Episode 233

Overview

This week we take a look at the recent Crowdstrike outage and what we can learn from it compared to the testing and release process for security updates in Ubuntu, plus we cover details of vulnerabilities in poppler, phpCAS, EDK II, Python, OpenJDK and one package with over 300 CVE fixes in a single update.

This week in Ubuntu Security Updates

462 unique CVEs addressed

[USN-6915-1] poppler vulnerability (01:35) 1 CVEs addressed in Jammy (22.04 LTS), Noble (24.04 LTS) CVE-2024-6239 Installed by default in Ubuntu due to use by cups PDF document format describes a Catalog which has a tree of destinations - essentially hyperlinks within the document. These can be either a page number etc or a named location within the document. If open a crafted document with a missing name property for a destination - name would then be NULL and would trigger a NULL ptr deref -> crash -> DoS [USN-6913-1] phpCAS vulnerability (02:26) 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS) CVE-2022-39369 Authentication library for PHP to allow PHP applications to authenticates users against a Central Authentication Server (ie. SSO). When used for SSO, a client who is trying to use a web application gets directed to the CAS. The CAS then authenticates the user and returns a service ticket - the client then needs to validate this ticket with the CAS since it could have possibly been injected via the application. To do this, pass the ticket along with its own service identifier to CAS - and if this succeeds is provided with the details of which user was authenticated etc. For clients, previously would use HTTP headers to determine where the CAS server was to authenticate the ticket. Since these can be manipulated by a malicious application, could essentially redirect the client to send the ticket to the attacker who could then use that to impersonate the client and login as the user. Fix requires a refactor to include an additional API parameter which specifies either a fixed CAS server for the client to use, or a mechanism to auto-discover this in a secure way - either way, applications using phpCAS now need to be updated. [USN-6914-1] OCS Inventory vulnerability 1 CVEs addressed in Jammy (22.04 LTS) CVE-2022-39369 Same as above since has an embedded copy of phpCAS [USN-6916-1] Lua vulnerabilities (04:44) 2 CVEs addressed in Jammy (22.04 LTS) CVE-2022-33099 CVE-2022-28805 Heap buffer over-read and a possible heap buffer over-flow via recursive error handling - looks like both require to be interpreting malicious code [USN-6920-1] EDK II vulnerabilities (05:04) 5 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM) CVE-2019-0160 CVE-2018-3613 CVE-2018-12183 CVE-2018-12182 CVE-2017-5731 UEFI firmware implementation in qemu etc Various missing bounds checks -> stack and heap buffer overflows -> DoS or code execution in BIOS context -> privilege escalation within VM [USN-6928-1] Python vulnerabilities (05:49) 2 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS) CVE-2024-4032 CVE-2024-0397 Memory race in the ssl module - can call into various functions to get certificate information at the same time as certs are loaded if happening