This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Innehåll tillhandahållet av Alex Murray and Ubuntu Security Team. Allt poddinnehåll inklusive avsnitt, grafik och podcastbeskrivningar laddas upp och tillhandahålls direkt av Alex Murray and Ubuntu Security Team eller deras podcastplattformspartner. Om du tror att någon använder ditt upphovsrättsskyddade verk utan din tillåtelse kan du följa processen som beskrivs här https://sv.player.fm/legal.
Liknande Ubuntu Security Podcast
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Daily update on current cyber security threats
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
Player FM - Podcast-app
Gå offline med appen Player FM !
Gå offline med appen Player FM !
))
Episode 229
Manage episode 421290257 series 2423058
Innehåll tillhandahållet av Alex Murray and Ubuntu Security Team. Allt poddinnehåll inklusive avsnitt, grafik och podcastbeskrivningar laddas upp och tillhandahålls direkt av Alex Murray and Ubuntu Security Team eller deras podcastplattformspartner. Om du tror att någon använder ditt upphovsrättsskyddade verk utan din tillåtelse kan du följa processen som beskrivs här https://sv.player.fm/legal.
Overview
As the podcast winds down for a break over the next month, this week we talk about RSA timing side-channel attacks and the recently announced DNSBomb vulnerability as we cover security updates in VLC, OpenSSL, Netatalk, WebKitGTK, amavisd-new, Unbound, Intel Microcode and more.
This week in Ubuntu Security Updates
152 unique CVEs addressed
[USN-6783-1] VLC vulnerabilities (00:54)
- 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10)
- integer underflow and a heap buffer overflow -> RCE
[USN-6663-3] OpenSSL update (01:40)
- Affecting Noble (24.04 LTS)
- [USN-6663-1] OpenSSL update from Episode 220 - hardening improvement to return deterministic random bytes instead of an error when an incorrect padding length is detected during PKCS#1 v1.5 RSA to avoid this being used for possible Bleichenbacher timing attacks
[USN-6673-3] python-cryptography vulnerability (02:32)
- 1 CVEs addressed in Noble (24.04 LTS)
- [USN-6673-1] python-cryptography vulnerabilities from Episode 220 - counterpart to the OpenSSL update mentioned earlier
[USN-6736-2] klibc vulnerabilities (02:43)
- 4 CVEs addressed in Noble (24.04 LTS)
- [USN-6736-1] klibc vulnerabilities from Episode 228
[USN-6784-1] cJSON vulnerabilities (02:58)
- 3 CVEs addressed in Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
- 2 different researchers fuzzing cJSON APIs
- all different NULL ptr deref - requires particular / “incorrect” or possible misuse use of the APIs (like passing in purposefully corrupted values) so unlikely to be an issue in practice
[USN-6785-1] GNOME Remote Desktop vulnerability (03:52)
- 1 CVEs addressed in Noble (24.04 LTS)
- Discovered by a member of the SUSE security team when reviewing g-r-d
- Exposed various DBus services that were able to be called by any unprivileged user which would then return the SSL private key used to encrypt the connection - so could allow a local user to possibly spy on the sessions of other users remotely connected to the system
[USN-6786-1] Netatalk vulnerabilities (04:45)
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- Apple file sharing implementation for Linux
- If the same path was shared via both AFP and SMB then a remote attacker could combine various operations through both file-systems (like creating a crafted symlink, which would then be followed during a second operation where a file is renamed) to allow them to overwrite arbirary files and hence achieve arbitrary code execution on the host
[USN-6788-1] WebKitGTK vulnerabilities (05:48)
- 1 CVEs addressed in Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
- Possible pointer authentication bypass - used on arm64 in particular - demonstrated at Pwn2Own earlier this year by Manfred Paul - $60k
[USN-6789-1] LibreOffice vulnerability (06:28)
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
- Unchecked script execution triggered when clicking on a graphic - allows to run arbitrary scripts without the usual prompt
[USN-6790-1] amavisd-new vulnerability (07:09)
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
- MTA / AV interface - often used in conjunction with Postfix, not just for AV but also can be used to do DKIM verification and integration with spamassassin etc
- Misinterpreted MIME message boundaries in emails, allowing email parts to possibly bypass usual checks
[USN-6791-1] Unbound vulnerability (07:46)
