Sisällön tarjoaa Alex Murray and Ubuntu Security Team. Alex Murray and Ubuntu Security Team tai sen podcast-alustan kumppani lataa ja toimittaa kaiken podcast-sisällön, mukaan lukien jaksot, grafiikat ja podcast-kuvaukset. Jos uskot jonkun käyttävän tekijänoikeudella suojattua teostasi ilman lupaasi, voit seurata tässä https://fi.player.fm/legal kuvattua prosessia.
Player FM - Podcast-sovellus
Siirry offline-tilaan Player FM avulla!
Siirry offline-tilaan Player FM avulla!
Episode 215
MP3•Jakson koti
Manage episode 388245533 series 2423058
Sisällön tarjoaa Alex Murray and Ubuntu Security Team. Alex Murray and Ubuntu Security Team tai sen podcast-alustan kumppani lataa ja toimittaa kaiken podcast-sisällön, mukaan lukien jaksot, grafiikat ja podcast-kuvaukset. Jos uskot jonkun käyttävän tekijänoikeudella suojattua teostasi ilman lupaasi, voit seurata tässä https://fi.player.fm/legal kuvattua prosessia.
Overview
Mark Esler is our special guest on the podcast this week to discuss the OpenSSF’s Compiler Options Hardening Guide for C/C++ plus we cover vulnerabilities and updates for GIMP, FreeRDP, GStreamer, HAProxy and more.
This week in Ubuntu Security Updates
65 unique CVEs addressed
[USN-6521-1] GIMP vulnerabilities (00:50)
- 6 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Lunar (23.04), Mantic (23.10)
- Includes 4 recent issues disclosed via Trend’s ZDI - all found by the same researcher - 2 heap buffer overflows in DDS and PSD parsers, ab integer overflow and a separate off-by-one error in the PSP parser which could apparently lead to remote code execution plus a couple DoS related issues (unhandled exception and an excessive memory allocation) - both leading to a crash
[USN-6522-1] FreeRDP vulnerabilities (01:39)
- 3 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Lunar (23.04), Mantic (23.10)
- Windows RDP client
- Malicious server could send a crafted drive redirect to the client - triggering an OOB read, causing the client to disclose memory contents and therefore possibly sensitive info to the server
- Plus an OOB write and an OOB read on crafted image data - both also likely leading to a crash
[USN-6523-1] u-boot-nezha vulnerability (02:19)
- 3 CVEs addressed in Jammy (22.04 LTS), Lunar (23.04)
- u-boot for the Allwinner Nezha RISC-V board
- Missing length checks in DFU parser -> heap buffer overflow
- 2 other buffer overflows when handling fragmented IP packets
[USN-6524-1] PyPy vulnerability (03:06)
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- Integer overflow leading to a buffer overflow in SHA3 - comes from the original reference implementation of SHA3
- Has affected a range of packages in Ubuntu
- PHP, Python itself and now PyPy
[USN-6525-1] pysha3 vulnerability (03:06)
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- Same as above
[USN-6519-2] EC2 hibagent update
- Affecting Xenial ESM (16.04 ESM)
[USN-6526-1] GStreamer Bad Plugins vulnerabilities (03:16)
- 6 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Lunar (23.04), Mantic (23.10)
- Heap overflow in PGS subtitle overlay decoder
- Various integer overflows -> heap buffer overflows in MXF container handler (Material Exchange Format) - apparently used for delivering advertisements to TV stations and for movies in commercial theatres - specifically in handling of files using AES3 audio
