使用Player FM应用程序离线!
Episode 145
Manage episode 316751669 series 2423058
Overview
The Ubuntu Security Podcast is back for 2022 and we’re starting off the year with a bang💥! This week we bring you a special interview with Kees Cook of Google and the Linux Kernel Self Protection Project discussing Linux kernel hardening upstream developments. Plus we look at security updates for Mumble, Apache Log4j2, OpenJDK and more.
This week in Ubuntu Security Updates
31 unique CVEs addressed
[USN-5195-1] Mumble vulnerability [01:02]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- Low-latency VoIP client - client / server model
- Client picks a server to connect to from public server list
- Malicious actor could register a server with a web URL that uses some other protocol - e.g.
smb
to then refer to a.desktop
file - When user chose the option to ‘Open Webpage’ for that server, would automatically fetch and execute via underlying Qt framework libraries
QDesktopServices::openUrl
function - Fixed to check URI scheme and only open if is http/https
- Wonder if this kind of vuln may be seen in other applications?
[USN-5192-2] Apache Log4j 2 vulnerability [02:13]
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
- Log4j2 update for 16.04 ESM - see Episode 142
[USN-5203-1] Apache Log4j 2 vulnerability
- 1 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)
- More Log4j2 vulns - possible to crash applications using log4j2 by specifying a crafted string that would get logged which would then cause infinite recursion when doing lookup evaluation
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Log4Shell
[USN-5202-1] OpenJDK vulnerabilities [03:13]
- 14 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)
- Mix of issues resolved with this latest point release update for openjdk-8 and openjdk-11
- Info leak via FTP client impl when connecting to malicious FTP server
- Mishandling of JARs with multiple manifests -> signature verification bypass
- Sandbox escape via crafted Java class
- Use of weak crypto ciphers by default -> info leak
- DoS via malicious RTF, BMP or class files
- and more…
[USN-5199-1, USN-5200-1, USN-5201-1] Python vulnerabilities [04:26]
- 1 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04) for Python 3.8/3.9
- 2 CVEs addressed in Bionic (18.04 LTS) for Python 3.6
- 3 CVEs addressed in Bionic (18.04 LTS) for Python 3.7/3.8
- 3 different DoS via urllib http client
- infinite loop when handling
100 Continue
responses - malicious HTTP server could cause a DoS against clients - affects all - ReDoS due to quadratic complexity regex in basic auth handling - only affects Python 3.6->3.8 in Ubuntu 18.04
- Similar but different ReDos in basic auth handling - only affects Python 3.7/3.8 in Ubuntu 18.04
- infinite loop when handling
[USN-5198-1] HTMLDOC vulnerability [05:37]
- 1 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04)
- Used to covert HTML/Markdown files to generate EPUB/HTML/PS/PDF with ToC etc
- Through fuzzing a NULL ptr deref was found if given crafted input HTML file -> crash -> DoS
[USN-5186-2] Firefox regressions [06:06]
- 10 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)
- 95.0.1
- WebRender crash on some X11 systems
- Failure to connect to microsoft.com domains
Goings on in Ubuntu Security Community
Seth and John talk Linux Kernel Security with Kees Cook [06:53]
- Seth Arnold and John Johansen from the Ubuntu Security team chat with Kees Cook from Google (KSPP) about Linux kernel hardening and self-protection, including KASLR and FGKASLR, delving into the finer points of linker scripts, kernel address pointer info leaks through debug logs, detecting possible integer overflows in C by relying on undefined behaviour of signed integer wraparound, hardware support for detecting memory corruption and more.
Get in contact
231集单集
Manage episode 316751669 series 2423058
Overview
The Ubuntu Security Podcast is back for 2022 and we’re starting off the year with a bang💥! This week we bring you a special interview with Kees Cook of Google and the Linux Kernel Self Protection Project discussing Linux kernel hardening upstream developments. Plus we look at security updates for Mumble, Apache Log4j2, OpenJDK and more.
This week in Ubuntu Security Updates
31 unique CVEs addressed
[USN-5195-1] Mumble vulnerability [01:02]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- Low-latency VoIP client - client / server model
- Client picks a server to connect to from public server list
- Malicious actor could register a server with a web URL that uses some other protocol - e.g.
smb
to then refer to a.desktop
file - When user chose the option to ‘Open Webpage’ for that server, would automatically fetch and execute via underlying Qt framework libraries
QDesktopServices::openUrl
function - Fixed to check URI scheme and only open if is http/https
- Wonder if this kind of vuln may be seen in other applications?
[USN-5192-2] Apache Log4j 2 vulnerability [02:13]
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
- Log4j2 update for 16.04 ESM - see Episode 142
[USN-5203-1] Apache Log4j 2 vulnerability
- 1 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)
- More Log4j2 vulns - possible to crash applications using log4j2 by specifying a crafted string that would get logged which would then cause infinite recursion when doing lookup evaluation
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Log4Shell
[USN-5202-1] OpenJDK vulnerabilities [03:13]
- 14 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)
- Mix of issues resolved with this latest point release update for openjdk-8 and openjdk-11
- Info leak via FTP client impl when connecting to malicious FTP server
- Mishandling of JARs with multiple manifests -> signature verification bypass
- Sandbox escape via crafted Java class
- Use of weak crypto ciphers by default -> info leak
- DoS via malicious RTF, BMP or class files
- and more…
[USN-5199-1, USN-5200-1, USN-5201-1] Python vulnerabilities [04:26]
- 1 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04) for Python 3.8/3.9
- 2 CVEs addressed in Bionic (18.04 LTS) for Python 3.6
- 3 CVEs addressed in Bionic (18.04 LTS) for Python 3.7/3.8
- 3 different DoS via urllib http client
- infinite loop when handling
100 Continue
responses - malicious HTTP server could cause a DoS against clients - affects all - ReDoS due to quadratic complexity regex in basic auth handling - only affects Python 3.6->3.8 in Ubuntu 18.04
- Similar but different ReDos in basic auth handling - only affects Python 3.7/3.8 in Ubuntu 18.04
- infinite loop when handling
[USN-5198-1] HTMLDOC vulnerability [05:37]
- 1 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04)
- Used to covert HTML/Markdown files to generate EPUB/HTML/PS/PDF with ToC etc
- Through fuzzing a NULL ptr deref was found if given crafted input HTML file -> crash -> DoS
[USN-5186-2] Firefox regressions [06:06]
- 10 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04), Impish (21.10)
- 95.0.1
- WebRender crash on some X11 systems
- Failure to connect to microsoft.com domains
Goings on in Ubuntu Security Community
Seth and John talk Linux Kernel Security with Kees Cook [06:53]
- Seth Arnold and John Johansen from the Ubuntu Security team chat with Kees Cook from Google (KSPP) about Linux kernel hardening and self-protection, including KASLR and FGKASLR, delving into the finer points of linker scripts, kernel address pointer info leaks through debug logs, detecting possible integer overflows in C by relying on undefined behaviour of signed integer wraparound, hardware support for detecting memory corruption and more.
Get in contact
231集单集
所有剧集
×欢迎使用Player FM
Player FM正在网上搜索高质量的播客,以便您现在享受。它是最好的播客应用程序,适用于安卓、iPhone和网络。注册以跨设备同步订阅。