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
- DNSBomb attack announced recently at IEEE S&P - affecting multiple different DNS implementations including BIND, Unbound, PowerDNS, Knot, DNSMasq and others
- Unbound itself was not necessarily vulnerable to such an attack specifically, but could be used to generate such an attack against others - in particular Unbound had the highest amplification factor of ~22k times - next highest was DNSMasq at ~3k times
- Fix involves introducing a number of timeout parameters for various operations and discarding operations if they take longer than this to avoid the ability to “store up” responses to be released at a later time
[USN-6793-1] Git vulnerabilities (09:31)
- 5 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
[USN-6792-1] Flask-Security vulnerability
- 1 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS)
[USN-6794-1] FRR vulnerabilities
- 4 CVEs addressed in Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
[USN-6777-4] Linux kernel (HWE) vulnerabilities (09:40)
- 17 CVEs addressed in Xenial ESM (16.04 ESM)
- [USN-6777-1] Linux kernel vulnerabilities from Episode 228
- AWS HWE kernel (4.15)
[USN-6795-1] Linux kernel (Intel IoTG) vulnerabilities (10:00)
- 95 CVEs addressed in Jammy (22.04 LTS)
- CVE-2023-52588
- CVE-2023-52622
- CVE-2024-26920
- CVE-2023-52607
- CVE-2023-52530
- CVE-2023-52435
- CVE-2023-52615
- CVE-2024-26684
- CVE-2024-26829
- CVE-2024-26614
- CVE-2023-52489
- CVE-2023-52642
- CVE-2023-52583
- CVE-2024-26696
- CVE-2024-26627
- CVE-2024-26636
- CVE-2024-26663
- CVE-2024-26702
- CVE-2024-26685
- CVE-2024-26715
- CVE-2024-26668
- CVE-2023-52492
- CVE-2023-52498
- CVE-2024-26825
- CVE-2023-52587
- CVE-2024-26615
- CVE-2023-52608
- CVE-2024-26660
- CVE-2023-52601
- CVE-2024-26910
- CVE-2024-26676
- CVE-2023-52493
- CVE-2024-26673
- CVE-2024-26707
- CVE-2024-26698
- CVE-2024-26641
- CVE-2023-52494
- CVE-2023-52595
- CVE-2024-26697
- CVE-2023-52617
- CVE-2024-26675
- CVE-2024-26610
- CVE-2024-26606
- CVE-2023-52614
- CVE-2024-26712
- CVE-2023-52635
- CVE-2024-26689
- CVE-2024-26916
- CVE-2024-26665
- CVE-2023-52623
- CVE-2024-26635
- CVE-2024-26602
- CVE-2023-52597
- CVE-2023-52619
- CVE-2024-26808
- CVE-2024-26600
- CVE-2024-26826
- CVE-2024-26644
- CVE-2024-26695
- CVE-2023-52604
- CVE-2024-26625
- CVE-2023-52618
- CVE-2024-26664
- CVE-2024-26593
- CVE-2023-52633
- CVE-2023-52606
- CVE-2024-26640
- CVE-2023-52486
- CVE-2023-52631
- CVE-2024-26720
- CVE-2023-52599
- CVE-2024-26671
- CVE-2024-26722
- CVE-2023-52602
- CVE-2024-26645
- CVE-2023-52637
- CVE-2024-26704
- CVE-2023-52638
- CVE-2024-26717
- CVE-2024-26592
- CVE-2023-52491
- CVE-2023-52627
- CVE-2023-52598
- CVE-2024-26594
- CVE-2023-52643
- CVE-2024-26622
- CVE-2023-52594
- CVE-2024-26608
- CVE-2024-26679
- CVE-2023-52616
- CVE-2024-23849
- CVE-2024-2201
- CVE-2022-0001
- CVE-2024-1151
- CVE-2023-47233
- Very similar to [USN-6766-2] Linux kernel vulnerabilities from Episode 228
- 5.15 Intel IOTG - optimisations for various Intel IOT platforms like NUCs and Atom-based devices - low power x86
[USN-6779-2] Firefox regressions (10:30)
- 14 CVEs addressed in Focal (20.04 LTS)
- 126.0.1 - drag-and-drop was broken in 126.0
[USN-6787-1] Jinja2 vulnerability (10:48)
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
- Incorrect handling of various HTML attributes - attacker could then possibly inject arbitrary HTML attrs/values and hence inject JS code to peform XSS attacks etc
[USN-6797-1] Intel Microcode vulnerabilities (11:22)
- 9 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
- Latest release from upstream - mitigates against various hardware vulns
- A couple issues in SGX/TDX on different Intel Xeon processors:
- Invalid restrictions -> local root -> super-privesc
- Invalid input on TDX -> local root -> super-privesc
- Invalid SGX base key calculation -> info leak
- Transient execution attacks to read privileged information
- DoS through bus lock mishandling or through invalid instruction sequences
- A couple issues in SGX/TDX on different Intel Xeon processors:
Get in contact
237 episoder
Dela
Manage episode 421290257 series 2423058
Innehåll tillhandahållet av Alex Murray and Ubuntu Security Team. Allt poddinnehåll inklusive avsnitt, grafik och podcastbeskrivningar laddas upp och tillhandahålls direkt av Alex Murray and Ubuntu Security Team eller deras podcastplattformspartner. Om du tror att någon använder ditt upphovsrättsskyddade verk utan din tillåtelse kan du följa processen som beskrivs här https://sv.player.fm/legal.
