محتوای ارائه شده توسط Alex Murray and Ubuntu Security Team. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Alex Murray and Ubuntu Security Team یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
Episode 186
Manage episode 354977328 series 2423058
محتوای ارائه شده توسط Alex Murray and Ubuntu Security Team. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Alex Murray and Ubuntu Security Team یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Overview
The Ubuntu Security Podcast is back for 2023! We ease into the year with coverage of the recently announced launch of Ubuntu Pro as GA, plus we look at some recent vulns in git, sudo, OpenSSL and more.
This week in Ubuntu Security Updates
212 unique CVEs addressed
[USN-5778-1] X.Org X Server vulnerabilities
- 6 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5779-1] Linux kernel (Azure) vulnerabilities
- 9 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
[USN-5780-1] Linux kernel (OEM) vulnerabilities
- 5 CVEs addressed in Jammy (22.04 LTS)
[USN-5781-1] Emacs vulnerability
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-5782-1] Firefox vulnerabilities
- 7 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5783-1] Linux kernel (OEM) vulnerability
- 1 CVEs addressed in Jammy (22.04 LTS)
[USN-5784-1] usbredir vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5785-1] FreeRADIUS vulnerabilities
- 3 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
[USN-5786-1] GNOME Files vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5787-1] Libksba vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5782-2] Firefox regressions
- 7 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5789-1] Linux kernel (OEM) vulnerabilities
- 10 CVEs addressed in Focal (20.04 LTS)
[USN-5788-1] curl vulnerabilities
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5790-1] Linux kernel vulnerabilities
- 7 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
[USN-5791-1] Linux kernel vulnerabilities
- 10 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5792-1] Linux kernel vulnerabilities
- 13 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
[USN-5793-1] Linux kernel vulnerabilities
- 17 CVEs addressed in Kinetic (22.10)
[USN-5794-1] Linux kernel (AWS) vulnerabilities
- 4 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-5787-2] Libksba vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
[USN-5795-1] Net-SNMP vulnerabilities
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5796-1] w3m vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5797-1] WebKitGTK vulnerabilities
- 7 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5792-2] Linux kernel vulnerabilities
- 13 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
[USN-5793-2] Linux kernel (Azure) vulnerabilities
- 17 CVEs addressed in Kinetic (22.10)
[USN-5782-3] Firefox regressions
- 7 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5796-2] w3m vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM)
[USN-5798-1] .NET 6 vulnerability
- 1 CVEs addressed in Jammy (22.04 LTS), Kinetic (22.10)
[USN-5791-3] Linux kernel (Azure) vulnerabilities
- 10 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5793-3] Linux kernel vulnerabilities
- 17 CVEs addressed in Kinetic (22.10)
[USN-5793-4] Linux kernel (IBM) vulnerabilities
- 17 CVEs addressed in Kinetic (22.10)
[USN-5799-1] Linux kernel (OEM) vulnerability
- 1 CVEs addressed in Jammy (22.04 LTS)
[USN-5800-1] Heimdal vulnerabilities
- 4 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5802-1] Linux kernel vulnerabilities
- 4 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
[USN-5803-1] Linux kernel vulnerabilities
- 4 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5804-1] Linux kernel vulnerabilities
- 4 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5801-1] Vim vulnerabilities
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
[USN-5804-2] Linux kernel vulnerabilities
- 4 CVEs addressed in Bionic (18.04 LTS)
[USN-5805-1] Apache Maven vulnerability
- 1 CVEs addressed in Kinetic (22.10)
[USN-5795-2] Net-SNMP vulnerabilities
- 8 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
[USN-5808-1] Linux kernel (IBM) vulnerabilities
- 4 CVEs addressed in Bionic (18.04 LTS)
[USN-5810-1, USN-5810-2, USN-5810-3] Git vulnerabilities [01:16]
- 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
- Integer overflow when parsing really long paths specified in
.gitattributes
- But depends if file is in working tree, index or both since when parsed normally the parsing is done in chunks which mitigates the vuln
- leads to heap reads/writes -> RCE
- Integer overflow when using a crafted format specifier for git log or git archive
- Not too common to use random format specifiers, but how many people have wanted a prettier git log output, and copy-pasted something from stack overflow without understanding it?
