This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Alex Murray and Ubuntu Security Team에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Alex Murray and Ubuntu Security Team 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Player FM -팟 캐스트 앱
Player FM 앱으로 오프라인으로 전환하세요!
Player FM 앱으로 오프라인으로 전환하세요!
Episode 114
Manage episode 291815272 series 2423058
Alex Murray and Ubuntu Security Team에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Alex Murray and Ubuntu Security Team 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Overview
This week we look at the response from the Linux Technical Advisory Board to the UMN Linux kernel incident, plus we cover the 21Nails Exim vulnerabilities as well as updates for Bind, Samba, OpenVPN and more.
This week in Ubuntu Security Updates
40 unique CVEs addressed
[USN-4928-1] GStreamer Good Plugins vulnerabilities [00:40]
- 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- UAF or heap corruption when handling crafted Matroska files - crash / RCE
[USN-4929-1] Bind vulnerabilities [01:18]
- 3 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- 2 possible crasher bugs (failed assertions) -> DoS, 1 buffer over-read or possible overflow -> crash / RCE
[USN-4930-1] Samba vulnerability [02:08]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Failed to properly handle negative idmap cache entries - could then end up with incorrect group entries and as such could possibly allow a user to access / modify files they should not have access to
[USN-4931-1] Samba vulnerabilities [02:51]
- 4 CVEs addressed in Trusty ESM (14.04 ESM)
- negative idmap cache entries issue plus some older vulns (Episode 95)
[LSN-0076-1] Linux kernel vulnerability [03:03]
- 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- 2 local user privesc vulns fixed:
- BPF JIT branch displacement issue (Episode 112)
- Overlayfs / file system capabilities interaction
[USN-4918-3] ClamAV regression [03:52]
- 3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Previous clamav update (back in April ) introduced a regression where clamdscan would crash if called with –multiscan and –fdpass AND you had an ExcludePath configured in the configuration - backported the upstream commit from the development branch to fix this
[USN-4932-1] Django vulnerability [04:30]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Directory traversal via uploaded files with crafted names
[USN-4933-1] OpenVPN vulnerabilities [04:47]
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Race condition in handling of data packets could allow an attacker to inject a packet using a victim’s peer-id before the crypto channel is properly initialised - could cause the victim’s connection to be dropped (DoS) but doesn’t appear to expose any sensitive info etc
- Attackers could possibly bypass auth on control channel and hence leak info
[USN-4934-1] Exim vulnerabilities [05:39]
- 21 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- CVE-2021-27216
- CVE-2020-28026
- CVE-2020-28025
- CVE-2020-28024
- CVE-2020-28023
- CVE-2020-28022
- CVE-2020-28021
- CVE-2020-28020
- CVE-2020-28019
- CVE-2020-28018
- CVE-2020-28017
- CVE-2020-28016
- CVE-2020-28015
- CVE-2020-28014
- CVE-2020-28013
- CVE-2020-28012
- CVE-2020-28011
- CVE-2020-28010
- CVE-2020-28009
- CVE-2020-28008
- CVE-2020-28007
- Qualsys - 21Nails - various vulns which could be chained together to get full remote unauthenticated RCE and root privesc
- Possibly 60% of internet mail servers run exim and 4 million are publicly accessible
- Previously has been a target of Sandworm
- In the process of preparing the updates for 16.04 / 14.04 ESM - expect to be available in the next day or 2 so most likely will already be out by the time you are listening to this
[USN-4935-1] NVIDIA graphics drivers vulnerabilities [07:58]
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Not much detail from NVIDIA
- improper access control -> DoS, infoleak or data corruption -> privesc etc
- incorrect use of reference counting -> DoS (crash?) (UAF?)
Goings on in Ubuntu Security Community
Linux Technical Advisory Board response to UMN incident [08:56]
- Covered in Episode 113
- https://lore.kernel.org/lkml/202105051005.49BFABCE@keescook/
- Kees Cook (previously inaugural Tech Lead of Ubuntu Security Team) posted to LKML the Tab’s report (various folks from across the Linux Kernel community, including from Red Hat, Google, Canonical and others)
- Detailed timeline of events, identification of the “hypocrite” commits in question
- Recommendations going forward
- UMN must improve quality of their submissions since even for a lot of what were good-faith patches, they actually had issues and either didn’t fix the purported issue or tried to fix a non-issue
- TAB will create a best-practices document for all research groups when working with the kernel or other open source projects
Hiring [11:36]
AppArmor Security Engineer
Linux Cryptography and Security Engineer
Security Engineer - Ubuntu
Get in contact
231 에피소드
Manage episode 291815272 series 2423058
Alex Murray and Ubuntu Security Team에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Alex Murray and Ubuntu Security Team 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Overview
This week we look at the response from the Linux Technical Advisory Board to the UMN Linux kernel incident, plus we cover the 21Nails Exim vulnerabilities as well as updates for Bind, Samba, OpenVPN and more.
