This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Alex Murray and Ubuntu Security Team에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Alex Murray and Ubuntu Security Team 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Ubuntu Security Podcast와 비슷한 콘텐츠
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Player FM -팟 캐스트 앱
Player FM 앱으로 오프라인으로 전환하세요!
Player FM 앱으로 오프라인으로 전환하세요!
))
Episode 134
Manage episode 304642062 series 2423058
Alex Murray and Ubuntu Security Team에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Alex Murray and Ubuntu Security Team 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Overview
It’s release week! As Ubuntu 21.10 Impish Indri is released we take a look at some of the new security features it brings, plus we cover security updates for containerd, MongoDB, Mercurial, docker.io and more.
This week in Ubuntu Security Updates
58 unique CVEs addressed
[USN-5095-1] Apache Commons IO vulnerability [00:46]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- Failed to properly sanitize filenames in
FileNameUtils.normalize()- should remove relative path components like../but if contained leading double-slashes this would fail - and the original path would be returned without alteration - so could then possibly get relative directory traversal to the parent directory depending on how this returned value was used.
[USN-5096-1] Linux kernel (OEM) vulnerabilities
- 16 CVEs addressed in Focal (20.04 LTS)
[USN-5091-2] Linux kernel (Raspberry Pi) vulnerabilities
- 5 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5094-2] Linux kernel (Raspberry Pi) vulnerabilities
- 5 CVEs addressed in Bionic (18.04 LTS)
[USN-5106-1] Linux kernel (OEM) vulnerabilities [01:36]
- 6 CVEs addressed in Focal (20.04 LTS)
io_uring(5.1) - unprivileged user - trigger free of other kernel memory - code execution- Episode 133
[USN-4973-2] Python vulnerability [02:18]
- 1 CVEs addressed in Focal (20.04 LTS)
- ipaddress with octal encoded numbers vuln previously fixed but the patch with this fix got dropped in an intervening SRU where 3.8.10 got backported to 20.04 (LP: #1928057)
[USN-5099-1] Imlib2 vulnerability [03:11]
- 1 CVEs addressed in Focal (20.04 LTS)
- integer overflow -> OOB read - ICO file with an excessive amount of colors declared in its color map - fixed to error out in this case
[USN-5100-1] containerd vulnerability [03:43]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
- container bundles root dirs and plugins had excessive permissions - allows an unprivileged Linux user to traverse directory contents and execute programs in these dirs. If a container image was created with setuid executables then that user on the Linux host could execute these setuid binaries and gain root privileges on the host.
[USN-5101-1] MongoDB vulnerability [04:34]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- Unauthenticated client can send crafted messages to the server which specify a negative size when decompressed - an insufficient amount of memory would then get allocated and lead to a possible OOB write
- Thanks to Heather Lemon from Sustaining Engineering team for preparing this update
[USN-5102-1] Mercurial vulnerabilities [05:10]
- 2 CVEs addressed in Bionic (18.04 LTS)
- Mishandled symlinks in subrepos - defeats usual path-checking logic and so could could allow an attacker to write arbitrary files to the victim’s filesystem outside the repo
- OOB read when parsing malformed manifest entries
[USN-5097-1] LedgerSMB vulnerabilities
- 3 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04)
[USN-5098-1] bl vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS)
[USN-5103-1] docker.io vulnerability
- 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
docker cp- could craft a container image that would result indocker cpmaking changes to existing files on the host filesystem - doesn’t actually allow to read/modify or execute files on the host but could make them readable/change perms etc and expose info on the host
[USN-5104-1] Squid vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
[USN-5105-1] Bottle vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5022-3] MySQL vulnerabilities
- 16 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-5107-1] Firefox vulnerabilities [06:47]
- 7 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
- 93.0 - usual web issues - “if a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof another origin, or execute arbitrary code.”
[USN-5108-1] libntlm vulnerability [07:32]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- stack buffer OOB read when handling a crafted NTLM request since used a fixed size buffer in various functions - fixed to truncate size to fit within the buffer if too big to avoid overflowing the buffer
[USN-5078-3] Squashfs-Tools vulnerability [07:54]
- 1 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04)
- Original backport of patch contained an error and so failed to work for squashfs 2.x filesystems - would fail to actually sort entries as expected - thanks to Salvatore Bonaccorso from the Debian security team for bringing this to our attention
Goings on in Ubuntu Security Community
Ubuntu 21.10 (Impish Indri) released [09:08]
- https://ubuntu.com/blog/ubuntu-21-10-has-landed
- 5.13 kernel
- KFENCE memory error detector
- Stack offset randomisation across system-calls
- Landlock LSM
- Disabled unprivileged BPF
- GCC 11
Hiring [13:12]
Security Product Manager
Get in contact
231 에피소드
공유
Manage episode 304642062 series 2423058
Alex Murray and Ubuntu Security Team에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Alex Murray and Ubuntu Security Team 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Overview
It’s release week! As Ubuntu 21.10 Impish Indri is released we take a look at some of the new security features it brings, plus we cover security updates for containerd, MongoDB, Mercurial, docker.io and more.
