This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
محتوای ارائه شده توسط Alex Murray and Ubuntu Security Team. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Alex Murray and Ubuntu Security Team یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
مشابه Ubuntu Security Podcast
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
))
Episode 194
Manage episode 363041264 series 2423058
محتوای ارائه شده توسط Alex Murray and Ubuntu Security Team. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Alex Murray and Ubuntu Security Team یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Overview
The team are back from Prague and bring with them a new segment, drilling into recent academic research in the cybersecurity space - for this inaugural segment new team member Andrei looks at modelling of attacks against network intrusion detections systems, plus we cover the week in security updates looking at vulnerabilities in Django, Ruby, Linux kernel, Erlang, OpenStack and more.
This week in Ubuntu Security Updates
57 unique CVEs addressed
[USN-6054-1] Django vulnerability (00:55)
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)
- Django supports file uploading via various form constructs - it then performs validation on the file
- Was possible to upload multiple files via the form by attacking more than one HTML attribute to the form - in this case though only the last file would be validated - and so other files would escape validation
- Fixed to have Django raise an error in the case that an application tries to use these forms for multiple files and adds a new option to restore the old behaviour if really desired - AND it adds support for validating all files in this case.
[USN-6055-1] Ruby vulnerabilities (02:11)
- 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
- Two ReDoS issues - ability to cause a CPU-based DoS through crafted input that is then validated by a regex which takes an inordinate amount of time to run
- one in URI parsing and the other in Time parsing
[USN-6055-2] Ruby regression (03:11)
- 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
- The URI parser regex fix caused a regression and so was reverted - is still under investigation and hope to fix it again in a future update
[USN-6056-1] Linux kernel (OEM) vulnerability (03:13)
- 1 CVEs addressed in Jammy (22.04 LTS)
- UAF in Xen Plan 9 file system protocol -> DoS / info leak
[USN-6057-1] Linux kernel (Intel IoTG) vulnerabilities (03:31)
- 10 CVEs addressed in Jammy (22.04 LTS)
- OverlayFS is a union file-system, allowing one FS to be stacked on top of another - often used for things like schroots where you want to have the pristine source and then a working session chroot where you can make changes and then finally dispose of the whole thing back to the original
- Interaction with setuid binaries and the nosuid mount option - nosuid means the suid bit is ignored - in this case, if had setup an overlay with the base file-system mounted nosuid, then in some cases it would be possible to copy up an suid binary as an unprivileged user and have it retain the suid bit - and then the user could just execute it to gain root privileges
- UAF in Traffic-Control Index (TCINDEX) filter - found in March this year
[USN-6058-1] Linux kernel vulnerability (05:45)
- 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
- Another UAF in Traffic-Control Index (TCINDEX) filter from April this year - seems upstream is sick of these UAFs in TCINDEX so their fix simply removes this classifier from the kernel and hence so does ours - in general we try not to introduce breaking changes but in this case prefer to stay consistent with upstream - also upstream say this does not have many known users anyway
[USN-6059-1] Erlang vulnerability (06:23)
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
- Failed to properly maintain state during TLS handshake when validating client certificate - basically a malicious client could send the certificate and then simply omit the TLS handshake message which tells the server to validate the cert and the server state would then show the cert had been validated
- Note only affects Erlang applications that use client certificates for authentication (ie. the
'{verify, verify_peer}'SSL option) - Still planning to try and update erlang in bionic (18.04 LTS) but backport is more complicated
[USN-6060-1, USN-6060-2] MySQL vulnerabilities (07:40)
- 20 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)
- 2 CVEs addressed in Xenial ESM (16.04 ESM)
- Latest upstream releases
- 8.0.33 for 20.04 LTS, 22.04 LTS, 22.10, and Lunar (23.04)
- 5.7.42 for 16.04 ESM and 18.04 LTS
- As is the latest upstream point release, also includes bug fixes and possibly new features / incompatible changes - full list of details from upstream:
[USN-6061-1] WebKitGTK vulnerabilities (08:14)
- 6 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)
- Various UAFs plus ability to track users across origins or bypass same origin policy
[USN-6062-1] FreeType vulnerability (08:38)
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)
- Integer overflow when parsing a malformed font - DoS / RCE (particurly with the advent of web fonts)
[USN-6063-1] Ceph vulnerabilities (09:03)
- 4 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
- backport of:
- 17.2.5 for 22.10, 22.04 LTS
- 15.2.17 for 20.04 LTS
- 12.2.13 for 18.04 LTS
[USN-6066-1] OpenStack Heat vulnerability (09:29)
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- Orchestration Service for OpenStack - info leak via API
[USN-6067-1] OpenStack Neutron vulnerabilities (09:39)
- 5 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
- Virtual Network Service
[USN-6068-1] Open vSwitch vulnerability (09:45)
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
- Failed to properly handle IP packets which specified a protocol of 0 (used in IPv6 to specify hop-by-hop options) - if a packet with protocol 0 was encountered, OVS would install a dataflow path for both kernel and userspace which would match on ALL IP protocols for this flow - so this would then possibly match against other IP packets and so cause them to be handled incorrectly (possibly allowing when should have been denied etc)
[USN-6065-1] css-what vulnerabilities (10:43)
- 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
- CSS selector parser for NodeJS
- Two ReDoS issues
[USN-6064-1] SQL parse vulnerability (11:00)
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)
- Another ReDoS
Goings on in Ubuntu Security Community
Ubuntu 23.10 release cycle opens (11:41)
- The Ubuntu Security is back from Prague (Engineering Sprint) - spent the week diving deep into various aspects like what kinds of tooling and processes we want to try and improve across the team, talking about the culture and history of the team to make sure we maintain our great culture as the team grows.