to be doing a TLS handshake with a certificate directory configured - all via different threads. Python would then possibly return inconsistent results leading to various issues Occurs since ssl module is implemented in C to interface with openssl and did not properly lock access to the certificate store [USN-6929-1, USN-6930-1] OpenJDK 8 and OpenJDK 11 vulnerabilities (06:52) 6 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS) CVE-2024-21147 CVE-2024-21145 CVE-2024-21144 CVE-2024-21140 CVE-2024-21138 CVE-2024-21131 Latest upstream releases of OpenJDK 8 and 11 8u422-b05-1, 11.0.24+8 Fixes various issues in the Hotspot and Concurrency components [USN-6931-1, USN-6932-1] OpenJDK 17 and OpenJDK 21 vulnerabilities (07:11) 5 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS) CVE-2024-21147 CVE-2024-21145 CVE-2024-21140 CVE-2024-21138 CVE-2024-21131 Latest upstream releases of OpenJDK 17 and 21 17.0.12+7, 21.0.4+7 Fixes the same issues in the Hotspot component [USN-6934-1] MySQL vulnerabilities (07:29) 15 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS) CVE-2024-21185 CVE-2024-21179 CVE-2024-21177 CVE-2024-21173 CVE-2024-21171 CVE-2024-21165 CVE-2024-21163 CVE-2024-21162 CVE-2024-21142 CVE-2024-21134 CVE-2024-21130 CVE-2024-21129 CVE-2024-21127 CVE-2024-21125 CVE-2024-20996 Also latest upstream release 8.0.39 Bug fixes, possible new features and incompatible changes - consult release notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-38.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-39.html https://www.oracle.com/security-alerts/cpujul2024.html [USN-6917-1] Linux kernel vulnerabilities (07:57) 156 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS) CVE-2024-35933 CVE-2024-35910 CVE-2024-27393 CVE-2024-27004 CVE-2024-27396 CVE-2024-36029 CVE-2024-26955 CVE-2024-35976 CVE-2024-26966 CVE-2024-26811 CVE-2024-35871 CVE-2023-52699 CVE-2024-35796 CVE-2024-35851 CVE-2024-35885 CVE-2024-35813 CVE-2024-35789 CVE-2024-35825 CVE-2024-26994 CVE-2024-35815 CVE-2024-27395 CVE-2024-26981 CVE-2024-35886 CVE-2024-26931 CVE-2024-35791 CVE-2024-35849 CVE-2024-35978 CVE-2024-35895 CVE-2024-35918 CVE-2024-35902 CVE-2024-26926 CVE-2024-35934 CVE-2024-35807 CVE-2024-35805 CVE-2024-36008 CVE-2024-26950 CVE-2024-26973 CVE-2024-35898 CVE-2024-35955 CVE-2024-36004 CVE-2024-36006 CVE-2024-35990 CVE-2024-35944 CVE-2024-36007 CVE-2024-35896 CVE-2024-35819 CVE-2024-26988 CVE-2024-35872 CVE-2024-36025 CVE-2024-26957 CVE-2024-35897 CVE-2024-27016 CVE-2024-35806 CVE-2024-35927 CVE-2022-48808 CVE-2024-35960 CVE-2024-27001 CVE-2024-35970 CVE-2024-35988 CVE-2024-36005 CVE-2024-35821 CVE-2024-35925 CVE-2024-26961 CVE-2024-35817 CVE-2024-26922 CVE-2024-26976 CVE-2024-35899 CVE-2024-35984 CVE-2024-26929 CVE-2024-27018 CVE-2024-35907 CVE-2024-35884 CVE-2023-52488 CVE-2024-35982 CVE-2024-26934 CVE-2024-26935 CVE-2024-35973 CVE-2024-26958 CVE-2024-27008 CVE-2024-35809 CVE-2024-26951 CVE-2024-35900 CVE-2024-35888 CVE-2024-26965 CVE-2024-26828 CVE-2024-35935 CVE-2024-35857 CVE-2024-26642 CVE-2024-26989 CVE-2024-35893 CVE-2024-35877 CVE-2024-27009 CVE-2024-35785 CVE-2024-35905 CVE-2024-27020 CVE-2024-35901 CVE-2024-26956 CVE-2024-26977 CVE-2024-26969 