- MXF demuxer UAF
- AV1 buffer overflow
- Integer overflow -> stack overflow in H.256 parser
[USN-6527-1] OpenJDK vulnerabilities (04:09)
- 2 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Lunar (23.04), Mantic (23.10)
- 11.0.21 + 17.0.9
[USN-6528-1] OpenJDK 8 vulnerabilities (04:25)
- 4 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Lunar (23.04), Mantic (23.10)
- 8u392
[USN-6509-2] Firefox regressions (04:34)
- 10 CVEs addressed in Focal (20.04 LTS)
- 120.0.1 - in particular includes a fix where Firefox would crash immediately on startup but only for aarch64 (arm64) on Linux when using page sizes other than 4K - ie. as used in Apple silicon etc
[USN-6529-1] Request Tracker vulnerabilities (05:25)
- 4 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Lunar (23.04), Mantic (23.10)
- Possible timing attack in the authentication module - could allow to enumerate user accounts
- XSS plus some info leaks as well
[USN-6530-1] HAProxy vulnerability (06:12)
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Lunar (23.04)
- Mishandling of # character in URIs could allow unexpected routing of a URI containing say
index.html#.png
to a static server (since usually is configured to route.png
to a static server, but in this case the request is really forindex.html
)
[USN-6531-1] Redis vulnerabilities (07:06)
- 6 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS)
- Heap overflow in cjson library able to be triggered by a Lua script -> RCE
- Race condition on setting permissions on the local unix socket - if using a less restrictive umask could allow a local attacker to race redis on startup
- Also various integer overflows and other issues fixed too
[USN-6494-2] Linux kernel vulnerabilities (08:08)
- 9 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM)
[USN-6495-2] Linux kernel vulnerabilities
- 2 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS)
[USN-6496-2] Linux kernel vulnerabilities
- 3 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
[USN-6502-4] Linux kernel vulnerabilities
- 5 CVEs addressed in Jammy (22.04 LTS), Lunar (23.04)
[USN-6532-1] Linux kernel vulnerabilities
- 10 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
[USN-6533-1] Linux kernel (OEM) vulnerabilities
- 2 CVEs addressed in Jammy (22.04 LTS)
[USN-6534-1] Linux kernel vulnerabilities
- 12 CVEs addressed in Jammy (22.04 LTS), Lunar (23.04)
Goings on in Ubuntu Security Community
Alex discusses the OpenSSF’s Compiler Options Hardening Guide for C/C++ with Mark Esler (08:38)
Get in contact
232 jaksoa
MP3•Jakson koti
Manage episode 388245533 series 2423058
Sisällön tarjoaa Alex Murray and Ubuntu Security Team. Alex Murray and Ubuntu Security Team tai sen podcast-alustan kumppani lataa ja toimittaa kaiken podcast-sisällön, mukaan lukien jaksot, grafiikat ja podcast-kuvaukset. Jos uskot jonkun käyttävän tekijänoikeudella suojattua teostasi ilman lupaasi, voit seurata tässä https://fi.player.fm/legal kuvattua prosessia.
Overview
Mark Esler is our special guest on the podcast this week to discuss the OpenSSF’s Compiler Options Hardening Guide for C/C++ plus we cover vulnerabilities and updates for GIMP, FreeRDP, GStreamer, HAProxy and more.
