This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
コンテンツは Alex Murray and Ubuntu Security Team によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Alex Murray and Ubuntu Security Team またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作権で保護された作品をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal。
Player FM -ポッドキャストアプリ
Player FMアプリでオフラインにしPlayer FMう!
Player FMアプリでオフラインにしPlayer FMう!
Episode 103
Manage episode 284796244 series 2423058
コンテンツは Alex Murray and Ubuntu Security Team によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Alex Murray and Ubuntu Security Team またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作権で保護された作品をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal。
Overview
This week we take a deep dive look at 2 recent vulnerabilities in the popular application containerisation frameworks, snapd and flatpak, plus we cover security updates for MiniDLNA, PHP-PEAR, the Linux kernel and more.
This week in Ubuntu Security Updates
26 unique CVEs addressed
[USN-4720-2] Apport vulnerabilities [00:53]
- 3 CVEs addressed in Trusty ESM (14.04 ESM)
- Episode 102
[USN-4721-1] Flatpak vulnerability [01:06]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Flatpak sandbox escape - Flatpak isolates applications inside their own mount / user / etc namespaces - allows sandboxed applications to communicate with the host via various portals - ie. open a file via a file chooser portal (aka powerbox)
- Portal D-Bus service provides the ability to launch other subprocesses in a new sandbox instance, following a NNP model (ie same or less privileges as caller) (eg. used by sandboxed webbrowers to process untrusted content inside less privileged subprocesses)
- Would previous allow a confined process to specify various environment variables which would then get passed to the `flatpak run` command to launch the new subprocess in its own sandbox - so fix is to sanitize environment variables
[USN-4722-1] ReadyMedia (MiniDLNA) vulnerabilities [01:11]
- 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Possible RCE via malicious UPnP requests - could send with chunked encoding, this would exploit a signdness bug leading to a heap buffer overflow
- Episode 91 - “CallStranger” - UPnP spec didn’t forbid subscription requests with a URL on a different network segment - could allow an attacker to cause a miniDLNA server to DoS a different endpoint
[USN-4723-1] PEAR vulnerability [02:30]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Improper handling of symlinks in archives could result in arbitrary file overwrite via directory traversal - since PHP PEAR runs installer as root, could then overwrite arbitrary files as root and priv esc / code execution etc
[USN-4724-1] OpenLDAP vulnerabilities [03:14]
- 10 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Various issues
[USN-4725-1] QEMU vulnerabilities [03:20]
- 6 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Usual sorts of issues in device emulation etc resulting in info disclosure from host to guest or a crash of qemu host process etc
[USN-4717-2] Firefox regression [03:55]
- Affecting Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Upstream Firefox regression - 85.0.1
[USN-4726-1] OpenJDK vulnerability [04:04]
- Affecting Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Not much info from upstream on this one - “incorrectly handled direct buffering of characters” -> DoS or other unspecified impact
[USN-4713-2] Linux kernel vulnerability [04:22]
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Bionic (18.04 LTS)
- Episode 102 - LIO SCSI XCOPY issue
[USN-4727-1] Linux kernel vulnerability [04:36]
- 1 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)
- AF_VSOCK race conditions - local user could get code execution as root via memory corruption
[USN-4728-1] snapd vulnerability [05:11]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Gilad Reti & Nimrod Stoler from CyberArk
- Thanks to Ian Johnson from snapd team for working on the fix
Get in contact
231 つのエピソード
Manage episode 284796244 series 2423058
コンテンツは Alex Murray and Ubuntu Security Team によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Alex Murray and Ubuntu Security Team またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作権で保護された作品をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal。
Overview
This week we take a deep dive look at 2 recent vulnerabilities in the popular application containerisation frameworks, snapd and flatpak, plus we cover security updates for MiniDLNA, PHP-PEAR, the Linux kernel and more.
This week in Ubuntu Security Updates
26 unique CVEs addressed
[USN-4720-2] Apport vulnerabilities [00:53]
- 3 CVEs addressed in Trusty ESM (14.04 ESM)
- Episode 102
[USN-4721-1] Flatpak vulnerability [01:06]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Flatpak sandbox escape - Flatpak isolates applications inside their own mount / user / etc namespaces - allows sandboxed applications to communicate with the host via various portals - ie. open a file via a file chooser portal (aka powerbox)
- Portal D-Bus service provides the ability to launch other subprocesses in a new sandbox instance, following a NNP model (ie same or less privileges as caller) (eg. used by sandboxed webbrowers to process untrusted content inside less privileged subprocesses)
- Would previous allow a confined process to specify various environment variables which would then get passed to the `flatpak run` command to launch the new subprocess in its own sandbox - so fix is to sanitize environment variables
[USN-4722-1] ReadyMedia (MiniDLNA) vulnerabilities [01:11]
- 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Possible RCE via malicious UPnP requests - could send with chunked encoding, this would exploit a signdness bug leading to a heap buffer overflow
- Episode 91 - “CallStranger” - UPnP spec didn’t forbid subscription requests with a URL on a different network segment - could allow an attacker to cause a miniDLNA server to DoS a different endpoint
[USN-4723-1] PEAR vulnerability [02:30]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Improper handling of symlinks in archives could result in arbitrary file overwrite via directory traversal - since PHP PEAR runs installer as root, could then overwrite arbitrary files as root and priv esc / code execution etc
[USN-4724-1] OpenLDAP vulnerabilities [03:14]
- 10 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Various issues
[USN-4725-1] QEMU vulnerabilities [03:20]
- 6 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Usual sorts of issues in device emulation etc resulting in info disclosure from host to guest or a crash of qemu host process etc
[USN-4717-2] Firefox regression [03:55]
- Affecting Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Upstream Firefox regression - 85.0.1
[USN-4726-1] OpenJDK vulnerability [04:04]
- Affecting Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Not much info from upstream on this one - “incorrectly handled direct buffering of characters” -> DoS or other unspecified impact
[USN-4713-2] Linux kernel vulnerability [04:22]
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Bionic (18.04 LTS)
- Episode 102 - LIO SCSI XCOPY issue
[USN-4727-1] Linux kernel vulnerability [04:36]
- 1 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)
- AF_VSOCK race conditions - local user could get code execution as root via memory corruption
[USN-4728-1] snapd vulnerability [05:11]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Gilad Reti & Nimrod Stoler from CyberArk
- Thanks to Ian Johnson from snapd team for working on the fix
Get in contact
231 つのエピソード
すべてのエピソード
×プレーヤーFMへようこそ!
Player FMは今からすぐに楽しめるために高品質のポッドキャストをウェブでスキャンしています。 これは最高のポッドキャストアプリで、Android、iPhone、そしてWebで動作します。 全ての端末で購読を同期するためにサインアップしてください。