- We talk about the provenance and integrity of code for OSS / supply chain attacks - interesting to think about it from a configuration / data point of view
- Can ChatGPT be poisoned to spit out dangerous configs?
[USN-5811-1, USN-5811-2, USN-5811-3] Sudo vulnerabilities [03:34]
- 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
- Most interesting was a vuln in sudoedit - ie the command to edit a file with sudo - launches your specified editor to edit the file
- The editor is specified via various environment variables -
SUDO_EDITOR
,VISUAL
orEDITOR
- these would normally specify the binary of the editor to use - But could also include extra arguments to pass to the editor - such as additional filenames by separating them with a double hyphen
--
- As such a user could set their
EDITOR=vim -- /etc/shadow
- then when sudoedit launches the editor for the originally specified file, would also launch it with this file too - Allows a user to bypass possible restrictions set via
/etc/sudoers
- ie since could be configured to only allow a user to edit say the apache config via sudoedit
[USN-5812-1] urllib3 vulnerability
- 1 CVEs addressed in Focal (20.04 LTS)
[USN-5810-2] Git regression
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5813-1] Linux kernel vulnerabilities
- 4 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5814-1] Linux kernel vulnerabilities
- 4 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5815-1] Linux kernel (BlueField) vulnerabilities
- 10 CVEs addressed in Focal (20.04 LTS)
[USN-5816-1] Firefox vulnerabilities
- 9 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5817-1] Setuptools vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5818-1] PHP vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5819-1] HAProxy vulnerability
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5806-2] Ruby vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5820-1] exuberant-ctags vulnerability
- 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5821-1] wheel vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5822-1] Samba vulnerabilities
- 7 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5823-1] MySQL vulnerabilities
- 20 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5823-2] MySQL vulnerability
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-5825-1] PAM vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5826-1] Privoxy vulnerabilities
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5827-1] Bind vulnerabilities
- 3 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5828-1] Kerberos vulnerabilities
- 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5829-1] Linux kernel (Raspberry Pi) vulnerabilities
- 4 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5822-2] Samba regression
- 7 CVEs addressed in Focal (20.04 LTS)
[USN-5830-1] Linux kernel vulnerabilities
- 4 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5831-1] Linux kernel (Azure CVM) vulnerabilities
- 4 CVEs addressed in Jammy (22.04 LTS)
[USN-5823-3] MySQL regression
- Affecting Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5832-1] Linux kernel (Raspberry Pi) vulnerabilities
- 4 CVEs addressed in Kinetic (22.10)
[USN-5833-1] python-future vulnerability
- 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5835-1] Cinder vulnerability
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5835-2] OpenStack Glance vulnerability
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5835-3] Nova vulnerability
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5834-1] Apache HTTP Server vulnerabilities
- 2 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-5836-1] Vim vulnerabilities
- 5 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
[USN-4781-2] Slurm vulnerabilities
- 9 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
[USN-5837-1] Django vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5839-1] Apache HTTP Server vulnerabilities
- 3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5838-1] AdvanceCOMP vulnerabilities
- 7 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5837-2] Django vulnerability
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-5839-2] Apache HTTP Server vulnerability
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-5840-1] Long Range ZIP vulnerabilities
- 6 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5841-1] LibTIFF vulnerabilities
- 6 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
[USN-5816-2] Firefox regressions
- 9 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5825-2] PAM regressions
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5824-1] Thunderbird vulnerabilities
- 29 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
- CVE-2023-0430
- CVE-2023-23603
- CVE-2023-23602
- CVE-2023-23601
- CVE-2023-23599
- CVE-2023-23598
- CVE-2022-46877
- CVE-2022-46874
- CVE-2022-46872
- CVE-2022-46871
- CVE-2022-45416
- CVE-2022-45414
- CVE-2022-45412
- CVE-2023-23605
- CVE-2022-46882
- CVE-2022-46881
- CVE-2022-46880
- CVE-2022-46878
- CVE-2022-45421
- CVE-2022-45420
- CVE-2022-45418
- CVE-2022-45411
- CVE-2022-45410
- CVE-2022-45409
- CVE-2022-45408
- CVE-2022-45406
- CVE-2022-45405
- CVE-2022-45404
- CVE-2022-45403
[USN-5842-1] EditorConfig Core C vulnerability [05:24]
- 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
- Discovered by Mark Esler and David Fernandez Gonzalez from Ubuntu Security team
- Will be discussed in more detail in an upcoming episode with an interview with both Mark and David - TL;DR - Mark decided to fuzz some regex handling in editorconfig-core-c whilst doing a security audit as part of the MIR process. This uncovered a few crashes which David then looked into an identified a heap buffer overflow. He then went further and was able to develop an input that would allow to jump to an arbitrary location, ie. code execution. So was able to demonstrate a heap buffer overflow that could lead to code execution from untrusted input data.
