This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
コンテンツは Alex Murray and Ubuntu Security Team によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Alex Murray and Ubuntu Security Team またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作権で保護された作品をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal。
Player FM -ポッドキャストアプリ
Player FMアプリでオフラインにしPlayer FMう!
Player FMアプリでオフラインにしPlayer FMう!
Episode 114
Manage episode 291815272 series 2423058
コンテンツは Alex Murray and Ubuntu Security Team によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Alex Murray and Ubuntu Security Team またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作権で保護された作品をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal。
Overview
This week we look at the response from the Linux Technical Advisory Board to the UMN Linux kernel incident, plus we cover the 21Nails Exim vulnerabilities as well as updates for Bind, Samba, OpenVPN and more.
This week in Ubuntu Security Updates
40 unique CVEs addressed
[USN-4928-1] GStreamer Good Plugins vulnerabilities [00:40]
- 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- UAF or heap corruption when handling crafted Matroska files - crash / RCE
[USN-4929-1] Bind vulnerabilities [01:18]
- 3 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- 2 possible crasher bugs (failed assertions) -> DoS, 1 buffer over-read or possible overflow -> crash / RCE
[USN-4930-1] Samba vulnerability [02:08]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Failed to properly handle negative idmap cache entries - could then end up with incorrect group entries and as such could possibly allow a user to access / modify files they should not have access to
[USN-4931-1] Samba vulnerabilities [02:51]
- 4 CVEs addressed in Trusty ESM (14.04 ESM)
- negative idmap cache entries issue plus some older vulns (Episode 95)
[LSN-0076-1] Linux kernel vulnerability [03:03]
- 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- 2 local user privesc vulns fixed:
- BPF JIT branch displacement issue (Episode 112)
- Overlayfs / file system capabilities interaction
[USN-4918-3] ClamAV regression [03:52]
- 3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Previous clamav update (back in April ) introduced a regression where clamdscan would crash if called with –multiscan and –fdpass AND you had an ExcludePath configured in the configuration - backported the upstream commit from the development branch to fix this
[USN-4932-1] Django vulnerability [04:30]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Directory traversal via uploaded files with crafted names
[USN-4933-1] OpenVPN vulnerabilities [04:47]
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Race condition in handling of data packets could allow an attacker to inject a packet using a victim’s peer-id before the crypto channel is properly initialised - could cause the victim’s connection to be dropped (DoS) but doesn’t appear to expose any sensitive info etc
- Attackers could possibly bypass auth on control channel and hence leak info
[USN-4934-1] Exim vulnerabilities [05:39]
- 21 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- CVE-2021-27216
- CVE-2020-28026
- CVE-2020-28025
- CVE-2020-28024
- CVE-2020-28023
- CVE-2020-28022
- CVE-2020-28021
- CVE-2020-28020
- CVE-2020-28019
- CVE-2020-28018
- CVE-2020-28017
- CVE-2020-28016
- CVE-2020-28015
- CVE-2020-28014
- CVE-2020-28013
- CVE-2020-28012
- CVE-2020-28011
- CVE-2020-28010
- CVE-2020-28009
- CVE-2020-28008
- CVE-2020-28007
- Qualsys - 21Nails - various vulns which could be chained together to get full remote unauthenticated RCE and root privesc
- Possibly 60% of internet mail servers run exim and 4 million are publicly accessible
- Previously has been a target of Sandworm
- In the process of preparing the updates for 16.04 / 14.04 ESM - expect to be available in the next day or 2 so most likely will already be out by the time you are listening to this
[USN-4935-1] NVIDIA graphics drivers vulnerabilities [07:58]
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Not much detail from NVIDIA
- improper access control -> DoS, infoleak or data corruption -> privesc etc
- incorrect use of reference counting -> DoS (crash?) (UAF?)
Goings on in Ubuntu Security Community
Linux Technical Advisory Board response to UMN incident [08:56]
- Covered in Episode 113
- https://lore.kernel.org/lkml/202105051005.49BFABCE@keescook/
- Kees Cook (previously inaugural Tech Lead of Ubuntu Security Team) posted to LKML the Tab’s report (various folks from across the Linux Kernel community, including from Red Hat, Google, Canonical and others)
- Detailed timeline of events, identification of the “hypocrite” commits in question
- Recommendations going forward
- UMN must improve quality of their submissions since even for a lot of what were good-faith patches, they actually had issues and either didn’t fix the purported issue or tried to fix a non-issue
- TAB will create a best-practices document for all research groups when working with the kernel or other open source projects
Hiring [11:36]
AppArmor Security Engineer
Linux Cryptography and Security Engineer
Security Engineer - Ubuntu
Get in contact
231 つのエピソード
Manage episode 291815272 series 2423058
コンテンツは Alex Murray and Ubuntu Security Team によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Alex Murray and Ubuntu Security Team またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作権で保護された作品をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal。
Overview
This week we look at the response from the Linux Technical Advisory Board to the UMN Linux kernel incident, plus we cover the 21Nails Exim vulnerabilities as well as updates for Bind, Samba, OpenVPN and more.
