ArtistasMúsicasPlaylistsPodcasts
Mais
  1. Página inicial
  2. Podcasts
  3. Ubuntu Security Podcast
  4. Episode 193

Episode 193

Ubuntu Security Podcast
13 de abril de 2023 14min

Ubuntu Security Podcast

Ouvir episódio
Overview

The release of Ubuntu 23.04 Lunar Lobster is nigh so we take a look at some of the things the security team has been doing along the way, plus it’s our 6000th USN so we look back at the last 19 years of USNs whilst covering security updates for the Linux kernel, Emacs, Irssi, Sudo, Firefox and more.

This week in Ubuntu Security Updates

109 unique CVEs addressed

[USN-5998-1] Apache Log4j vulnerabilities (01:00) 4 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS) CVE-2022-23307 CVE-2022-23305 CVE-2022-23302 CVE-2019-17571 A bunch of older vulnerabilities, some discovered in the wake of log4shell but not deemed as critical [USN-6000-1] Linux kernel (BlueField) vulnerabilities (01:37) 23 CVEs addressed in Focal (20.04 LTS) CVE-2023-28328 CVE-2023-26607 CVE-2023-23455 CVE-2023-23454 CVE-2023-20938 CVE-2023-1382 CVE-2023-0394 CVE-2023-0266 CVE-2023-0045 CVE-2022-47929 CVE-2022-47520 CVE-2022-42329 CVE-2022-42328 CVE-2022-4139 CVE-2022-41218 CVE-2022-36280 CVE-2022-3623 CVE-2022-3545 CVE-2022-3521 CVE-2022-3435 CVE-2022-3424 CVE-2022-3169 CVE-2023-0461 NVIDIA BlueField specific kernel (5.4) Most high priority CVE UAF in Upper Level Protocol (mentioned in the last few episodes) 6000th USN published by the Ubuntu Security team - this one by Rodrigo Zaiden Out of interest: USN-5000-1 - also a kernel USN in June 2021 (Steve Beattie) USN-4000-1 - corosync in May 2019 (Leo Barbosa) USN-3000-1 - kernel (utopic HWE backported to trusty) in June 2016 (John Johansen) USN-2000-1 - nova in October 2013 (Jamie Strandboge) USN-1000-1 - kernel again in October 2010 (Kees Cook) USN-1-1 - libpng again in October 2004 (Matt Zimmerman) [USN-6001-1] Linux kernel (AWS) vulnerabilities (04:18) 51 CVEs addressed in Xenial ESM (16.04 ESM) CVE-2023-1118 CVE-2023-26607 CVE-2023-26545 CVE-2023-23455 CVE-2023-1095 CVE-2023-1074 CVE-2023-0394 CVE-2022-47929 CVE-2022-4662 CVE-2022-41850 CVE-2022-41849 CVE-2022-41218 CVE-2022-39188 CVE-2022-3903 CVE-2022-36879 CVE-2022-3646 CVE-2022-36280 CVE-2022-3628 CVE-2022-3303 CVE-2022-3111 CVE-2022-3061 CVE-2022-2991 CVE-2022-2663 CVE-2022-2380 CVE-2022-2318 CVE-2022-2503 CVE-2022-20572 CVE-2022-20132 CVE-2022-1975 CVE-2022-1974 CVE-2022-1516 CVE-2022-1462 CVE-2022-1205 CVE-2022-1195 CVE-2022-1016 CVE-2022-0617 CVE-2022-0494 CVE-2022-0487 CVE-2021-45868 CVE-2021-4203 CVE-2021-4149 CVE-2021-3772 CVE-2021-3732 CVE-2021-3669 CVE-2021-3659 CVE-2021-3428 CVE-2021-28713 CVE-2021-28712 CVE-2021-28711 CVE-2021-26401 CVE-2020-36516 4.4 kernel - wins the prize for the most number of CVEs fixed in a single update this week - thanks as always to the kernel team for all their work on these [USN-6004-1] Linux kernel (Intel IoTG) vulnerabilities (04:42) 15 CVEs addressed in Jammy (22.04 LTS) CVE-2023-28328 CVE-2023-26606 CVE-2023-23559 CVE-2023-23455 CVE-2023-23454 CVE-2023-0266 CVE-2023-0210 CVE-2023-0045 CVE-2022-48424 CVE-2022-48423 CVE-2022-4382 CVE-2022-41218 CVE-2022-36280 CVE-2022-3424 CVE-2022-2196 5.15 kernel [USN-6007-1] Linux kernel (GCP) vulnerabilities (04:51) 20 CVEs addressed in Xenial ESM (16.04 ESM) CVE-2023-26607 CVE-2022-43750 CVE-2022-42895 CVE-2022-42329 CVE-2022-42328 CVE-2022-41850 CVE-2022-41849 CVE-2022-39842 CVE-2022-3649 CVE-2022-3646 CVE-2022-3640 CVE-2022-3628 CVE-2022-3545 CVE-2022-3521 CVE-2022-29901 CVE-2022-29900 CVE-2022-2663 CVE-2022-26373 CVE-2022-20369 CVE-2023-0461 4.15 (backported from 18.04 LTS) [USN-6009-1] Linux kernel (GCP) vulnerabilities 11 CVEs addressed in Xenial ESM (16.04 ESM) CVE-2023-28328 