- Will have to wait for hopefully next weeks episode to get the real inside story
[USN-5843-1] tmux vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5810-3] Git vulnerabilities
- 2 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-5844-1, USN-5845-1, USN-5845-2] OpenSSL vulnerabilities [08:06]
- 8 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
- 2 CVEs addressed in Trusty ESM (14.04 ESM), Bionic (18.04 LTS)
- Most interesting issue was a type confusion in handling of X.509 certificates - when parsing the X.400 address would parse it as a string but other code would assume this was a simple type. As such, when comparing this to other values this would not be done correctly. Thus could bypass these checks, in particular which are used for CRL processing and that could then lead to the ability to read other memory contents or crash the application.
- So whilst not a heartbleed (since is a lot more complicated and doesn’t allow the same level of control of the memory which is read and hence is unlikely to be able to be used to read out private keys etc)
[USN-5846-1] X.Org X Server vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5847-1] Grunt vulnerabilities
- 3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
Goings on in Ubuntu Security Community
Ubuntu Pro GA [09:33]
- https://ubuntu.com/blog/ubuntu-pro-enters-ga
- https://ubuntu.com/pro
- https://www.omgubuntu.co.uk/2023/01/ubuntu-pro-general-availability
- In late January Canonical announced the general availability of Ubuntu Pro
- you may have noticed this in your apt update output, e.g.:
The following security updates require Ubuntu Pro with 'esm-apps' enabled: python2.7-minimal python2.7 libpython2.7-minimal libpython2.7-stdlib Learn more about Ubuntu Pro at https://ubuntu.com/pro
- you may have noticed this in your apt update output, e.g.:
- TL;DR - security team is now patching vulnerabilities in packages in the universe component of the Ubuntu archive
- these patched packages get published under the esm-apps service of Ubuntu Pro
- ESM has evolved from extended to expanded security maintenance
- not only can you get security updates for packages in main once a release reaches the end of the LTS period, you also get security updates for packages in universe both during the LTS period and during the 5 year ESM period too
- Ubuntu Pro gives 10 years of security support for both packages in both main and universe
- Ubuntu Pro is free for personal use on up to 5 machines (50 if you are an Ubuntu member)
- for commercial organisations, 30 day free trial
- More details in Ubuntu Pro Beta overview with Lech Sandecki and Eduardo Barretto from Episode 180
Hiring [12:58]
Chief Information Security Officer
Product Marketing Manager - Security
Security Certifications Product Manager - CIS, FIPS, FedRAMP and more
Ubuntu Security Manager
- Multiple possible focus areas:
- Security Maintenance (CVE and vulnerability addressing life cycle)
- Security Technology (AppArmor, Secureboot, and Cryptography)
- Certifications and Compliance (FIPS, CIS, FedRAMP)
Linux Cryptography and Security Engineer
Security Engineer - Ubuntu
Get in contact
231 قسمت
Manage episode 354977328 series 2423058
محتوای ارائه شده توسط Alex Murray and Ubuntu Security Team. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Alex Murray and Ubuntu Security Team یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Overview
The Ubuntu Security Podcast is back for 2023! We ease into the year with coverage of the recently announced launch of Ubuntu Pro as GA, plus we look at some recent vulns in git, sudo, OpenSSL and more.