This week in Ubuntu Security Updates
58 unique CVEs addressed
[USN-5095-1] Apache Commons IO vulnerability [00:46]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- Failed to properly sanitize filenames in
FileNameUtils.normalize()- should remove relative path components like../but if contained leading double-slashes this would fail - and the original path would be returned without alteration - so could then possibly get relative directory traversal to the parent directory depending on how this returned value was used.
[USN-5096-1] Linux kernel (OEM) vulnerabilities
- 16 CVEs addressed in Focal (20.04 LTS)
[USN-5091-2] Linux kernel (Raspberry Pi) vulnerabilities
- 5 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5094-2] Linux kernel (Raspberry Pi) vulnerabilities
- 5 CVEs addressed in Bionic (18.04 LTS)
[USN-5106-1] Linux kernel (OEM) vulnerabilities [01:36]
- 6 CVEs addressed in Focal (20.04 LTS)
io_uring(5.1) - unprivileged user - trigger free of other kernel memory - code execution- Episode 133
[USN-4973-2] Python vulnerability [02:18]
- 1 CVEs addressed in Focal (20.04 LTS)
- ipaddress with octal encoded numbers vuln previously fixed but the patch with this fix got dropped in an intervening SRU where 3.8.10 got backported to 20.04 (LP: #1928057)
[USN-5099-1] Imlib2 vulnerability [03:11]
- 1 CVEs addressed in Focal (20.04 LTS)
- integer overflow -> OOB read - ICO file with an excessive amount of colors declared in its color map - fixed to error out in this case
[USN-5100-1] containerd vulnerability [03:43]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
- container bundles root dirs and plugins had excessive permissions - allows an unprivileged Linux user to traverse directory contents and execute programs in these dirs. If a container image was created with setuid executables then that user on the Linux host could execute these setuid binaries and gain root privileges on the host.
[USN-5101-1] MongoDB vulnerability [04:34]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- Unauthenticated client can send crafted messages to the server which specify a negative size when decompressed - an insufficient amount of memory would then get allocated and lead to a possible OOB write
- Thanks to Heather Lemon from Sustaining Engineering team for preparing this update
[USN-5102-1] Mercurial vulnerabilities [05:10]
- 2 CVEs addressed in Bionic (18.04 LTS)
- Mishandled symlinks in subrepos - defeats usual path-checking logic and so could could allow an attacker to write arbitrary files to the victim’s filesystem outside the repo
- OOB read when parsing malformed manifest entries
[USN-5097-1] LedgerSMB vulnerabilities
- 3 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04)
[USN-5098-1] bl vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS)
[USN-5103-1] docker.io vulnerability
- 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
docker cp- could craft a container image that would result indocker cpmaking changes to existing files on the host filesystem - doesn’t actually allow to read/modify or execute files on the host but could make them readable/change perms etc and expose info on the host
[USN-5104-1] Squid vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
[USN-5105-1] Bottle vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5022-3] MySQL vulnerabilities
- 16 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-5107-1] Firefox vulnerabilities [06:47]
- 7 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
- 93.0 - usual web issues - “if a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof another origin, or execute arbitrary code.”
[USN-5108-1] libntlm vulnerability [07:32]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- stack buffer OOB read when handling a crafted NTLM request since used a fixed size buffer in various functions - fixed to truncate size to fit within the buffer if too big to avoid overflowing the buffer
[USN-5078-3] Squashfs-Tools vulnerability [07:54]
- 1 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04)
- Original backport of patch contained an error and so failed to work for squashfs 2.x filesystems - would fail to actually sort entries as expected - thanks to Salvatore Bonaccorso from the Debian security team for bringing this to our attention
Goings on in Ubuntu Security Community
Ubuntu 21.10 (Impish Indri) released [09:08]
- https://ubuntu.com/blog/ubuntu-21-10-has-landed
- 5.13 kernel
- KFENCE memory error detector
- Stack offset randomisation across system-calls
- Landlock LSM
- Disabled unprivileged BPF
- GCC 11
Hiring [13:12]
Security Product Manager
Get in contact
231 에피소드
모든 에피소드
×
플레이어 FM에 오신것을 환영합니다!
플레이어 FM은 웹에서 고품질 팟캐스트를 검색하여 지금 바로 즐길 수 있도록 합니다. 최고의 팟캐스트 앱이며 Android, iPhone 및 웹에서도 작동합니다. 장치 간 구독 동기화를 위해 가입하세요.
Ubuntu Security Podcast와 비슷한 콘텐츠
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Player FM -팟 캐스트 앱
Player FM 앱으로 오프라인으로 전환하세요!
Player FM 앱으로 오프라인으로 전환하세요!
