This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
コンテンツは Alex Murray and Ubuntu Security Team によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Alex Murray and Ubuntu Security Team またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作権で保護された作品をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal。
Player FM -ポッドキャストアプリ
Player FMアプリでオフラインにしPlayer FMう!
Player FMアプリでオフラインにしPlayer FMう!
Episode 110
Manage episode 288877395 series 2423058
コンテンツは Alex Murray and Ubuntu Security Team によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Alex Murray and Ubuntu Security Team またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作権で保護された作品をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal。
Overview
This week we look at 2 years of 14.04 ESM, a kernel Livepatch issue, DNS-over-HTTPS for Google Chrome plus security updates for ldb, OpenSSL, Squid, curl and more.
This week in Ubuntu Security Updates
38 unique CVEs addressed
[USN-4888-1, USN-4888-2] ldb vulnerabilities [01:06]
- 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- In the ldb package but was reported by Samba - libldb provides an LDAP-like database - is used internally by Samba etc - and whilst the Samba package contains a copy of ldb internally we don’t compile this in Ubuntu, instead we link it against the ldb package in the repo so we only have to patch a CVE in one place
- Heap buffer overflow when parsing a DN string with lots of trailing whitespace - allows to place a single NUL byte at a chosen offset before an allocated buffer
- Heap buffer overflow when parsing an LDAP attribute string with multiple consecutive leading spaces - memmove() to a location beyond the end of the buffer
- Crash -> DoS, can’t rule out RCE due to nature of heap buffer overflows
[USN-4889-1] Linux kernel vulnerabilities [02:49]
- 3 CVEs addressed in Trusty ESM (14.04 ESM)
- iSCSI issues discussed in Episode 109 (most interesting was various heap buffer overflows that could possibly be used for codeexec)
[USN-4890-1] Linux kernel vulnerabilities [03:09]
- 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)
- BPF speculative execution issues also discussed in Episode 109
[USN-4891-1] OpenSSL vulnerability [03:26]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- NULL ptr deref when processing signature algorithms - could allow a remote client to crash a server during renegotiation
[USN-3685-2] Ruby regression
- 9 CVEs addressed in Trusty ESM (14.04 ESM)
[USN-4893-1] Firefox vulnerabilities [03:47]
- 8 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- 87.0 - various web issues (malicious website -> XSS, DoS, RCE etc) plus some specific fixes for issues which could allow extensions to either spoof website pop-ups or to read the response of various cross-origin requests, plus a silent enabling of the DevTools remote debugging feature (so a local attacker could modify the browser config to turn this on without any hint to the user, and then a remote attacker could use this to snoop on the browser session)
[USN-4894-1] WebKitGTK vulnerabilities [04:49]
- 7 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Usual web issues - malicious website -> XSS, DoS, RCE etc
[USN-4895-1] Squid vulnerabilities [05:19]
- 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- 2 different HTTP request smuggling attack issues - one could result in possible cache poisoning and the other in the ability to bypass security controls and access forbidden services
[USN-4896-1] lxml vulnerability [05:39]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Mishandled HTML attributes which could allow a remote attacker to perform XSS - depends on how lxml is used in application context
[USN-4897-1] Pygments vulnerability [06:03]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Another pygments vuln (Episode 109) - this one due to the use of regex in various lexers, these have exponential or cubic complexity so could allow an attacker to DoS via CPU
[USN-4898-1] curl vulnerabilities [06:38]
- 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Failed to strip credentials from referrer headers - could then be leaked
- Incorrect handling of session tickets when using an HTTPS proxy - attacker who controlled the proxy could cause curl to bypass cert checks and intercept comms as a result - only affected later Ubuntu releases (20.04 LTS, 20.10)
Goings on in Ubuntu Security Community
Livepatch incident for CVE-2020-29372 [07:26]
Summary of 14.04 ESM so far [09:39]
DoH coming for Google Chrome on Linux [11:01]
- https://www.bleepingcomputer.com/news/security/google-chrome-for-linux-is-getting-dns-over-https-but-theres-a-catch
- Targeting chrome 91 but perhaps more likely 92 (89 is current stable release, new release every 6 weeks)
- Needs to parse /etc/nsswitch.conf - uses the hosts: entry and expects ‘files dns’ - should hopefully also support mdns4_minimal so that then this would work with Ubuntu OOTB (since on 20.04 we use these 3 resolvers by default)
Get in contact
231 つのエピソード
Manage episode 288877395 series 2423058
コンテンツは Alex Murray and Ubuntu Security Team によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Alex Murray and Ubuntu Security Team またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作権で保護された作品をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal。
Overview
This week we look at 2 years of 14.04 ESM, a kernel Livepatch issue, DNS-over-HTTPS for Google Chrome plus security updates for ldb, OpenSSL, Squid, curl and more.