CVE-2024-26810 CVE-2024-26813 CVE-2024-35930 CVE-2024-26970 CVE-2024-26687 CVE-2024-27015 CVE-2024-35847 CVE-2024-26999 CVE-2024-35940 CVE-2024-35890 CVE-2024-26814 CVE-2024-35958 CVE-2024-35804 CVE-2024-26629 CVE-2024-26974 CVE-2023-52880 CVE-2024-26937 CVE-2024-35922 CVE-2024-35854 CVE-2024-27013 CVE-2024-35853 CVE-2024-27000 CVE-2024-35989 CVE-2024-35852 CVE-2024-35823 CVE-2024-36020 CVE-2024-36031 CVE-2024-26923 CVE-2024-26654 CVE-2024-26925 CVE-2024-35855 CVE-2024-35997 CVE-2024-35822 CVE-2024-27019 CVE-2024-35938 CVE-2024-35915 CVE-2024-35912 CVE-2024-35936 CVE-2024-35969 CVE-2024-27059 CVE-2024-26964 CVE-2024-27437 CVE-2024-26960 CVE-2024-35950 CVE-2024-26817 CVE-2024-26984 CVE-2024-26812 CVE-2024-35879 CVE-2024-26996 CVE-2024-26993 CVE-2024-25739 CVE-2024-24861 CVE-2024-24859 CVE-2024-24858 CVE-2024-24857 CVE-2024-23307 CVE-2022-38096 5.15 - Azure + FDE (CVM) [USN-6918-1] Linux kernel vulnerabilities 180 CVEs addressed in Noble (24.04 LTS) CVE-2024-24859 CVE-2024-24858 CVE-2024-24857 CVE-2024-35932 CVE-2024-35937 CVE-2024-27006 CVE-2024-35960 CVE-2024-27011 CVE-2024-35924 CVE-2024-35946 CVE-2024-35942 CVE-2024-35921 CVE-2024-35908 CVE-2024-26811 CVE-2024-27008 CVE-2024-35871 CVE-2024-36019 CVE-2024-35965 CVE-2024-35973 CVE-2024-26981 CVE-2024-27009 CVE-2024-27019 CVE-2024-36022 CVE-2024-35910 CVE-2024-35907 CVE-2024-35860 CVE-2024-35951 CVE-2024-26924 CVE-2024-26921 CVE-2024-35901 CVE-2024-35972 CVE-2024-35889 CVE-2024-27017 CVE-2024-35913 CVE-2024-35936 CVE-2024-36025 CVE-2024-35961 CVE-2024-35977 CVE-2024-35902 CVE-2024-26817 CVE-2024-26994 CVE-2023-52699 CVE-2024-35868 CVE-2024-35899 CVE-2024-35888 CVE-2024-26995 CVE-2024-35865 CVE-2024-26993 CVE-2024-35863 CVE-2024-35970 CVE-2024-35943 CVE-2024-35875 CVE-2024-35978 CVE-2024-27005 CVE-2024-35909 CVE-2024-35957 CVE-2024-35950 CVE-2024-26986 CVE-2024-36020 CVE-2024-35952 CVE-2024-26928 CVE-2024-35878 CVE-2024-35954 CVE-2024-26998 CVE-2024-36024 CVE-2024-26936 CVE-2024-27018 CVE-2024-35900 CVE-2024-35940 CVE-2024-35985 CVE-2024-35944 CVE-2024-35958 CVE-2024-35864 CVE-2024-35975 CVE-2024-27002 CVE-2024-36018 CVE-2024-35974 CVE-2024-26926 CVE-2024-35877 CVE-2024-35916 CVE-2024-35934 CVE-2024-35930 CVE-2024-35898 CVE-2024-35893 CVE-2024-35887 CVE-2024-35929 CVE-2024-26923 CVE-2024-35911 CVE-2024-35919 CVE-2024-26984 CVE-2024-27016 CVE-2024-35926 CVE-2024-35872 CVE-2024-35922 CVE-2024-27007 CVE-2024-35931 CVE-2024-36021 CVE-2024-35953 CVE-2024-27004 CVE-2024-27001 CVE-2024-27014 CVE-2024-35866 CVE-2024-27021 CVE-2024-35870 CVE-2024-35925 CVE-2024-35891 CVE-2024-26982 CVE-2024-35879 CVE-2024-35979 CVE-2024-35912 CVE-2024-35982 CVE-2024-27015 CVE-2024-26985 CVE-2024-35861 CVE-2024-35939 CVE-2024-27003 CVE-2024-35945 CVE-2024-35967 CVE-2024-35966 CVE-2024-26983 CVE-2024-35894 CVE-2024-35896 CVE-2024-36027 CVE-2024-35895 CVE-2024-26987 CVE-2024-35873 CVE-2024-26996 CVE-2024-26991 CVE-2024-27013 CVE-2024-36026 CVE-2024-26922 CVE-2024-35897 CVE-2024-35917 CVE-2024-35968 CVE-2024-35890 CVE-2024-35904 CVE-2024-35867 CVE-2024-35933 CVE-2024-35918 CVE-2024-35920 CVE-2024-26997 CVE-2024-35981 CVE-2024-35963 CVE-2024-26989 CVE-2024-26999 CVE-2024-35892 CVE-2024-27010 CVE-2024-26992 CVE-2024-35935 