To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. 理解しました
Artwork

Alex Murray Ubuntu Security Team Linux Tech Operating Systems Alex and Joe Security Software Development
コンテンツは Alex Murray and Ubuntu Security Team によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Alex Murray and Ubuntu Security Team またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作権で保護された作品をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal

Ubuntu Security Podcastに似ているもの

Player FM -ポッドキャストアプリ
Player FMアプリでオフラインにしPlayer FMう!
Get it on App Store Get it on Google Play

Ubuntu Security Podcast « »
Episode 104

14:18
 
再生
再生中
シェア
 

MP3エピソードのホーム
Manage episode 285383923 series 2423058
コンテンツは Alex Murray and Ubuntu Security Team によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Alex Murray and Ubuntu Security Team またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作権で保護された作品をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal

Overview

This week we take a look at a long-awaited update of Thunderbird in Ubuntu 20.04LTS, plus security updates for Open vSwitch, JUnit 4, PostSRSd, GNOME Autoar and more.

This week in Ubuntu Security Updates

14 unique CVEs addressed

[USN-4729-1] Open vSwitch vulnerability [00:55]

  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • Most convoluted CVE description: A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

[USN-4731-1] JUnit 4 vulnerability [02:05]

  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • Tests that used rule TemporaryFolder would use /tmp which is world accessible - so contents could be read by other users - so if tests were writing API keys or passwords these would be able to be read by others users -> info disclosure. Fixed to create temp directory with permissions so it is only readable by the owner.

[USN-4730-1] PostSRSd vulnerability [02:57]

  • 1 CVEs addressed in Bionic (18.04 LTS)
  • Postfix Sender Rewriter Scheme Daemon - Used for rewriting sender email addresses when forwarding emails from hosts that use SPF - rewrites the address to appear to come from your hosts address and allows you to do the inverse and appropriately handle and bounces etc by reverse-rewriting the sender address to recover the original address
  • Could cause a CPU based DoS by excessive processing if an email contained an exceedingly long SRS timestamp - fixed to just reject those which are past the expected regular size

[USN-4732-1] SQLite vulnerability [04:20]

  • 1 CVEs addressed in Groovy (20.10)
  • Only affected more recent releases of sqlite - could cause a crash on particular query constructs

[USN-4733-1] GNOME Autoar vulnerability [04:42]

  • 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • Another archive extraction symlink traversal issue - gnome-autoar is a library used by nautilus and other gnome components when handling archives - ie right click an archive in nautilus and select “extract here”
  • If an archive contained a file whose parent was a symlink that pointed outside the destination directory, would blindly follow the symlink and overwrite arbitrary files - instead fixed to check if is a symlink with an absolute target OR one that points outside the destination folder via relative path and reject in that case

[USN-4734-1, USN-4734-2] wpa_supplicant and hostapd vulnerabilities [06:01]

  • 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • Possible OOB write when doing a wifi-direct / p2p search - so an attacker just has to be in radio range when the victim performs a P2P discovery aka wifi direct search - discovered by Google’s OSS-Fuzz project
  • CallStranger (Episode 91) - UPnP callback reflection

[USN-4735-1] PostgreSQL vulnerability [07:23]

  • 1 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)
  • Latest upstream 12.6 release to fix a possible info leak which could occur when handling particular errors - if a user had the permission to UPDATE on a partitioned table but not the SELECT privilege on some column and tried to UPDATE on that column, the resulting error message concerning this constraint violation could leak values on the columns which the user did not have permission. Rare setup so unlikely to be affected in practice.

[USN-4736-1] Thunderbird vulnerabilities [08:18]

  • 6 CVEs addressed in Groovy (20.10)
  • Update to latest upstream release 78.7, usual spread of issues for TB (derived from firefox) - DoS, info leak, RCE. Also possible response injection attack from a person-in-the-middle during STARTTLS connection setup - ie could inject unencrypted response which would then be evaluated after the encrypted connection was setup so would get treated as coming from the trusted host.