This week in Ubuntu Security Updates
40 unique CVEs addressed
[USN-4928-1] GStreamer Good Plugins vulnerabilities [00:40]
- 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- UAF or heap corruption when handling crafted Matroska files - crash / RCE
[USN-4929-1] Bind vulnerabilities [01:18]
- 3 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- 2 possible crasher bugs (failed assertions) -> DoS, 1 buffer over-read or possible overflow -> crash / RCE
[USN-4930-1] Samba vulnerability [02:08]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Failed to properly handle negative idmap cache entries - could then end up with incorrect group entries and as such could possibly allow a user to access / modify files they should not have access to
[USN-4931-1] Samba vulnerabilities [02:51]
- 4 CVEs addressed in Trusty ESM (14.04 ESM)
- negative idmap cache entries issue plus some older vulns (Episode 95)
[LSN-0076-1] Linux kernel vulnerability [03:03]
- 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- 2 local user privesc vulns fixed:
- BPF JIT branch displacement issue (Episode 112)
- Overlayfs / file system capabilities interaction
[USN-4918-3] ClamAV regression [03:52]
- 3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Previous clamav update (back in April ) introduced a regression where clamdscan would crash if called with –multiscan and –fdpass AND you had an ExcludePath configured in the configuration - backported the upstream commit from the development branch to fix this
[USN-4932-1] Django vulnerability [04:30]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Directory traversal via uploaded files with crafted names
[USN-4933-1] OpenVPN vulnerabilities [04:47]
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Race condition in handling of data packets could allow an attacker to inject a packet using a victim’s peer-id before the crypto channel is properly initialised - could cause the victim’s connection to be dropped (DoS) but doesn’t appear to expose any sensitive info etc
- Attackers could possibly bypass auth on control channel and hence leak info
[USN-4934-1] Exim vulnerabilities [05:39]
- 21 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- CVE-2021-27216
- CVE-2020-28026
- CVE-2020-28025
- CVE-2020-28024
- CVE-2020-28023
- CVE-2020-28022
- CVE-2020-28021
- CVE-2020-28020
- CVE-2020-28019
- CVE-2020-28018
- CVE-2020-28017
- CVE-2020-28016
- CVE-2020-28015
- CVE-2020-28014
- CVE-2020-28013
- CVE-2020-28012
- CVE-2020-28011
- CVE-2020-28010
- CVE-2020-28009
- CVE-2020-28008
- CVE-2020-28007
- Qualsys - 21Nails - various vulns which could be chained together to get full remote unauthenticated RCE and root privesc
- Possibly 60% of internet mail servers run exim and 4 million are publicly accessible
- Previously has been a target of Sandworm
- In the process of preparing the updates for 16.04 / 14.04 ESM - expect to be available in the next day or 2 so most likely will already be out by the time you are listening to this
[USN-4935-1] NVIDIA graphics drivers vulnerabilities [07:58]
- 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10), Hirsute (21.04)
- Not much detail from NVIDIA
- improper access control -> DoS, infoleak or data corruption -> privesc etc
- incorrect use of reference counting -> DoS (crash?) (UAF?)
Goings on in Ubuntu Security Community
Linux Technical Advisory Board response to UMN incident [08:56]
- Covered in Episode 113
- https://lore.kernel.org/lkml/202105051005.49BFABCE@keescook/
- Kees Cook (previously inaugural Tech Lead of Ubuntu Security Team) posted to LKML the Tab’s report (various folks from across the Linux Kernel community, including from Red Hat, Google, Canonical and others)
- Detailed timeline of events, identification of the “hypocrite” commits in question
- Recommendations going forward
- UMN must improve quality of their submissions since even for a lot of what were good-faith patches, they actually had issues and either didn’t fix the purported issue or tried to fix a non-issue
- TAB will create a best-practices document for all research groups when working with the kernel or other open source projects
Hiring [11:36]
AppArmor Security Engineer
Linux Cryptography and Security Engineer
Security Engineer - Ubuntu
Get in contact
231 에피소드
모든 에피소드
×플레이어 FM에 오신것을 환영합니다!
플레이어 FM은 웹에서 고품질 팟캐스트를 검색하여 지금 바로 즐길 수 있도록 합니다. 최고의 팟캐스트 앱이며 Android, iPhone 및 웹에서도 작동합니다. 장치 간 구독 동기화를 위해 가입하세요.