This week in Ubuntu Security Updates
38 unique CVEs addressed
[USN-4888-1, USN-4888-2] ldb vulnerabilities [01:06]
- 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- In the ldb package but was reported by Samba - libldb provides an LDAP-like database - is used internally by Samba etc - and whilst the Samba package contains a copy of ldb internally we don’t compile this in Ubuntu, instead we link it against the ldb package in the repo so we only have to patch a CVE in one place
- Heap buffer overflow when parsing a DN string with lots of trailing whitespace - allows to place a single NUL byte at a chosen offset before an allocated buffer
- Heap buffer overflow when parsing an LDAP attribute string with multiple consecutive leading spaces - memmove() to a location beyond the end of the buffer
- Crash -> DoS, can’t rule out RCE due to nature of heap buffer overflows
[USN-4889-1] Linux kernel vulnerabilities [02:49]
- 3 CVEs addressed in Trusty ESM (14.04 ESM)
- iSCSI issues discussed in Episode 109 (most interesting was various heap buffer overflows that could possibly be used for codeexec)
[USN-4890-1] Linux kernel vulnerabilities [03:09]
- 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)
- BPF speculative execution issues also discussed in Episode 109
[USN-4891-1] OpenSSL vulnerability [03:26]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- NULL ptr deref when processing signature algorithms - could allow a remote client to crash a server during renegotiation
[USN-3685-2] Ruby regression
- 9 CVEs addressed in Trusty ESM (14.04 ESM)
[USN-4893-1] Firefox vulnerabilities [03:47]
- 8 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- 87.0 - various web issues (malicious website -> XSS, DoS, RCE etc) plus some specific fixes for issues which could allow extensions to either spoof website pop-ups or to read the response of various cross-origin requests, plus a silent enabling of the DevTools remote debugging feature (so a local attacker could modify the browser config to turn this on without any hint to the user, and then a remote attacker could use this to snoop on the browser session)
[USN-4894-1] WebKitGTK vulnerabilities [04:49]
- 7 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Usual web issues - malicious website -> XSS, DoS, RCE etc
[USN-4895-1] Squid vulnerabilities [05:19]
- 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- 2 different HTTP request smuggling attack issues - one could result in possible cache poisoning and the other in the ability to bypass security controls and access forbidden services
[USN-4896-1] lxml vulnerability [05:39]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Mishandled HTML attributes which could allow a remote attacker to perform XSS - depends on how lxml is used in application context
[USN-4897-1] Pygments vulnerability [06:03]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Another pygments vuln (Episode 109) - this one due to the use of regex in various lexers, these have exponential or cubic complexity so could allow an attacker to DoS via CPU
[USN-4898-1] curl vulnerabilities [06:38]
- 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Failed to strip credentials from referrer headers - could then be leaked
- Incorrect handling of session tickets when using an HTTPS proxy - attacker who controlled the proxy could cause curl to bypass cert checks and intercept comms as a result - only affected later Ubuntu releases (20.04 LTS, 20.10)
Goings on in Ubuntu Security Community
Livepatch incident for CVE-2020-29372 [07:26]
Summary of 14.04 ESM so far [09:39]
DoH coming for Google Chrome on Linux [11:01]
- https://www.bleepingcomputer.com/news/security/google-chrome-for-linux-is-getting-dns-over-https-but-theres-a-catch
- Targeting chrome 91 but perhaps more likely 92 (89 is current stable release, new release every 6 weeks)
- Needs to parse /etc/nsswitch.conf - uses the hosts: entry and expects ‘files dns’ - should hopefully also support mdns4_minimal so that then this would work with Ubuntu OOTB (since on 20.04 we use these 3 resolvers by default)
Get in contact
231 つのエピソード
すべてのエピソード
×プレーヤーFMへようこそ!
Player FMは今からすぐに楽しめるために高品質のポッドキャストをウェブでスキャンしています。 これは最高のポッドキャストアプリで、Android、iPhone、そしてWebで動作します。 全ての端末で購読を同期するためにサインアップしてください。