CVE-2024-27022 CVE-2024-35971 CVE-2024-35956 CVE-2024-35862 CVE-2024-35969 CVE-2024-27012 CVE-2024-26990 CVE-2024-35885 CVE-2024-26925 CVE-2024-35905 CVE-2024-35914 CVE-2024-35884 CVE-2024-35927 CVE-2024-35882 CVE-2024-26980 CVE-2024-35964 CVE-2024-35955 CVE-2024-27020 CVE-2024-35980 CVE-2024-35903 CVE-2024-35976 CVE-2024-35886 CVE-2024-35883 CVE-2024-35959 CVE-2024-35915 CVE-2024-35880 CVE-2024-27000 CVE-2024-35938 CVE-2024-35869 CVE-2024-36023 CVE-2024-26988 6.8 - Oracle [USN-6919-1] Linux kernel vulnerabilities 304 CVEs addressed in Jammy (22.04 LTS) CVE-2024-35976 CVE-2023-52880 CVE-2024-35849 CVE-2024-27073 CVE-2024-35934 CVE-2024-27038 CVE-2024-26973 CVE-2024-35853 CVE-2024-27047 CVE-2024-36007 CVE-2024-27024 CVE-2024-26750 CVE-2024-26833 CVE-2024-26960 CVE-2024-26929 CVE-2023-52488 CVE-2024-27417 CVE-2024-26922 CVE-2024-26863 CVE-2024-35890 CVE-2024-27015 CVE-2024-27395 CVE-2024-26779 CVE-2024-27419 CVE-2024-27013 CVE-2024-26981 CVE-2024-26798 CVE-2024-26895 CVE-2024-35922 CVE-2023-52699 CVE-2024-26883 CVE-2024-35871 CVE-2024-27410 CVE-2024-26884 CVE-2024-26885 CVE-2024-27074 CVE-2024-26751 CVE-2024-26857 CVE-2024-26848 CVE-2024-26901 CVE-2024-35844 CVE-2024-35809 CVE-2024-26687 CVE-2024-35988 CVE-2024-26835 CVE-2024-26764 CVE-2024-27020 CVE-2024-35907 CVE-2024-35886 CVE-2024-27077 CVE-2024-26787 CVE-2024-26950 CVE-2024-26974 CVE-2024-35905 CVE-2024-27008 CVE-2024-26744 CVE-2024-35935 CVE-2024-26988 CVE-2024-26748 CVE-2024-26776 CVE-2024-26907 CVE-2024-27053 CVE-2024-35970 CVE-2024-35950 CVE-2024-35854 CVE-2024-35822 CVE-2024-26961 CVE-2024-26733 CVE-2024-26773 CVE-2024-27390 CVE-2024-35888 CVE-2024-36029 CVE-2024-26643 CVE-2024-35821 CVE-2024-35819 CVE-2024-26809 CVE-2024-35984 CVE-2024-26851 CVE-2024-35940 CVE-2024-26654 CVE-2024-35910 CVE-2024-26891 CVE-2024-26793 CVE-2024-35938 CVE-2024-26736 CVE-2024-26583 CVE-2024-26870 CVE-2024-35828 CVE-2024-35885 CVE-2024-35958 CVE-2024-26889 CVE-2024-35899 CVE-2024-26839 CVE-2024-26894 CVE-2024-26937 CVE-2024-35925 CVE-2024-35933 CVE-2024-26771 CVE-2024-26923 CVE-2024-26852 CVE-2024-26924 CVE-2024-26872 CVE-2024-26774 CVE-2024-35930 CVE-2024-27065 CVE-2024-26993 CVE-2024-27034 CVE-2024-36020 CVE-2024-26802 CVE-2024-26976 CVE-2022-48808 CVE-2024-35847 CVE-2024-26996 CVE-2024-36025 CVE-2023-52652 CVE-2024-27403 CVE-2023-52447 CVE-2024-27037 CVE-2024-27413 CVE-2024-26749 CVE-2024-26956 CVE-2024-26958 CVE-2024-26754 CVE-2024-26812 CVE-2024-26772 CVE-2024-27436 CVE-2024-27437 CVE-2024-35912 CVE-2024-35805 CVE-2024-26845 CVE-2024-35990 CVE-2024-35791 CVE-2024-26906 CVE-2024-27039 CVE-2024-26915 CVE-2024-26970 CVE-2024-26782 CVE-2024-26813 CVE-2023-52645 CVE-2024-26935 CVE-2024-27076 CVE-2024-35823 CVE-2024-26743 CVE-2024-26846 CVE-2024-26811 CVE-2024-26989 CVE-2024-26642 CVE-2024-26659 CVE-2024-26766 CVE-2024-27393 CVE-2024-26859 CVE-2024-35898 CVE-2024-35893 CVE-2023-52640 CVE-2024-26795 CVE-2024-27009 CVE-2024-26791 CVE-2024-27043 CVE-2024-26934 CVE-2024-27051 CVE-2024-26804 CVE-2024-26878 CVE-2024-27030 CVE-2024-27000 CVE-2024-26777 CVE-2024-35825 CVE-2024-27415 CVE-2024-27001 CVE-2024-27004 CVE-2024-26769 CVE-2024-26816 CVE-2024-35807 2025, Palco MP3, música independente divulgada de verdade