This week in Ubuntu Security Updates
212 unique CVEs addressed
[USN-5778-1] X.Org X Server vulnerabilities
- 6 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5779-1] Linux kernel (Azure) vulnerabilities
- 9 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
[USN-5780-1] Linux kernel (OEM) vulnerabilities
- 5 CVEs addressed in Jammy (22.04 LTS)
[USN-5781-1] Emacs vulnerability
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-5782-1] Firefox vulnerabilities
- 7 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5783-1] Linux kernel (OEM) vulnerability
- 1 CVEs addressed in Jammy (22.04 LTS)
[USN-5784-1] usbredir vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5785-1] FreeRADIUS vulnerabilities
- 3 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
[USN-5786-1] GNOME Files vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5787-1] Libksba vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5782-2] Firefox regressions
- 7 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5789-1] Linux kernel (OEM) vulnerabilities
- 10 CVEs addressed in Focal (20.04 LTS)
[USN-5788-1] curl vulnerabilities
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5790-1] Linux kernel vulnerabilities
- 7 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
[USN-5791-1] Linux kernel vulnerabilities
- 10 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5792-1] Linux kernel vulnerabilities
- 13 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
[USN-5793-1] Linux kernel vulnerabilities
- 17 CVEs addressed in Kinetic (22.10)
[USN-5794-1] Linux kernel (AWS) vulnerabilities
- 4 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-5787-2] Libksba vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
[USN-5795-1] Net-SNMP vulnerabilities
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5796-1] w3m vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5797-1] WebKitGTK vulnerabilities
- 7 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5792-2] Linux kernel vulnerabilities
- 13 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
[USN-5793-2] Linux kernel (Azure) vulnerabilities
- 17 CVEs addressed in Kinetic (22.10)
[USN-5782-3] Firefox regressions
- 7 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5796-2] w3m vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM)
[USN-5798-1] .NET 6 vulnerability
- 1 CVEs addressed in Jammy (22.04 LTS), Kinetic (22.10)
[USN-5791-3] Linux kernel (Azure) vulnerabilities
- 10 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5793-3] Linux kernel vulnerabilities
- 17 CVEs addressed in Kinetic (22.10)
[USN-5793-4] Linux kernel (IBM) vulnerabilities
- 17 CVEs addressed in Kinetic (22.10)
[USN-5799-1] Linux kernel (OEM) vulnerability
- 1 CVEs addressed in Jammy (22.04 LTS)
[USN-5800-1] Heimdal vulnerabilities
- 4 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5802-1] Linux kernel vulnerabilities
- 4 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
[USN-5803-1] Linux kernel vulnerabilities
- 4 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5804-1] Linux kernel vulnerabilities
- 4 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5801-1] Vim vulnerabilities
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
[USN-5804-2] Linux kernel vulnerabilities
- 4 CVEs addressed in Bionic (18.04 LTS)
[USN-5805-1] Apache Maven vulnerability
- 1 CVEs addressed in Kinetic (22.10)
[USN-5795-2] Net-SNMP vulnerabilities
- 8 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
[USN-5808-1] Linux kernel (IBM) vulnerabilities
- 4 CVEs addressed in Bionic (18.04 LTS)
[USN-5810-1, USN-5810-2, USN-5810-3] Git vulnerabilities [01:16]
- 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
- Integer overflow when parsing really long paths specified in
.gitattributes
- But depends if file is in working tree, index or both since when parsed normally the parsing is done in chunks which mitigates the vuln
- leads to heap reads/writes -> RCE
- Integer overflow when using a crafted format specifier for git log or git archive
- Not too common to use random format specifiers, but how many people have wanted a prettier git log output, and copy-pasted something from stack overflow without understanding it?