Overview
As the podcast winds down for a break over the next month, this week we talk about RSA timing side-channel attacks and the recently announced DNSBomb vulnerability as we cover security updates in VLC, OpenSSL, Netatalk, WebKitGTK, amavisd-new, Unbound, Intel Microcode and more.
This week in Ubuntu Security Updates
152 unique CVEs addressed
[USN-6783-1] VLC vulnerabilities (00:54)
- 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10)
- integer underflow and a heap buffer overflow -> RCE
[USN-6663-3] OpenSSL update (01:40)
- Affecting Noble (24.04 LTS)
- [USN-6663-1] OpenSSL update from Episode 220 - hardening improvement to return deterministic random bytes instead of an error when an incorrect padding length is detected during PKCS#1 v1.5 RSA to avoid this being used for possible Bleichenbacher timing attacks
[USN-6673-3] python-cryptography vulnerability (02:32)
- 1 CVEs addressed in Noble (24.04 LTS)
- [USN-6673-1] python-cryptography vulnerabilities from Episode 220 - counterpart to the OpenSSL update mentioned earlier
[USN-6736-2] klibc vulnerabilities (02:43)
- 4 CVEs addressed in Noble (24.04 LTS)
- [USN-6736-1] klibc vulnerabilities from Episode 228
[USN-6784-1] cJSON vulnerabilities (02:58)
- 3 CVEs addressed in Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
- 2 different researchers fuzzing cJSON APIs
- all different NULL ptr deref - requires particular / “incorrect” or possible misuse use of the APIs (like passing in purposefully corrupted values) so unlikely to be an issue in practice
[USN-6785-1] GNOME Remote Desktop vulnerability (03:52)
- 1 CVEs addressed in Noble (24.04 LTS)
- Discovered by a member of the SUSE security team when reviewing g-r-d
- Exposed various DBus services that were able to be called by any unprivileged user which would then return the SSL private key used to encrypt the connection - so could allow a local user to possibly spy on the sessions of other users remotely connected to the system
[USN-6786-1] Netatalk vulnerabilities (04:45)
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- Apple file sharing implementation for Linux
- If the same path was shared via both AFP and SMB then a remote attacker could combine various operations through both file-systems (like creating a crafted symlink, which would then be followed during a second operation where a file is renamed) to allow them to overwrite arbirary files and hence achieve arbitrary code execution on the host
[USN-6788-1] WebKitGTK vulnerabilities (05:48)
- 1 CVEs addressed in Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
- Possible pointer authentication bypass - used on arm64 in particular - demonstrated at Pwn2Own earlier this year by Manfred Paul - $60k
[USN-6789-1] LibreOffice vulnerability (06:28)
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
- Unchecked script execution triggered when clicking on a graphic - allows to run arbitrary scripts without the usual prompt
[USN-6790-1] amavisd-new vulnerability (07:09)
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
- MTA / AV interface - often used in conjunction with Postfix, not just for AV but also can be used to do DKIM verification and integration with spamassassin etc
- Misinterpreted MIME message boundaries in emails, allowing email parts to possibly bypass usual checks
[USN-6791-1] Unbound vulnerability (07:46)
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
- DNSBomb attack announced recently at IEEE S&P - affecting multiple different DNS implementations including BIND, Unbound, PowerDNS, Knot, DNSMasq and others
- Unbound itself was not necessarily vulnerable to such an attack specifically, but could be used to generate such an attack against others - in particular Unbound had the highest amplification factor of ~22k times - next highest was DNSMasq at ~3k times
- Fix involves introducing a number of timeout parameters for various operations and discarding operations if they take longer than this to avoid the ability to “store up” responses to be released at a later time