This week in Ubuntu Security Updates
65 unique CVEs addressed
[USN-6521-1] GIMP vulnerabilities (00:50)
- 6 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Lunar (23.04), Mantic (23.10)
- Includes 4 recent issues disclosed via Trend’s ZDI - all found by the same researcher - 2 heap buffer overflows in DDS and PSD parsers, ab integer overflow and a separate off-by-one error in the PSP parser which could apparently lead to remote code execution plus a couple DoS related issues (unhandled exception and an excessive memory allocation) - both leading to a crash
[USN-6522-1] FreeRDP vulnerabilities (01:39)
- 3 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Lunar (23.04), Mantic (23.10)
- Windows RDP client
- Malicious server could send a crafted drive redirect to the client - triggering an OOB read, causing the client to disclose memory contents and therefore possibly sensitive info to the server
- Plus an OOB write and an OOB read on crafted image data - both also likely leading to a crash
[USN-6523-1] u-boot-nezha vulnerability (02:19)
- 3 CVEs addressed in Jammy (22.04 LTS), Lunar (23.04)
- u-boot for the Allwinner Nezha RISC-V board
- Missing length checks in DFU parser -> heap buffer overflow
- 2 other buffer overflows when handling fragmented IP packets
[USN-6524-1] PyPy vulnerability (03:06)
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- Integer overflow leading to a buffer overflow in SHA3 - comes from the original reference implementation of SHA3
- Has affected a range of packages in Ubuntu
- PHP, Python itself and now PyPy
[USN-6525-1] pysha3 vulnerability (03:06)
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- Same as above
[USN-6519-2] EC2 hibagent update
- Affecting Xenial ESM (16.04 ESM)
[USN-6526-1] GStreamer Bad Plugins vulnerabilities (03:16)
- 6 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Lunar (23.04), Mantic (23.10)
- Heap overflow in PGS subtitle overlay decoder
- Various integer overflows -> heap buffer overflows in MXF container handler (Material Exchange Format) - apparently used for delivering advertisements to TV stations and for movies in commercial theatres - specifically in handling of files using AES3 audio
- MXF demuxer UAF
- AV1 buffer overflow
- Integer overflow -> stack overflow in H.256 parser
[USN-6527-1] OpenJDK vulnerabilities (04:09)
- 2 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Lunar (23.04), Mantic (23.10)
- 11.0.21 + 17.0.9
[USN-6528-1] OpenJDK 8 vulnerabilities (04:25)
- 4 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Lunar (23.04), Mantic (23.10)
- 8u392
[USN-6509-2] Firefox regressions (04:34)
- 10 CVEs addressed in Focal (20.04 LTS)
- 120.0.1 - in particular includes a fix where Firefox would crash immediately on startup but only for aarch64 (arm64) on Linux when using page sizes other than 4K - ie. as used in Apple silicon etc
[USN-6529-1] Request Tracker vulnerabilities (05:25)
- 4 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Lunar (23.04), Mantic (23.10)
- Possible timing attack in the authentication module - could allow to enumerate user accounts
- XSS plus some info leaks as well
[USN-6530-1] HAProxy vulnerability (06:12)
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Lunar (23.04)
- Mishandling of # character in URIs could allow unexpected routing of a URI containing say
index.html#.png
to a static server (since usually is configured to route.png
to a static server, but in this case the request is really forindex.html
)
[USN-6531-1] Redis vulnerabilities (07:06)
- 6 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS)
- Heap overflow in cjson library able to be triggered by a Lua script -> RCE
- Race condition on setting permissions on the local unix socket - if using a less restrictive umask could allow a local attacker to race redis on startup
- Also various integer overflows and other issues fixed too
[USN-6494-2] Linux kernel vulnerabilities (08:08)
- 9 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM)
[USN-6495-2] Linux kernel vulnerabilities
- 2 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS)
[USN-6496-2] Linux kernel vulnerabilities
- 3 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
[USN-6502-4] Linux kernel vulnerabilities
- 5 CVEs addressed in Jammy (22.04 LTS), Lunar (23.04)
[USN-6532-1] Linux kernel vulnerabilities
- 10 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
[USN-6533-1] Linux kernel (OEM) vulnerabilities
- 2 CVEs addressed in Jammy (22.04 LTS)
[USN-6534-1] Linux kernel vulnerabilities
- 12 CVEs addressed in Jammy (22.04 LTS), Lunar (23.04)
Goings on in Ubuntu Security Community
Alex discusses the OpenSSF’s Compiler Options Hardening Guide for C/C++ with Mark Esler (08:38)
Get in contact
232 jaksoa
Kaikki jaksot
×Tervetuloa Player FM:n!
Player FM skannaa verkkoa löytääkseen korkealaatuisia podcasteja, joista voit nauttia juuri nyt. Se on paras podcast-sovellus ja toimii Androidilla, iPhonela, ja verkossa. Rekisteröidy sykronoidaksesi tilaukset laitteiden välillä.