security vulnerability

  • 1 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS)

[USN-6794-1] FRR vulnerabilities

[USN-6777-4] Linux kernel (HWE) vulnerabilities (09:40)

[USN-6795-1] Linux kernel (Intel IoTG) vulnerabilities (10:00)

[USN-6779-2] Firefox regressions (10:30)

[USN-6787-1] Jinja2 vulnerability (10:48)

  • 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
  • Incorrect handling of various HTML attributes - attacker could then possibly inject arbitrary HTML attrs/values and hence inject JS code to peform XSS attacks etc

[USN-6797-1] Intel Microcode vulnerabilities (11:22)

  • 9 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
  • Latest release from upstream - mitigates against various hardware vulns
    • A couple issues in SGX/TDX on different Intel Xeon processors:
      • Invalid restrictions -> local root -> super-privesc
      • Invalid input on TDX -> local root -> super-privesc
      • Invalid SGX base key calculation -> info leak
    • Transient execution attacks to read privileged information
    • DoS through bus lock mishandling or through invalid instruction sequences

Get in contact

  continue reading

248 odcinków

#Alex Murray #Ubuntu Security Team #Linux #Tech #Operating Systems #Alex and Joe #Security #Software Development

Wszystkie odcinki

×
 
Loading …

Zapraszamy w Player FM

Odtwarzacz FM skanuje sieć w poszukiwaniu wysokiej jakości podcastów, abyś mógł się nią cieszyć już teraz. To najlepsza aplikacja do podcastów, działająca na Androidzie, iPhonie i Internecie. Zarejestruj się, aby zsynchronizować subskrypcje na różnych urządzeniach.

 

Podobny do Ubuntu Security Podcast

Posłuchaj 500+ tematów
Player FM - aplikacja do podcastów
Przejdź do trybu offline z Player FM !
Get it on App Store Get it on Google Play

Skrócona instrukcja obsługi

Najlepsze podcasty
weszlo.fm
Onet Sport
Black Hat Ultra
Mała Wielka Firma
Felieton Tomasza Olbratowskiego
Tu Okuniewska
Hammerzeit Podcast
Myszmasz
YesWas | Podcast
Fakty w RMF FM
Gość Krzysztofa Ziemca w RMF FM
Z pasją o mocnych stronach
Techniczny NXXI
Ameryka i ja - Lidia Krawczuk w RMF Classic
Kryminatorium
Prawdziwe Zbrodnie
Piąte: Nie zabijaj
Player FM logo
Pomoc / Pytania | Wejdź na wyższy poziom | Reklamować
Sztuka|Biznes|Komedia|Gospodarka|Rozrywka|Wiadomości|Polityka|Religia
Nauka|Piłka nożna|Sport|Powieściopisarstwo|Technika|Prawdziwa zbrodnia
Prawa autorskie 2025 | Mapa strony | Polityka prywatności | Warunki usługi | | Prawo autorskie
Episode being played series thumbnail
icon icon
Prędkość
Ustawienia serii
1x
1x
Volume
100%
icon
icon icon
/

Wyświetl Player FM w ...
Player FM
Browser
Chrome
Safari
Firefox
Posłuchaj tego programu podczas zwiedzania
Odtwarzanie