- Even discussing mundane stuff like how to refer to and name security updates which go into Ubuntu Pro vs the regular Ubuntu Archive - making sure it is clear to consumers of our USNs etc what is where, plus the various policies around updated for Ubuntu Pro
- Sessions devoted to snaps and how to do appropriate security reviews for them plus how to coordinate better with the snapd team
- Even looking at tech debt within our team and our tooling and how we can try and tackle some of that
- As for more concrete plans for the security team during 23.10
- continue the work to use AppArmor to enable tighter controls over unprivileged user namespaces within Ubuntu
- various improvements to our OVAL feeds to make them more useful to users and customers alike
- utilising the Canonical Hardware Certifications Lab for testing of security updates for packages that require particular hardware (think things like
intel-microcode,nvme-cli, various graphics drivers etc) - Improvements to AppArmor for more fine-grained network mediation and
io_uring - More work on supporting various confidential computing use-cases (for an introduction to these types of topics see https://ubuntu.com/engage/introduction-to-confidential-computing-webinar)
- Usual work on FIPS / CIS / DISA-STIG updates plus usual security maintenance
Academic paper review with Andrei Iosif (14:40)
- New segment to dig into the details of various interesting cybersecurity research papers
- Andrei joined the team just over 1 month ago - previously was Tech Lead at a SecOps startup developing open source tools for automating various cybersecurity solutions - brings a wide range of great experience to our team
- Modeling Realistic Adversarial Attacks against Network Intrusion Detection Systems
- Looks at what the study was about (developing a model for attacks against Network Intrusion Detection Systems, with a particular focus on IDSs that are based on AI/ML approaches)
Get in contact
230 قسمت
اشتراک گذاری
Manage episode 363041264 series 2423058
محتوای ارائه شده توسط Alex Murray and Ubuntu Security Team. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Alex Murray and Ubuntu Security Team یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Overview
The team are back from Prague and bring with them a new segment, drilling into recent academic research in the cybersecurity space - for this inaugural segment new team member Andrei looks at modelling of attacks against network intrusion detections systems, plus we cover the week in security updates looking at vulnerabilities in Django, Ruby, Linux kernel, Erlang, OpenStack and more.
This week in Ubuntu Security Updates
57 unique CVEs addressed
[USN-6054-1] Django vulnerability (00:55)
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)
- Django supports file uploading via various form constructs - it then performs validation on the file
- Was possible to upload multiple files via the form by attacking more than one HTML attribute to the form - in this case though only the last file would be validated - and so other files would escape validation
- Fixed to have Django raise an error in the case that an application tries to use these forms for multiple files and adds a new option to restore the old behaviour if really desired - AND it adds support for validating all files in this case.