[USN-6793-1] Git vulnerabilities (09:31)
- 5 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
[USN-6792-1] Flask-Security vulnerability
- 1 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS)
[USN-6794-1] FRR vulnerabilities
- 4 CVEs addressed in Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
[USN-6777-4] Linux kernel (HWE) vulnerabilities (09:40)
- 17 CVEs addressed in Xenial ESM (16.04 ESM)
- [USN-6777-1] Linux kernel vulnerabilities from Episode 228
- AWS HWE kernel (4.15)
[USN-6795-1] Linux kernel (Intel IoTG) vulnerabilities (10:00)
- 95 CVEs addressed in Jammy (22.04 LTS)
- CVE-2023-52588
- CVE-2023-52622
- CVE-2024-26920
- CVE-2023-52607
- CVE-2023-52530
- CVE-2023-52435
- CVE-2023-52615
- CVE-2024-26684
- CVE-2024-26829
- CVE-2024-26614
- CVE-2023-52489
- CVE-2023-52642
- CVE-2023-52583
- CVE-2024-26696
- CVE-2024-26627
- CVE-2024-26636
- CVE-2024-26663
- CVE-2024-26702
- CVE-2024-26685
- CVE-2024-26715
- CVE-2024-26668
- CVE-2023-52492
- CVE-2023-52498
- CVE-2024-26825
- CVE-2023-52587
- CVE-2024-26615
- CVE-2023-52608
- CVE-2024-26660
- CVE-2023-52601
- CVE-2024-26910
- CVE-2024-26676
- CVE-2023-52493
- CVE-2024-26673
- CVE-2024-26707
- CVE-2024-26698
- CVE-2024-26641
- CVE-2023-52494
- CVE-2023-52595
- CVE-2024-26697
- CVE-2023-52617
- CVE-2024-26675
- CVE-2024-26610
- CVE-2024-26606
- CVE-2023-52614
- CVE-2024-26712
- CVE-2023-52635
- CVE-2024-26689
- CVE-2024-26916
- CVE-2024-26665
- CVE-2023-52623
- CVE-2024-26635
- CVE-2024-26602
- CVE-2023-52597
- CVE-2023-52619
- CVE-2024-26808
- CVE-2024-26600
- CVE-2024-26826
- CVE-2024-26644
- CVE-2024-26695
- CVE-2023-52604
- CVE-2024-26625
- CVE-2023-52618
- CVE-2024-26664
- CVE-2024-26593
- CVE-2023-52633
- CVE-2023-52606
- CVE-2024-26640
- CVE-2023-52486
- CVE-2023-52631
- CVE-2024-26720
- CVE-2023-52599
- CVE-2024-26671
- CVE-2024-26722
- CVE-2023-52602
- CVE-2024-26645
- CVE-2023-52637
- CVE-2024-26704
- CVE-2023-52638
- CVE-2024-26717
- CVE-2024-26592
- CVE-2023-52491
- CVE-2023-52627
- CVE-2023-52598
- CVE-2024-26594
- CVE-2023-52643
- CVE-2024-26622
- CVE-2023-52594
- CVE-2024-26608
- CVE-2024-26679
- CVE-2023-52616
- CVE-2024-23849
- CVE-2024-2201
- CVE-2022-0001
- CVE-2024-1151
- CVE-2023-47233
- Very similar to [USN-6766-2] Linux kernel vulnerabilities from Episode 228
- 5.15 Intel IOTG - optimisations for various Intel IOT platforms like NUCs and Atom-based devices - low power x86
[USN-6779-2] Firefox regressions (10:30)
- 14 CVEs addressed in Focal (20.04 LTS)
- 126.0.1 - drag-and-drop was broken in 126.0
[USN-6787-1] Jinja2 vulnerability (10:48)
- 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
- Incorrect handling of various HTML attributes - attacker could then possibly inject arbitrary HTML attrs/values and hence inject JS code to peform XSS attacks etc
[USN-6797-1] Intel Microcode vulnerabilities (11:22)
- 9 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10), Noble (24.04 LTS)
- Latest release from upstream - mitigates against various hardware vulns
- A couple issues in SGX/TDX on different Intel Xeon processors:
- Invalid restrictions -> local root -> super-privesc
- Invalid input on TDX -> local root -> super-privesc
- Invalid SGX base key calculation -> info leak
- Transient execution attacks to read privileged information
- DoS through bus lock mishandling or through invalid instruction sequences
- A couple issues in SGX/TDX on different Intel Xeon processors:
Get in contact
237 episoder
Alla avsnitt
×
Välkommen till Player FM
Player FM scannar webben för högkvalitativa podcasts för dig att njuta av nu direkt. Den är den bästa podcast-appen och den fungerar med Android, Iphone och webben. Bli medlem för att synka prenumerationer mellan enheter.
Liknande Ubuntu Security Podcast
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Daily update on current cyber security threats
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
Player FM - Podcast-app
Gå offline med appen Player FM !
Gå offline med appen Player FM !
