This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
コンテンツは Alex Murray and Ubuntu Security Team によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Alex Murray and Ubuntu Security Team またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作権で保護された作品をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal。
Ubuntu Security Podcastに似ているもの
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Player FM -ポッドキャストアプリ
Player FMアプリでオフラインにしPlayer FMう!
Player FMアプリでオフラインにしPlayer FMう!
))
Episode 102
Manage episode 284233684 series 2423058
コンテンツは Alex Murray and Ubuntu Security Team によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Alex Murray and Ubuntu Security Team またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作権で保護された作品をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal。
Overview
This week we discuss the recent high profile vulnerability found in libcrypt 1.9.0, plus we look at updates for the Linux kernel, XStream, Django, Apport and more.
This week in Ubuntu Security Updates
66 unique CVEs addressed
[USN-4705-2] Sudo vulnerability [00:48]
- 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM)
- Episode 101
[USN-4708-1] Linux kernel vulnerabilities
- 5 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS)
[USN-4709-1] Linux kernel vulnerabilities
- 5 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS)
[USN-4710-1] Linux kernel vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS)
[USN-4711-1] Linux kernel vulnerabilities
- 2 CVEs addressed in Bionic (18.04 LTS)
[USN-4712-1] Linux kernel regression
- Affecting Focal (20.04 LTS), Groovy (20.10)
[USN-4713-1] Linux kernel vulnerability [01:31]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- XCOPY requests in the LIO SCSI target would not properly check permissions of the requester and so could allow an attacker to access backing stores to which they did not have permission. If using iSCSI, this could then be exploited over the network to access other LUNs etc. Also affected tcmu-runner which is the userspace daemon for handling requests in userspace and can be used for HA setups etc.
[USN-4707-1] TCMU vulnerability [02:23]
- 1 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)
- Separate CVE was assigned but is the same issue as for the kernel above
[LSN-0074-1] Linux kernel vulnerability [02:40]
- 4 CVEs addressed
[USN-4706-1] Ceph vulnerabilities [02:55]
- 4 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)
[USN-4714-1] XStream vulnerabilities [03:02]
- 3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- Java library to serialise objects to/from XML
- Possible RCE by manipulating the processed input stream to inject shell commands
- Similarly could obtain arbitrary file deletion (depending on the rights of the process which is using XStream)
[USN-4715-1, USN-4715-2] Django vulnerability [03:58]
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Directory traversal via archives with absolute paths of relative paths with dot components - this is used with startapp or startproject via the –template argument so can be exploited if using an attacker controlled archive to bootstrap a new django app etc
[USN-4716-1] MySQL vulnerabilities [05:00]
- 25 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- CVE-2021-2122
- CVE-2021-2088
- CVE-2021-2087
- CVE-2021-2081
- CVE-2021-2076
- CVE-2021-2072
- CVE-2021-2070
- CVE-2021-2065
- CVE-2021-2061
- CVE-2021-2060
- CVE-2021-2058
- CVE-2021-2056
- CVE-2021-2048
- CVE-2021-2046
- CVE-2021-2038
- CVE-2021-2036
- CVE-2021-2032
- CVE-2021-2031
- CVE-2021-2024
- CVE-2021-2022
- CVE-2021-2021
- CVE-2021-2014
- CVE-2021-2011
- CVE-2021-2010
- CVE-2021-2002
- Latest upstream version: 8.0.23 for 20.10/20.04 LTS and 5.7.33 for 16.04 LTS/18.04 LTS
[USN-4717-1] Firefox vulnerabilities [05:32]
- 11 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Latest upstream version: 85.0
[USN-4467-2] QEMU vulnerabilities [05:52]
- 6 CVEs addressed in Trusty ESM (14.04 ESM)
- Episode 88 - subset of these applied for the older release of QEMU in 14.04 ESM, now fixed there
[USN-4718-1] fastd vulnerability [06:12]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Groovy (20.10)