This week in Ubuntu Security Updates
40 unique CVEs addressed
[USN-4928-1] GStreamer Good Plugins vulnerabilities [00:40]
- 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- UAF or heap corruption when handling crafted Matroska files - crash / RCE
[USN-4929-1] Bind vulnerabilities [01:18]
- 3 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- 2 possible crasher bugs (failed assertions) -> DoS, 1 buffer over-read or possible overflow -> crash / RCE
[USN-4930-1] Samba vulnerability [02:08]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Failed to properly handle negative idmap cache entries - could then end up with incorrect group entries and as such could possibly allow a user to access / modify files they should not have access to
[USN-4931-1] Samba vulnerabilities [02:51]
- 4 CVEs addressed in Trusty ESM (14.04 ESM)
- negative idmap cache entries issue plus some older vulns (Episode 95)
[LSN-0076-1] Linux kernel vulnerability [03:03]
- 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- 2 local user privesc vulns fixed:
- BPF JIT branch displacement issue (Episode 112)
- Overlayfs / file system capabilities interaction
[USN-4918-3] ClamAV regression [03:52]
- 3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Previous clamav update (back in April ) introduced a regression where clamdscan would crash if called with –multiscan and –fdpass AND you had an ExcludePath configured in the configuration - backported the upstream commit from the development branch to fix this
[USN-4932-1] Django vulnerability [04:30]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Directory traversal via uploaded files with crafted names
[USN-4933-1] OpenVPN vulnerabilities [04:47]
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Race condition in handling of data packets could allow an attacker to inject a packet using a victim’s peer-id before the crypto channel is properly initialised - could cause the victim’s connection to be dropped (DoS) but doesn’t appear to expose any sensitive info etc
- Attackers could possibly bypass auth on control channel and hence leak info
[USN-4934-1] Exim vulnerabilities [05:39]
- 21 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- CVE-2021-27216
- CVE-2020-28026
- CVE-2020-28025
- CVE-2020-28024
- CVE-2020-28023
- CVE-2020-28022
- CVE-2020-28021
- CVE-2020-28020
- CVE-2020-28019
- CVE-2020-28018
- CVE-2020-28017
- CVE-2020-28016
- CVE-2020-28015
- CVE-2020-28014
- CVE-2020-28013
- CVE-2020-28012
- CVE-2020-28011
- CVE-2020-28010
- CVE-2020-28009
- CVE-2020-28008
- CVE-2020-28007
- Qualsys - 21Nails - various vulns which could be chained together to get full remote unauthenticated RCE and root privesc
- Possibly 60% of internet mail servers run exim and 4 million are publicly accessible
- Previously has been a target of Sandworm
- In the process of preparing the updates for 16.04 / 14.04 ESM - expect to be available in the next day or 2 so most likely will already be out by the time you are listening to this
[USN-4935-1] NVIDIA graphics drivers vulnerabilities [07:58]
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Not much detail from NVIDIA
- improper access control -> DoS, infoleak or data corruption -> privesc etc
- incorrect use of reference counting -> DoS (crash?) (UAF?)
Goings on in Ubuntu Security Community
Linux Technical Advisory Board response to UMN incident [08:56]
- Covered in Episode 113
- https://lore.kernel.org/lkml/202105051005.49BFABCE@keescook/
- Kees Cook (previously inaugural Tech Lead of Ubuntu Security Team) posted to LKML the Tab’s report (various folks from across the Linux Kernel community, including from Red Hat, Google, Canonical and others)
- Detailed timeline of events, identification of the “hypocrite” commits in question
- Recommendations going forward
- UMN must improve quality of their submissions since even for a lot of what were good-faith patches, they actually had issues and either didn’t fix the purported issue or tried to fix a non-issue
- TAB will create a best-practices document for all research groups when working with the kernel or other open source projects
Hiring [11:36]
AppArmor Security Engineer
Linux Cryptography and Security Engineer
Security Engineer - Ubuntu
Get in contact
231 つのエピソード
すべてのエピソード
×プレーヤーFMへようこそ!
Player FMは今からすぐに楽しめるために高品質のポッドキャストをウェブでスキャンしています。 これは最高のポッドキャストアプリで、Android、iPhone、そしてWebで動作します。 全ての端末で購読を同期するためにサインアップしてください。