CVE-2023-23559 CVE-2023-23455 CVE-2023-0394 CVE-2023-0266 CVE-2023-0045 CVE-2022-47929 CVE-2022-41218 CVE-2022-36280 CVE-2022-3424 CVE-2021-3669 follow-up kernel update including a bunch more fixes [USN-6003-1] Emacs vulnerability (05:03) 1 CVEs addressed in Xenial ESM (16.04 ESM) CVE-2023-28617 Similar to [USN-5955-1] Emacs vulnerability [00:50]​ from Episode 191 - again if used org-mode to output to a latex document which included other documents that had shell metacharacters in their filenames, could get code execution as the user running Emacs [USN-6002-1] Irssi vulnerability (05:45) 1 CVEs addressed in Kinetic (22.10) CVE-2023-29132 IRC client - UAF when outputting a line which was not formatted whilst also outputting a line that was formatted - only likely to be able to be triggered by various scripts - was discovered after a recent update to GLib 2.75 which stopped using it’s own internal memory allocator and instead switched to regular malloc() / free() - would then trigger the memory checking of libc which detected this [USN-6005-1] Sudo vulnerabilities (07:25) 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10) CVE-2023-28487 CVE-2023-28486 Failed to escape control characters in both the log output and sudoreplay (can be used to list or play back the commands executed in a sudo session) - and so could allow an attacker to get code execution as the user running sudoreplay by injecting terminal control characters [USN-6010-1] Firefox vulnerabilities (08:45) 15 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS) CVE-2023-29541 CVE-2023-29539 CVE-2023-29538 CVE-2023-29536 CVE-2023-29535 CVE-2023-29533 CVE-2023-29551 CVE-2023-29550 CVE-2023-29549 CVE-2023-29548 CVE-2023-29547 CVE-2023-29544 CVE-2023-29543 CVE-2023-29540 CVE-2023-29537 112.0 - one Linux specific vuln in particular around the handling of downloaded .desktop files - could allow an attacker to get code execution as the user running firefox - interesting to note that as a snap, firefox is confined by default and cannot execute arbitrary commands from the host system - can only use binaries from within the firefox snap itself or the user’s $HOME which makes exploitation of such an issue harder since less LOLBins to make use of [USN-6011-1] Json-smart vulnerabilities (10:00) 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10) CVE-2023-1370 CVE-2021-31684 Small and fast JSON parser for Java - two similar issues, one in handling of unclosed quotes and the other in unclosed brackets - both could allow an attacker to DoS the application through crafted input Goings on in Ubuntu Security Community Preparing for the release of Ubuntu 23.04 (Lunar Lobster) (10:36) Team has been busy finishing various items from the development roadmap for this cycle: SBOM specification improvements to how we distribute OVAL data evaluation of dbus-broker integration with AppArmor to possibly replace dbus-daemon in a future Ubuntu release Testing unprivileged user namespace restrictions via AppArmor io_uring mediation support in AppArmor Working with the snapd team on integrating dm-verity within snapd for improved integrity of snaps Usual maintenance items as well: all the normal CVE patching a heap of MIR security reviews snap store reviews AppArmor upstream project maintenance and more Ubuntu Security Podcast on 2 weeks break Alex on leave next week and the following week is the 23.10 start-of-cycle product roadmap sprint in Prague Expect the podcast to be back the week ending 5th May Get in contact security@ubuntu.com #ubuntu-security on the Libera.Chat IRC network ubuntu-hardened mailing list Security section on discourse.ubuntu.com @ubuntusecurity@fosstodon.org, @ubuntu_sec on twitter
Episode 193