To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Tôi hiểu rồi!
Artwork

Alex Murray Ubuntu Security Team Linux Tech Operating Systems Alex and Joe Security Software Development
Nội dung được cung cấp bởi Alex Murray and Ubuntu Security Team. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Alex Murray and Ubuntu Security Team hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.

Tương tự như Ubuntu Security Podcast

Player FM - Ứng dụng Podcast
Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
Get it on App Store Get it on Google Play

Ubuntu Security Podcast « »
Episode 131

14:23
 
Nghe
Đang phát
Chia sẻ
 

MP3Trang chủ episode
Manage episode 302497366 series 2423058
Nội dung được cung cấp bởi Alex Murray and Ubuntu Security Team. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Alex Murray and Ubuntu Security Team hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.

Overview

OWASP Top 10 gets updated for 2021 and we look at security vulnerabilities in the Linux kernel, Ghostscript, Git, curl and more.

This week in Ubuntu Security Updates

26 unique CVEs addressed

[USN-5069-2] mod-auth-mellon vulnerability [00:43]

  • 1 CVEs addressed in Hirsute (21.04)
  • Episode 130 - failed to properly handle crafted redirect links -> open redirect

[USN-5070-1] Linux kernel vulnerabilities

[USN-5071-1] Linux kernel vulnerabilities

[USN-5072-1] Linux kernel vulnerabilities

[USN-5073-1] Linux kernel vulnerabilities [00:56]

  • 5 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
  • 2 different AMD specific issue in KVM subsystem with nested virtualisation - 1 mentioned last week in Episode 130 - would fail to validate particular operations which could be performed by a guest VM - in this case would allow a guest to enable the Advanced Virtual Interrupt Controller for a nested VM (ie L2 VM) - this would then allow the L2 VM to write to host memory -> code execution on the host
  • The other - L1 guest could disable interception of both VMLOAD/VMSAVE calls for a L2 guest - L2 guest could then read/write portions of host physical memory - code-exec on host

[LSN-0081-1] Linux kernel vulnerability [01:56]

  • 4 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
  • (Episode 124) seq_file vuln - this virt file-system contained an unsigned integer conversion error - would result in a local user being able to cause an OOB write and hence possible code-exec in the kernel -> privesc
  • (Episode 127) netfilter setsockopt() - OOB write
  • AMD nested virtualisation issues above

[USN-5074-1] Firefox vulnerabilities [02:53]

  • 3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
  • Memory safety bugs -> possible memory corruption, possible bypass in mixed content blocking (ie http content on a https page)

[USN-5075-1] Ghostscript vulnerability [03:36]

  • 1 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04)
  • Trivial bypass of sandbox - exploit was apparently known about since March and publicly available since end of August but only reported to GS upstream on 8th August - fix available since 9th, updates for Ubuntu published on 10th (rare Friday publication)

[USN-5076-1] Git vulnerability [04:55]

  • 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
  • Possible cross-protocol requests by embedding a newline in the URL when cloning

[USN-5077-1, USN-5077-2] Apport vulnerabilities [05:34]

  • 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
  • Arbitrary file reads in apport crash handling - reads certain file when apps crash, can be tricked to read other files and include these in the crash report which can then be seen by the user, uploaded to errors.ubuntu.com etc

[USN-5078-1] Squashfs-Tools vulnerability [06:46]

  • 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
  • Similar to Episode 129 - symlink and file of same name - when unsquash, write out symlink, then write out file traversing the symlink -> arbitrary file overwrite

[USN-5079-1, USN-5079-2] curl vulnerabilities [07:48]

  • 3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
  • MQTT OOB write (malicious MQTT server) (non-ESM)
  • Possible to cause to not upgrade to TLS even when specified -> info leak
  • STARTTLS -> could inject responses / intercept comms etc

Goings on in Ubuntu Security Community

OWASP Top 10 updated after 4 years [08:55]

  • https://owasp.org/Top10/
  • Last updated in Nov 2017
  • Increasing complexity of web-apps means vulns are now at the edges - ie. when combining two components, misconfigure one of them -> vuln in combination due to accidential misuse by the other component

Hiring [13:11]

Linux Cryptography and Security Engineer

Security Engineer - Ubuntu

Get in contact

  continue reading

232 tập

#Alex Murray #Ubuntu Security Team #Linux #Tech #Operating Systems #Alex and Joe #Security #Software Development
Artwork

Episode 131

Ubuntu Security Podcast

139 subscribers

published

Nghe Đang phát
iconChia sẻ
 
MP3Trang chủ episode
Manage episode 302497366 series 2423058
Nội dung được cung cấp bởi Alex Murray and Ubuntu Security Team. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Alex Murray and Ubuntu Security Team hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.

Overview

OWASP Top 10 gets updated for 2021 and we look at security vulnerabilities in the Linux kernel, Ghostscript, Git, curl and more.