Goings on in Ubuntu Security Community

Thunderbird to be upgraded to 78.x in Ubuntu 20.04 LTS [09:32]

  • Lead by oSoMoN (Olivier Tilloy) from Desktop Team
  • 68.x no longer supported upstream and not really practical to backport security fixes for this old codebase
  • 78.x as a new major version introduces a bunch of breaking changes, in particular with handling of PGP - previously TB had no native support for PGP but Enigmail addon provided this
  • Now does support PGP itself and enigmail is not supported anymore - new internal PGP is a bit different and requires migration - this should be handled automatically by the new version to migrate existing enigmail users across
  • A couple other packages tinyjsd and junit are also not supported by TB 78
    • tinyjsd - JS debugger with a particular focus on being able to debug TB extensions etc
    • jsunit - unit testing tool for TB to allow add-on developers to setup unit tests for their extensions and to run these in TB/FF etc
    • these will be replaced by empty packages in the Ubuntu archive for 20.04
  • Once this is done will then look to do Bionic (18.04 LTS) as well
  • https://discourse.ubuntu.com/t/thunderbird-lts-update/20819

Get in contact

  continue reading

231 つのエピソード

#Alex Murray #Ubuntu Security Team #Linux #Tech #Operating Systems #Alex and Joe #Security #Software Development
Artwork

Episode 104

Ubuntu Security Podcast

138 subscribers

published

再生 再生中
iconシェア
 
MP3エピソードのホーム
Manage episode 285383923 series 2423058
コンテンツは Alex Murray and Ubuntu Security Team によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Alex Murray and Ubuntu Security Team またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作権で保護された作品をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal

Overview

This week we take a look at a long-awaited update of Thunderbird in Ubuntu 20.04LTS, plus security updates for Open vSwitch, JUnit 4, PostSRSd, GNOME Autoar and more.

This week in Ubuntu Security Updates

14 unique CVEs addressed

[USN-4729-1] Open vSwitch vulnerability [00:55]

  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • Most convoluted CVE description: A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

[USN-4731-1] JUnit 4 vulnerability [02:05]

  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • Tests that used rule TemporaryFolder would use /tmp which is world accessible - so contents could be read by other users - so if tests were writing API keys or passwords these would be able to be read by others users -> info disclosure. Fixed to create temp directory with permissions so it is only readable by the owner.

[USN-4730-1] PostSRSd vulnerability [02:57]

  • 1 CVEs addressed in Bionic (18.04 LTS)
  • Postfix Sender Rewriter Scheme Daemon - Used for rewriting sender email addresses when forwarding emails from hosts that use SPF - rewrites the address to appear to come from your hosts address and allows you to do the inverse and appropriately handle and bounces etc by reverse-rewriting the sender address to recover the original address
  • Could cause a CPU based DoS by excessive processing if an email contained an exceedingly long SRS timestamp - fixed to just reject those which are past the expected regular size

[USN-4732-1] SQLite vulnerability [04:20]

  • 1 CVEs addressed in Groovy (20.10)
  • Only affected more recent releases of sqlite - could cause a crash on particular query constructs

[USN-4733-1] GNOME Autoar vulnerability [04:42]

  • 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • Another archive extraction symlink traversal issue - gnome-autoar is a library used by nautilus and other gnome components when handling archives - ie right click an archive in nautilus and select “extract here”
  • If an archive contained a file whose parent was a symlink that pointed outside the destination directory, would blindly follow the symlink and overwrite arbitrary files - instead fixed to check if is a symlink with an absolute target OR one that points outside the destination folder via relative path and reject in that case

[USN-4734-1, USN-4734-2] wpa_supplicant and hostapd vulnerabilities [06:01]

  • 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • Possible OOB write when doing a wifi-direct / p2p search - so an attacker just has to be in radio range when the victim performs a P2P discovery aka wifi direct search - discovered by Google’s OSS-Fuzz project
  • CallStranger (Episode 91) - UPnP callback reflection

[USN-4735-1] PostgreSQL vulnerability [07:23]

  • 1 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)
  • Latest upstream 12.6 release to fix a possible info leak which could occur when handling particular errors - if a user had the permission to UPDATE on a partitioned table but not the SELECT privilege on some column and tried to UPDATE on that column, the resulting error message concerning this constraint violation could leak values on the columns which the user did not have permission. Rare setup so unlikely to be affected in practice.