[USN-6055-1] Ruby vulnerabilities (02:11)
- 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
- Two ReDoS issues - ability to cause a CPU-based DoS through crafted input that is then validated by a regex which takes an inordinate amount of time to run
- one in URI parsing and the other in Time parsing
[USN-6055-2] Ruby regression (03:11)
- 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
- The URI parser regex fix caused a regression and so was reverted - is still under investigation and hope to fix it again in a future update
[USN-6056-1] Linux kernel (OEM) vulnerability (03:13)
- 1 CVEs addressed in Jammy (22.04 LTS)
- UAF in Xen Plan 9 file system protocol -> DoS / info leak
[USN-6057-1] Linux kernel (Intel IoTG) vulnerabilities (03:31)
- 10 CVEs addressed in Jammy (22.04 LTS)
- OverlayFS is a union file-system, allowing one FS to be stacked on top of another - often used for things like schroots where you want to have the pristine source and then a working session chroot where you can make changes and then finally dispose of the whole thing back to the original
- Interaction with setuid binaries and the nosuid mount option - nosuid means the suid bit is ignored - in this case, if had setup an overlay with the base file-system mounted nosuid, then in some cases it would be possible to copy up an suid binary as an unprivileged user and have it retain the suid bit - and then the user could just execute it to gain root privileges
- UAF in Traffic-Control Index (TCINDEX) filter - found in March this year
[USN-6058-1] Linux kernel vulnerability (05:45)
- 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
- Another UAF in Traffic-Control Index (TCINDEX) filter from April this year - seems upstream is sick of these UAFs in TCINDEX so their fix simply removes this classifier from the kernel and hence so does ours - in general we try not to introduce breaking changes but in this case prefer to stay consistent with upstream - also upstream say this does not have many known users anyway
[USN-6059-1] Erlang vulnerability (06:23)
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
- Failed to properly maintain state during TLS handshake when validating client certificate - basically a malicious client could send the certificate and then simply omit the TLS handshake message which tells the server to validate the cert and the server state would then show the cert had been validated
- Note only affects Erlang applications that use client certificates for authentication (ie. the
'{verify, verify_peer}'SSL option) - Still planning to try and update erlang in bionic (18.04 LTS) but backport is more complicated
[USN-6060-1, USN-6060-2] MySQL vulnerabilities (07:40)
- 20 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)
- 2 CVEs addressed in Xenial ESM (16.04 ESM)
- Latest upstream releases
- 8.0.33 for 20.04 LTS, 22.04 LTS, 22.10, and Lunar (23.04)
- 5.7.42 for 16.04 ESM and 18.04 LTS
- As is the latest upstream point release, also includes bug fixes and possibly new features / incompatible changes - full list of details from upstream:
[USN-6061-1] WebKitGTK vulnerabilities (08:14)
- 6 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)
- Various UAFs plus ability to track users across origins or bypass same origin policy
[USN-6062-1] FreeType vulnerability (08:38)
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)
- Integer overflow when parsing a malformed font - DoS / RCE (particurly with the advent of web fonts)
[USN-6063-1] Ceph vulnerabilities (09:03)
- 4 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
- backport of:
- 17.2.5 for 22.10, 22.04 LTS
- 15.2.17 for 20.04 LTS
- 12.2.13 for 18.04 LTS
[USN-6066-1] OpenStack Heat vulnerability (09:29)
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- Orchestration Service for OpenStack - info leak via API
[USN-6067-1] OpenStack Neutron vulnerabilities (09:39)
- 5 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
- Virtual Network Service
[USN-6068-1] Open vSwitch vulnerability (09:45)
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
- Failed to properly handle IP packets which specified a protocol of 0 (used in IPv6 to specify hop-by-hop options) - if a packet with protocol 0 was encountered, OVS would install a dataflow path for both kernel and userspace which would match on ALL IP protocols for this flow - so this would then possibly match against other IP packets and so cause them to be handled incorrectly (possibly allowing when should have been denied etc)
[USN-6065-1] css-what vulnerabilities (10:43)
- 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
- CSS selector parser for NodeJS
- Two ReDoS issues
[USN-6064-1] SQL parse vulnerability (11:00)
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)
- Another ReDoS
Goings on in Ubuntu Security Community
Ubuntu 23.10 release cycle opens (11:41)
- The Ubuntu Security is back from Prague (Engineering Sprint) - spent the week diving deep into various aspects like what kinds of tooling and processes we want to try and improve across the team, talking about the culture and history of the team to make sure we maintain our great culture as the team grows.
- Even discussing mundane stuff like how to refer to and name security updates which go into Ubuntu Pro vs the regular Ubuntu Archive - making sure it is clear to consumers of our USNs etc what is where, plus the various policies around updated for Ubuntu Pro
- Sessions devoted to snaps and how to do appropriate security reviews for them plus how to coordinate better with the snapd team
- Even looking at tech debt within our team and our tooling and how we can try and tackle some of that
- As for more concrete plans for the security team during 23.10
- continue the work to use AppArmor to enable tighter controls over unprivileged user namespaces within Ubuntu
- various improvements to our OVAL feeds to make them more useful to users and customers alike
- utilising the Canonical Hardware Certifications Lab for testing of security updates for packages that require particular hardware (think things like
intel-microcode,nvme-cli, various graphics drivers etc) - Improvements to AppArmor for more fine-grained network mediation and
io_uring - More work on supporting various confidential computing use-cases (for an introduction to these types of topics see https://ubuntu.com/engage/introduction-to-confidential-computing-webinar)
- Usual work on FIPS / CIS / DISA-STIG updates plus usual security maintenance
Academic paper review with Andrei Iosif (14:40)
- New segment to dig into the details of various interesting cybersecurity research papers
- Andrei joined the team just over 1 month ago - previously was Tech Lead at a SecOps startup developing open source tools for automating various cybersecurity solutions - brings a wide range of great experience to our team
- Modeling Realistic Adversarial Attacks against Network Intrusion Detection Systems
- Looks at what the study was about (developing a model for attacks against Network Intrusion Detection Systems, with a particular focus on IDSs that are based on AI/ML approaches)
Get in contact
230 قسمت
همه قسمت ها
×
به Player FM خوش آمدید!
Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.
مشابه Ubuntu Security Podcast
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
