This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Вміст надано Alex Murray and Ubuntu Security Team. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Alex Murray and Ubuntu Security Team або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.
Схожі до Ubuntu Security Podcast
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Player FM - додаток Podcast
Переходьте в офлайн за допомогою програми Player FM !
Переходьте в офлайн за допомогою програми Player FM !
))
Episode 177
Manage episode 341336229 series 2423058
Вміст надано Alex Murray and Ubuntu Security Team. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Alex Murray and Ubuntu Security Team або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.
Overview
Alex talks with special guests Nishit Majithia and Matthew Ruffell about a recent systemd regression on Ubuntu 18.04 LTS plus we cover security updates for Dnsmasq, the Linux kernel, poppler, .NET 6, rust-regex and more.
This week in Ubuntu Security Updates
28 unique CVEs addressed
[USN-4976-2] Dnsmasq vulnerability [00:55]
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
- [USN-4976-1] Dnsmasq vulnerability for Episode 118
- Failed to properly randomise source port (ie used a fixed port) when forwarding queries when configured to use a specific server for a given network interface - could then allow a remote attacker to more easily perform cache poisoning attacks (ie just need to guess the transmission ID once know the source port to get a forged reply accepted)
- As I said back in Episode 118, this is very similar to the issues that were discovered back in 2008 by Dan Kaminsky - the whole reason source port randomisation was introduced as part of the DNS protocol
[USN-5602-1] Linux kernel (Raspberry Pi) vulnerabilities [02:11]
- 9 CVEs addressed in Jammy (22.04 LTS)
- See [USN-5594-1, USN-5599-1] Linux kernel (+ Oracle) vulnerabilities from last week
[USN-5603-1] Linux kernel (Raspberry Pi) vulnerabilities [02:29]
- 2 CVEs addressed in Bionic (18.04 LTS)
- See [USN-5592-1, USN-5595-1, USN-5596-1, USN-5600-1] Linux kernel (+ OEM, HWE) vulnerabilities from last week
[USN-5605-1] Linux kernel (Azure CVM) vulnerabilities [02:38]
- 2 CVEs addressed in Focal (20.04 LTS)
- See [USN-5592-1, USN-5595-1, USN-5596-1, USN-5600-1] Linux kernel (+ OEM, HWE) vulnerabilities from last week
[USN-5523-2] LibTIFF vulnerabilities [02:45]
- 7 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- [USN-5523-1] LibTIFF vulnerabilities from Episode 169
[USN-5604-1] LibTIFF vulnerabilities [03:13]
- 3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
[USN-5606-1] poppler vulnerability [03:23]
- 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
- Integer overflow in JBIG2 decoder -> heap buffer overflow via crafted PDF / JBIG2 image - very similar to CVE-2022-38171 in xpdf
- poppler started life as a fork of code from xpdf-3.0 but now has diverged so much that in general a vuln in one cannot be assumed to exist in the other, hence the separate CVE IDs for these two vulns
[USN-5607-1] GDK-PixBuf vulnerability [04:11]
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- Heap buffer overflow when decoding lzw compressed stream from GIF files
[USN-5608-1] DPDK vulnerability [04:26]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
- Crafted Vhost header could cause a DoS
[USN-5609-1] .NET 6 vulnerability [04:39]
- 1 CVEs addressed in Jammy (22.04 LTS)
- DoS in .NET Core - “a malicious client could cause a stack overflow which may result in a denial of service attack when an attacker sends a customized payload that is parsed during model binding”
- https://devblogs.microsoft.com/dotnet/september-2022-updates/
- Updates to latest upstream release 6.0.109
[USN-5583-2] systemd regression [05:16]
- 1 CVEs addressed in Bionic (18.04 LTS)
- Mentioned in passing in both the last 2 weeks episodes
[USN-5610-1] rust-regex vulnerability
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- ReDoS in regex crate - already includes various mitigations against DoS via untrusted regexes (and these can be tuned by users of the crate) - however was able to be bypassed by a regex that specified an empty subexpression that should be matched up to say 294 million times - this then gets compiled but is able to evade the existing mitigations since doesn’t take any memory - but it does take a lot of CPU time
- Fixed by changing code such that it will take a fake amount of memory for each empty subexpression and therefore will trip the existing detection logic in a reasonable amount of time
[USN-5611-1] WebKitGTK vulnerability [06:53]
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- OOB write via malicious web content - Apple reported that this was being actively exploited for iOS users (Safari uses Webkit)
Goings on in Ubuntu Security Community
Discussion of the recent systemd regression in Ubuntu 18.04 LTS with Nishit Majithia and Matthew Ruffell [07:49]
- Gathered media attention
- https://thenewstack.io/ubuntu-linux-and-azure-dns-problem-gives-azure-fits/
- Matthew is from the Sustaining Engineering Team at Canonical - I talked about his blog in Analysis of the dovecat and hy4 Linux Malware - from Episode 97
Get in contact
231 епізодів
Поширити
Manage episode 341336229 series 2423058
Вміст надано Alex Murray and Ubuntu Security Team. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Alex Murray and Ubuntu Security Team або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.