[USN-4736-1] Thunderbird vulnerabilities [08:18]

  • 6 CVEs addressed in Groovy (20.10)
  • Update to latest upstream release 78.7, usual spread of issues for TB (derived from firefox) - DoS, info leak, RCE. Also possible response injection attack from a person-in-the-middle during STARTTLS connection setup - ie could inject unencrypted response which would then be evaluated after the encrypted connection was setup so would get treated as coming from the trusted host.

Goings on in Ubuntu Security Community

Thunderbird to be upgraded to 78.x in Ubuntu 20.04 LTS [09:32]

  • Lead by oSoMoN (Olivier Tilloy) from Desktop Team
  • 68.x no longer supported upstream and not really practical to backport security fixes for this old codebase
  • 78.x as a new major version introduces a bunch of breaking changes, in particular with handling of PGP - previously TB had no native support for PGP but Enigmail addon provided this
  • Now does support PGP itself and enigmail is not supported anymore - new internal PGP is a bit different and requires migration - this should be handled automatically by the new version to migrate existing enigmail users across
  • A couple other packages tinyjsd and junit are also not supported by TB 78
    • tinyjsd - JS debugger with a particular focus on being able to debug TB extensions etc
    • jsunit - unit testing tool for TB to allow add-on developers to setup unit tests for their extensions and to run these in TB/FF etc
    • these will be replaced by empty packages in the Ubuntu archive for 20.04
  • Once this is done will then look to do Bionic (18.04 LTS) as well
  • https://discourse.ubuntu.com/t/thunderbird-lts-update/20819

Get in contact

  continue reading

231 つのエピソード

#Alex Murray #Ubuntu Security Team #Linux #Tech #Operating Systems #Alex and Joe #Security #Software Development

All episodes

×
 
Loading …

プレーヤーFMへようこそ!

Player FMは今からすぐに楽しめるために高品質のポッドキャストをウェブでスキャンしています。 これは最高のポッドキャストアプリで、Android、iPhone、そしてWebで動作します。 全ての端末で購読を同期するためにサインアップしてください。

 

Ubuntu Security Podcastに似ているもの

500+以上のトピックを聴こう
Player FM -ポッドキャストアプリ
Player FMアプリでオフラインにしPlayer FMう!
Get it on App Store Get it on Google Play

クイックリファレンスガイド

トップポッドキャスト
鈴木淑子の地球は競馬でまわってる
文化放送競馬中継~今週のメインレース
ボードゲームおっぱい
聴く日経ヘッドライン
サンドウィッチマンの東北魂
トータルテンボスのぬきさしならナイト!
流行りモノ通信簿
RADIO365-TOKYO BAYSIDE RADIO STATION
町田徹のふかぼり!
足立明穂の週刊ITトレンドX
伊藤洋一のRound Up World Now!
The other side journal
KIQTAS(キクタス)
ヴォイニッチの科学書
武田邦彦のヒバリクラブ
IchibanTalk 海外で頑張る日本人トーク
BUSINESS WARS / ビジネスウォーズ
Player FM logo
ヘルプ/よくある質問 | アップグレード | Advertise
アート|ビジネス|コメディ|経済|エンターテインメント|ニュース|政治|宗教
科学|サッカー|スポーツ|物語・ストーリーテリング|テクノロジー|事件/犯罪
著作権2024 | サイトマップ | 個人情報保護方針 | 利用規約 | | 著作権
Episode being played series thumbnail
icon icon
再生速度
シリーズの設定
1x
1x
Volume
100%
icon
icon icon
/

でPlayer FMを表示...
Player FM
Browser
Chrome
Safari
Firefox