- We talk about the provenance and integrity of code for OSS / supply chain attacks - interesting to think about it from a configuration / data point of view
- Can ChatGPT be poisoned to spit out dangerous configs?
[USN-5811-1, USN-5811-2, USN-5811-3] Sudo vulnerabilities [03:34]
- 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
- Most interesting was a vuln in sudoedit - ie the command to edit a file with sudo - launches your specified editor to edit the file
- The editor is specified via various environment variables -
SUDO_EDITOR
,VISUAL
orEDITOR
- these would normally specify the binary of the editor to use - But could also include extra arguments to pass to the editor - such as additional filenames by separating them with a double hyphen
--
- As such a user could set their
EDITOR=vim -- /etc/shadow
- then when sudoedit launches the editor for the originally specified file, would also launch it with this file too - Allows a user to bypass possible restrictions set via
/etc/sudoers
- ie since could be configured to only allow a user to edit say the apache config via sudoedit
[USN-5812-1] urllib3 vulnerability
- 1 CVEs addressed in Focal (20.04 LTS)
[USN-5810-2] Git regression
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5813-1] Linux kernel vulnerabilities
- 4 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5814-1] Linux kernel vulnerabilities
- 4 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5815-1] Linux kernel (BlueField) vulnerabilities
- 10 CVEs addressed in Focal (20.04 LTS)
[USN-5816-1] Firefox vulnerabilities
- 9 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5817-1] Setuptools vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5818-1] PHP vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5819-1] HAProxy vulnerability
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5806-2] Ruby vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5820-1] exuberant-ctags vulnerability
- 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5821-1] wheel vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5822-1] Samba vulnerabilities
- 7 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5823-1] MySQL vulnerabilities
- 20 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5823-2] MySQL vulnerability
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-5825-1] PAM vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5826-1] Privoxy vulnerabilities
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5827-1] Bind vulnerabilities
- 3 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5828-1] Kerberos vulnerabilities
- 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5829-1] Linux kernel (Raspberry Pi) vulnerabilities
- 4 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5822-2] Samba regression
- 7 CVEs addressed in Focal (20.04 LTS)
[USN-5830-1] Linux kernel vulnerabilities
- 4 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5831-1] Linux kernel (Azure CVM) vulnerabilities
- 4 CVEs addressed in Jammy (22.04 LTS)
[USN-5823-3] MySQL regression
- Affecting Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5832-1] Linux kernel (Raspberry Pi) vulnerabilities
- 4 CVEs addressed in Kinetic (22.10)
[USN-5833-1] python-future vulnerability
- 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5835-1] Cinder vulnerability
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5835-2] OpenStack Glance vulnerability
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5835-3] Nova vulnerability
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5834-1] Apache HTTP Server vulnerabilities
- 2 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-5836-1] Vim vulnerabilities
- 5 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
[USN-4781-2] Slurm vulnerabilities
- 9 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
[USN-5837-1] Django vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5839-1] Apache HTTP Server vulnerabilities
- 3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5838-1] AdvanceCOMP vulnerabilities
- 7 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5837-2] Django vulnerability
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-5839-2] Apache HTTP Server vulnerability
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-5840-1] Long Range ZIP vulnerabilities
- 6 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5841-1] LibTIFF vulnerabilities
- 6 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
[USN-5816-2] Firefox regressions
- 9 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5825-2] PAM regressions
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5824-1] Thunderbird vulnerabilities
- 29 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
- CVE-2023-0430
- CVE-2023-23603
- CVE-2023-23602
- CVE-2023-23601
- CVE-2023-23599
- CVE-2023-23598
- CVE-2022-46877
- CVE-2022-46874
- CVE-2022-46872
- CVE-2022-46871
- CVE-2022-45416
- CVE-2022-45414
- CVE-2022-45412
- CVE-2023-23605
- CVE-2022-46882
- CVE-2022-46881
- CVE-2022-46880
- CVE-2022-46878
- CVE-2022-45421
- CVE-2022-45420
- CVE-2022-45418
- CVE-2022-45411
- CVE-2022-45410
- CVE-2022-45409
- CVE-2022-45408
- CVE-2022-45406
- CVE-2022-45405
- CVE-2022-45404
- CVE-2022-45403
[USN-5842-1] EditorConfig Core C vulnerability [05:24]
- 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
- Discovered by Mark Esler and David Fernandez Gonzalez from Ubuntu Security team
- Will be discussed in more detail in an upcoming episode with an interview with both Mark and David - TL;DR - Mark decided to fuzz some regex handling in editorconfig-core-c whilst doing a security audit as part of the MIR process. This uncovered a few crashes which David then looked into an identified a heap buffer overflow. He then went further and was able to develop an input that would allow to jump to an arbitrary location, ie. code execution. So was able to demonstrate a heap buffer overflow that could lead to code execution from untrusted input data.