- DoS in popular VPN daemon for embedded systems etc
[USN-4719-1] ca-certificates update [06:28]
- Affecting Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Updated to the latest 2.46 version of the Mozilla certificate authority bundle
[USN-4720-1] Apport vulnerabilities [06:46]
- 3 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- 3 vulns all discovered by Itai Greenhut and reported to us via Launchpad
- When a process crashes, Apport reads various files under /proc to obtain info about the crashed process to prepare a crash report
- If an attacker could control the values in the files they could then cause Apport to misbehave and fail to drop privileges or possibly get code execution - in this case, they found that Apport failed to properly handle malformed contents in these files - fixed to parse them more strictly
Goings on in Ubuntu Security Community
libgcrypt 1.9.0 0-day [08:32]
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2145
- Discovered by Tavis Ormandy from GPZ - heap buffer overflow, allows to overwrite a structure on the heap which contains the buffer, followed by a function pointer - so can relatively easily get code execution by overwriting the function pointer to an attacker controlled function (which could be in the initial buffer itself)
- Ubuntu not affected since this only exists in 1.9.0 which was released on 19th January this year and even current devel release of Ubuntu 21.04 only contains 1.8.7
- So is an interesting thought experiment - if you run the most latest release of anything, you get both the newest patches automatically BUT you also get the 0-days since any unknown, unpatched vulns introduced in new code will be present. However, if you run older releases, they won’t have this newer code so won’t have 0-days but may have N-days if you aren’t patching. Worst case is to run old software and never update it since it has vulns that are unpatched and which have more time to have been discovered and more time for exploits to have been developed against it. Whereas if you run the latest code, there is less chance an exploit exists for any new vulns / 0-days it may contain but it clearly could have 0-days… Also if you are constantly upgrading to the latest version that is a lot of churn and introduces the chance for feature regressions and other breakage etc. So the best option then is to run a known stable version and apply patches on top just for security vulnerabilities - this is exactly the approach we take for Ubuntu :)
Get in contact
231 つのエピソード
シェア
Manage episode 284233684 series 2423058
コンテンツは Alex Murray and Ubuntu Security Team によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Alex Murray and Ubuntu Security Team またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作権で保護された作品をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal。
Overview
This week we discuss the recent high profile vulnerability found in libcrypt 1.9.0, plus we look at updates for the Linux kernel, XStream, Django, Apport and more.
This week in Ubuntu Security Updates
66 unique CVEs addressed
[USN-4705-2] Sudo vulnerability [00:48]
- 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM)
- Episode 101
[USN-4708-1] Linux kernel vulnerabilities
- 5 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS)
[USN-4709-1] Linux kernel vulnerabilities
- 5 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS)
[USN-4710-1] Linux kernel vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS)
[USN-4711-1] Linux kernel vulnerabilities
- 2 CVEs addressed in Bionic (18.04 LTS)
[USN-4712-1] Linux kernel regression
- Affecting Focal (20.04 LTS), Groovy (20.10)
[USN-4713-1] Linux kernel vulnerability [01:31]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- XCOPY requests in the LIO SCSI target would not properly check permissions of the requester and so could allow an attacker to access backing stores to which they did not have permission. If using iSCSI, this could then be exploited over the network to access other LUNs etc. Also affected tcmu-runner which is the userspace daemon for handling requests in userspace and can be used for HA setups etc.