Overview
Alex talks with special guests Nishit Majithia and Matthew Ruffell about a recent systemd regression on Ubuntu 18.04 LTS plus we cover security updates for Dnsmasq, the Linux kernel, poppler, .NET 6, rust-regex and more.
This week in Ubuntu Security Updates
28 unique CVEs addressed
[USN-4976-2] Dnsmasq vulnerability [00:55]
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
- [USN-4976-1] Dnsmasq vulnerability for Episode 118
- Failed to properly randomise source port (ie used a fixed port) when forwarding queries when configured to use a specific server for a given network interface - could then allow a remote attacker to more easily perform cache poisoning attacks (ie just need to guess the transmission ID once know the source port to get a forged reply accepted)
- As I said back in Episode 118, this is very similar to the issues that were discovered back in 2008 by Dan Kaminsky - the whole reason source port randomisation was introduced as part of the DNS protocol
[USN-5602-1] Linux kernel (Raspberry Pi) vulnerabilities [02:11]
- 9 CVEs addressed in Jammy (22.04 LTS)
- See [USN-5594-1, USN-5599-1] Linux kernel (+ Oracle) vulnerabilities from last week
[USN-5603-1] Linux kernel (Raspberry Pi) vulnerabilities [02:29]
- 2 CVEs addressed in Bionic (18.04 LTS)
- See [USN-5592-1, USN-5595-1, USN-5596-1, USN-5600-1] Linux kernel (+ OEM, HWE) vulnerabilities from last week
[USN-5605-1] Linux kernel (Azure CVM) vulnerabilities [02:38]
- 2 CVEs addressed in Focal (20.04 LTS)
- See [USN-5592-1, USN-5595-1, USN-5596-1, USN-5600-1] Linux kernel (+ OEM, HWE) vulnerabilities from last week
[USN-5523-2] LibTIFF vulnerabilities [02:45]
- 7 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- [USN-5523-1] LibTIFF vulnerabilities from Episode 169
[USN-5604-1] LibTIFF vulnerabilities [03:13]
- 3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
[USN-5606-1] poppler vulnerability [03:23]
- 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
- Integer overflow in JBIG2 decoder -> heap buffer overflow via crafted PDF / JBIG2 image - very similar to CVE-2022-38171 in xpdf
- poppler started life as a fork of code from xpdf-3.0 but now has diverged so much that in general a vuln in one cannot be assumed to exist in the other, hence the separate CVE IDs for these two vulns
[USN-5607-1] GDK-PixBuf vulnerability [04:11]
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- Heap buffer overflow when decoding lzw compressed stream from GIF files
[USN-5608-1] DPDK vulnerability [04:26]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
- Crafted Vhost header could cause a DoS
[USN-5609-1] .NET 6 vulnerability [04:39]
- 1 CVEs addressed in Jammy (22.04 LTS)
- DoS in .NET Core - “a malicious client could cause a stack overflow which may result in a denial of service attack when an attacker sends a customized payload that is parsed during model binding”
- https://devblogs.microsoft.com/dotnet/september-2022-updates/
- Updates to latest upstream release 6.0.109
[USN-5583-2] systemd regression [05:16]
- 1 CVEs addressed in Bionic (18.04 LTS)
- Mentioned in passing in both the last 2 weeks episodes
[USN-5610-1] rust-regex vulnerability
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- ReDoS in regex crate - already includes various mitigations against DoS via untrusted regexes (and these can be tuned by users of the crate) - however was able to be bypassed by a regex that specified an empty subexpression that should be matched up to say 294 million times - this then gets compiled but is able to evade the existing mitigations since doesn’t take any memory - but it does take a lot of CPU time
- Fixed by changing code such that it will take a fake amount of memory for each empty subexpression and therefore will trip the existing detection logic in a reasonable amount of time
[USN-5611-1] WebKitGTK vulnerability [06:53]
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- OOB write via malicious web content - Apple reported that this was being actively exploited for iOS users (Safari uses Webkit)
Goings on in Ubuntu Security Community
Discussion of the recent systemd regression in Ubuntu 18.04 LTS with Nishit Majithia and Matthew Ruffell [07:49]
- Gathered media attention
- https://thenewstack.io/ubuntu-linux-and-azure-dns-problem-gives-azure-fits/
- Matthew is from the Sustaining Engineering Team at Canonical - I talked about his blog in Analysis of the dovecat and hy4 Linux Malware - from Episode 97
Get in contact
231 епізодів
所有剧集
×
Ласкаво просимо до Player FM!
Player FM сканує Інтернет для отримання високоякісних подкастів, щоб ви могли насолоджуватися ними зараз. Це найкращий додаток для подкастів, який працює на Android, iPhone і веб-сторінці. Реєстрація для синхронізації підписок між пристроями.
Схожі до Ubuntu Security Podcast
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Player FM - додаток Podcast
Переходьте в офлайн за допомогою програми Player FM !
Переходьте в офлайн за допомогою програми Player FM !