- Will have to wait for hopefully next weeks episode to get the real inside story
[USN-5843-1] tmux vulnerability
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5810-3] Git vulnerabilities
- 2 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-5844-1, USN-5845-1, USN-5845-2] OpenSSL vulnerabilities [08:06]
- 8 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
- 2 CVEs addressed in Trusty ESM (14.04 ESM), Bionic (18.04 LTS)
- Most interesting issue was a type confusion in handling of X.509 certificates - when parsing the X.400 address would parse it as a string but other code would assume this was a simple type. As such, when comparing this to other values this would not be done correctly. Thus could bypass these checks, in particular which are used for CRL processing and that could then lead to the ability to read other memory contents or crash the application.
- So whilst not a heartbleed (since is a lot more complicated and doesn’t allow the same level of control of the memory which is read and hence is unlikely to be able to be used to read out private keys etc)
[USN-5846-1] X.Org X Server vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
[USN-5847-1] Grunt vulnerabilities
- 3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
Goings on in Ubuntu Security Community
Ubuntu Pro GA [09:33]
- https://ubuntu.com/blog/ubuntu-pro-enters-ga
- https://ubuntu.com/pro
- https://www.omgubuntu.co.uk/2023/01/ubuntu-pro-general-availability
- In late January Canonical announced the general availability of Ubuntu Pro
- you may have noticed this in your apt update output, e.g.:
The following security updates require Ubuntu Pro with 'esm-apps' enabled: python2.7-minimal python2.7 libpython2.7-minimal libpython2.7-stdlib Learn more about Ubuntu Pro at https://ubuntu.com/pro
- you may have noticed this in your apt update output, e.g.:
- TL;DR - security team is now patching vulnerabilities in packages in the universe component of the Ubuntu archive
- these patched packages get published under the esm-apps service of Ubuntu Pro
- ESM has evolved from extended to expanded security maintenance
- not only can you get security updates for packages in main once a release reaches the end of the LTS period, you also get security updates for packages in universe both during the LTS period and during the 5 year ESM period too
- Ubuntu Pro gives 10 years of security support for both packages in both main and universe
- Ubuntu Pro is free for personal use on up to 5 machines (50 if you are an Ubuntu member)
- for commercial organisations, 30 day free trial
- More details in Ubuntu Pro Beta overview with Lech Sandecki and Eduardo Barretto from Episode 180
Hiring [12:58]
Chief Information Security Officer
Product Marketing Manager - Security
Security Certifications Product Manager - CIS, FIPS, FedRAMP and more
Ubuntu Security Manager
- Multiple possible focus areas:
- Security Maintenance (CVE and vulnerability addressing life cycle)
- Security Technology (AppArmor, Secureboot, and Cryptography)
- Certifications and Compliance (FIPS, CIS, FedRAMP)
Linux Cryptography and Security Engineer
Security Engineer - Ubuntu
Get in contact
231 قسمت
همه قسمت ها
×به Player FM خوش آمدید!
Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.