This week in Ubuntu Security Updates

26 unique CVEs addressed

[USN-5069-2] mod-auth-mellon vulnerability [00:43]

  • 1 CVEs addressed in Hirsute (21.04)
  • Episode 130 - failed to properly handle crafted redirect links -> open redirect

[USN-5070-1] Linux kernel vulnerabilities

[USN-5071-1] Linux kernel vulnerabilities

[USN-5072-1] Linux kernel vulnerabilities

[USN-5073-1] Linux kernel vulnerabilities [00:56]

  • 5 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
  • 2 different AMD specific issue in KVM subsystem with nested virtualisation - 1 mentioned last week in Episode 130 - would fail to validate particular operations which could be performed by a guest VM - in this case would allow a guest to enable the Advanced Virtual Interrupt Controller for a nested VM (ie L2 VM) - this would then allow the L2 VM to write to host memory -> code execution on the host
  • The other - L1 guest could disable interception of both VMLOAD/VMSAVE calls for a L2 guest - L2 guest could then read/write portions of host physical memory - code-exec on host

[LSN-0081-1] Linux kernel vulnerability [01:56]

  • 4 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
  • (Episode 124) seq_file vuln - this virt file-system contained an unsigned integer conversion error - would result in a local user being able to cause an OOB write and hence possible code-exec in the kernel -> privesc
  • (Episode 127) netfilter setsockopt() - OOB write
  • AMD nested virtualisation issues above

[USN-5074-1] Firefox vulnerabilities [02:53]

  • 3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
  • Memory safety bugs -> possible memory corruption, possible bypass in mixed content blocking (ie http content on a https page)

[USN-5075-1] Ghostscript vulnerability [03:36]

  • 1 CVEs addressed in Focal (20.04 LTS), Hirsute (21.04)
  • Trivial bypass of sandbox - exploit was apparently known about since March and publicly available since end of August but only reported to GS upstream on 8th August - fix available since 9th, updates for Ubuntu published on 10th (rare Friday publication)

[USN-5076-1] Git vulnerability [04:55]

  • 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
  • Possible cross-protocol requests by embedding a newline in the URL when cloning

[USN-5077-1, USN-5077-2] Apport vulnerabilities [05:34]

  • 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
  • Arbitrary file reads in apport crash handling - reads certain file when apps crash, can be tricked to read other files and include these in the crash report which can then be seen by the user, uploaded to errors.ubuntu.com etc

[USN-5078-1] Squashfs-Tools vulnerability [06:46]

  • 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
  • Similar to Episode 129 - symlink and file of same name - when unsquash, write out symlink, then write out file traversing the symlink -> arbitrary file overwrite

[USN-5079-1, USN-5079-2] curl vulnerabilities [07:48]

  • 3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
  • MQTT OOB write (malicious MQTT server) (non-ESM)
  • Possible to cause to not upgrade to TLS even when specified -> info leak
  • STARTTLS -> could inject responses / intercept comms etc

Goings on in Ubuntu Security Community

OWASP Top 10 updated after 4 years [08:55]

  • https://owasp.org/Top10/
  • Last updated in Nov 2017
  • Increasing complexity of web-apps means vulns are now at the edges - ie. when combining two components, misconfigure one of them -> vuln in combination due to accidential misuse by the other component

Hiring [13:11]

Linux Cryptography and Security Engineer

Security Engineer - Ubuntu

Get in contact

  continue reading

232 tập

#Alex Murray #Ubuntu Security Team #Linux #Tech #Operating Systems #Alex and Joe #Security #Software Development

Tất cả các tập

×
 
Loading …

Chào mừng bạn đến với Player FM!

Player FM đang quét trang web để tìm các podcast chất lượng cao cho bạn thưởng thức ngay bây giờ. Đây là ứng dụng podcast tốt nhất và hoạt động trên Android, iPhone và web. Đăng ký để đồng bộ các theo dõi trên tất cả thiết bị.

 

Tương tự như Ubuntu Security Podcast

Nghe hơn 500 chủ đề
Player FM - Ứng dụng Podcast
Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
Get it on App Store Get it on Google Play

Hướng dẫn sử dụng nhanh

Podcast hàng đầu
Tạp chí thể thao
Tạp chí kinh tế
KBS WORLD Radio Tiếng Hàn qua phim ảnh
Vietnamese News - NHK WORLD RADIO JAPAN
Tạp chí tiêu điểm
The Present Writer
Tạp chí khoa học
Podcasts – Life Abroad Podcast
Player FM logo
Trợ giúp / Hỏi đáp FAQ | Nâng cấp | Advertise
Nghệ thuật|Kinh doanh|Hài kịch|Kinh tế|Giải trí|Tin tức|Chính trị|Tôn giáo
Khoa học|Bóng đá|Thể thao|Chuyện kể|Công nghệ|Tội phạm có thật
Bản quyền 2024 | Sơ đồ trang web | Chính Sách Bảo Mật | Điều khoản dịch vụ | | Bản quyền
Episode being played series thumbnail
icon icon
Tốc độ
Cài đặt series
1x
1x
Volume
100%
icon
icon icon
/

Xem Player FM trong ...
Player FM
Browser
Chrome
Safari
Firefox