[USN-4707-1] TCMU vulnerability [02:23]
- 1 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)
- Separate CVE was assigned but is the same issue as for the kernel above
[LSN-0074-1] Linux kernel vulnerability [02:40]
- 4 CVEs addressed
[USN-4706-1] Ceph vulnerabilities [02:55]
- 4 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)
[USN-4714-1] XStream vulnerabilities [03:02]
- 3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- Java library to serialise objects to/from XML
- Possible RCE by manipulating the processed input stream to inject shell commands
- Similarly could obtain arbitrary file deletion (depending on the rights of the process which is using XStream)
[USN-4715-1, USN-4715-2] Django vulnerability [03:58]
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Directory traversal via archives with absolute paths of relative paths with dot components - this is used with startapp or startproject via the –template argument so can be exploited if using an attacker controlled archive to bootstrap a new django app etc
[USN-4716-1] MySQL vulnerabilities [05:00]
- 25 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- CVE-2021-2122
- CVE-2021-2088
- CVE-2021-2087
- CVE-2021-2081
- CVE-2021-2076
- CVE-2021-2072
- CVE-2021-2070
- CVE-2021-2065
- CVE-2021-2061
- CVE-2021-2060
- CVE-2021-2058
- CVE-2021-2056
- CVE-2021-2048
- CVE-2021-2046
- CVE-2021-2038
- CVE-2021-2036
- CVE-2021-2032
- CVE-2021-2031
- CVE-2021-2024
- CVE-2021-2022
- CVE-2021-2021
- CVE-2021-2014
- CVE-2021-2011
- CVE-2021-2010
- CVE-2021-2002
- Latest upstream version: 8.0.23 for 20.10/20.04 LTS and 5.7.33 for 16.04 LTS/18.04 LTS
[USN-4717-1] Firefox vulnerabilities [05:32]
- 11 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Latest upstream version: 85.0
[USN-4467-2] QEMU vulnerabilities [05:52]
- 6 CVEs addressed in Trusty ESM (14.04 ESM)
- Episode 88 - subset of these applied for the older release of QEMU in 14.04 ESM, now fixed there
[USN-4718-1] fastd vulnerability [06:12]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Groovy (20.10)
- DoS in popular VPN daemon for embedded systems etc
[USN-4719-1] ca-certificates update [06:28]
- Affecting Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Updated to the latest 2.46 version of the Mozilla certificate authority bundle
[USN-4720-1] Apport vulnerabilities [06:46]
- 3 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- 3 vulns all discovered by Itai Greenhut and reported to us via Launchpad
- When a process crashes, Apport reads various files under /proc to obtain info about the crashed process to prepare a crash report
- If an attacker could control the values in the files they could then cause Apport to misbehave and fail to drop privileges or possibly get code execution - in this case, they found that Apport failed to properly handle malformed contents in these files - fixed to parse them more strictly
Goings on in Ubuntu Security Community
libgcrypt 1.9.0 0-day [08:32]
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2145
- Discovered by Tavis Ormandy from GPZ - heap buffer overflow, allows to overwrite a structure on the heap which contains the buffer, followed by a function pointer - so can relatively easily get code execution by overwriting the function pointer to an attacker controlled function (which could be in the initial buffer itself)
- Ubuntu not affected since this only exists in 1.9.0 which was released on 19th January this year and even current devel release of Ubuntu 21.04 only contains 1.8.7
- So is an interesting thought experiment - if you run the most latest release of anything, you get both the newest patches automatically BUT you also get the 0-days since any unknown, unpatched vulns introduced in new code will be present. However, if you run older releases, they won’t have this newer code so won’t have 0-days but may have N-days if you aren’t patching. Worst case is to run old software and never update it since it has vulns that are unpatched and which have more time to have been discovered and more time for exploits to have been developed against it. Whereas if you run the latest code, there is less chance an exploit exists for any new vulns / 0-days it may contain but it clearly could have 0-days… Also if you are constantly upgrading to the latest version that is a lot of churn and introduces the chance for feature regressions and other breakage etc. So the best option then is to run a known stable version and apply patches on top just for security vulnerabilities - this is exactly the approach we take for Ubuntu :)
Get in contact
231 つのエピソード
すべてのエピソード
×
プレーヤーFMへようこそ!
Player FMは今からすぐに楽しめるために高品質のポッドキャストをウェブでスキャンしています。 これは最高のポッドキャストアプリで、Android、iPhone、そしてWebで動作します。 全ての端末で購読を同期するためにサインアップしてください。
Ubuntu Security Podcastに似ているもの
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Player FM -ポッドキャストアプリ
Player FMアプリでオフラインにしPlayer FMう!
Player FMアプリでオフラインにしPlayer FMう!
