This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
المحتوى المقدم من Alex Murray and Ubuntu Security Team. يتم تحميل جميع محتويات البودكاست بما في ذلك الحلقات والرسومات وأوصاف البودكاست وتقديمها مباشرةً بواسطة Alex Murray and Ubuntu Security Team أو شريك منصة البودكاست الخاص بهم. إذا كنت تعتقد أن شخصًا ما يستخدم عملك المحمي بحقوق الطبع والنشر دون إذنك، فيمكنك اتباع العملية الموضحة هنا https://ar.player.fm/legal.
مشابه لـUbuntu Security Podcast
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
We head to the Lone Star State to connect with fellow Linux enthusiasts and immerse ourselves in the vibrant scene of Austin, Texas. Live chat: https:/jblive.tv
…
continue reading
Player FM - تطبيق بودكاست
انتقل إلى وضع عدم الاتصال باستخدام تطبيق Player FM !
انتقل إلى وضع عدم الاتصال باستخدام تطبيق Player FM !
))
Episode 178
Manage episode 341989523 series 2423058
المحتوى المقدم من Alex Murray and Ubuntu Security Team. يتم تحميل جميع محتويات البودكاست بما في ذلك الحلقات والرسومات وأوصاف البودكاست وتقديمها مباشرةً بواسطة Alex Murray and Ubuntu Security Team أو شريك منصة البودكاست الخاص بهم. إذا كنت تعتقد أن شخصًا ما يستخدم عملك المحمي بحقوق الطبع والنشر دون إذنك، فيمكنك اتباع العملية الموضحة هنا https://ar.player.fm/legal.
Overview
You can’t test your way out of security vulnerabilities (at least when writing your code in C), plus we cover security updates for Intel Microcode, vim, Wayland, the Linux kernel, SQLite and more.
This week in Ubuntu Security Updates
68 unique CVEs addressed
[USN-5606-2] poppler regression [00:45]
- Affecting Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
- [USN-5606-1] poppler vulnerability from Episode 177 - integer overflow in JBIG2 decoder
- When backporting the series of patches, missed one that updated the CMakeLists.txt to ensure a new header file that was added as part of the security update is actually installed by the libpoppler-dev package - without this if installed the update and then tried to recompile something locally it would fail
[USN-5612-1] Intel Microcode vulnerability [01:29]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
- Latest upstream Intel Microcode release (IPU 2022.2) - only security relevant for SGX
[USN-5613-1, USN-5613-2] Vim vulnerabilities [01:54]
- 7 CVEs addressed in Trusty ESM (14.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
- Various buffer overflows and the like that could be triggered when editing crafted files - have said in the past that vim is fast becoming one of the most security-patched packages in Ubuntu - all driven by their bug-bounty https://huntr.dev/repos/vim/vim/
[USN-5614-1] Wayland vulnerability [02:17]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
- Reference count overflow - used a 32-bit int to count the number of references - but on a 64-bit machine it is quite possible that a malicious client could allocate a huge amount of buffers to overflow and then possibly get a UAF - highly unlikely to be able to exploit in practice since would also need a large number of connections to the compositor as well - fixed by limiting the max number of objects that can be allocated
[USN-5615-1] SQLite vulnerabilities [03:01]
- 3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- NULL ptr deref, OOB read, unicode parsing issue - disputed by upstream as an actual vuln
- Has such a large amount of tests - https://www.sqlite.org/testing.html
- for 151 KSLOC has 92,038 KSLOC of tests -> 608 times as much code in tests that the actual library itself
- 4 different test harnesses, 100% branch coverage, OOM tests, I/O error tests, fuzz tests, boundary conditions, regression tests, valgrind, UB etc
- yet still has new vulns discovered every now and then
- you can’t test your way out of security issues - at least when you write your code in C which has just too many different operations that have UB
- you can perhaps do it via formal methods (seL4 etc) but is very expensive..
- $200-400/LoC
- eg. to formally prove SQLite would then cost ~$18.4M-$36.8M
- use rust?
- would hopefully help at least for the first 2 issues - can still have logic flaws and hence security vulns (eg. failing to properly validate a TLS cert or similar)
[USN-5616-1] Linux kernel (Intel IoTG) vulnerabilities [06:00]
- 10 CVEs addressed in Jammy (22.04 LTS)
- 5.15
- Some of these have covered previously
- Intel 10GbE PCI Express driver, IP source port randomisation failure, perf UAF, KVM NULL ptr deref, various file-system OOB R/W etc
[USN-5621-1] Linux kernel vulnerabilities [06:32]
- 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
- 4.15 GA 18.04 LTS, HWE 16.04 ESM
- console framebuffer and netfilter OOB writes covered in previous episodes
[USN-5622-1] Linux kernel vulnerabilities [06:57]
- 6 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- 5.4 GA 20.04 LTS / HWE 18.04 LTS
x*** [USN-5624-1] Linux kernel vulnerabilities [07:05]
- 11 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- 5.15 GA 22.04 LTS / Azure 20.04 LTS
[USN-5623-1] Linux kernel (HWE) vulnerabilities [07:12]
- 21 CVEs addressed in Focal (20.04 LTS)
- CVE-2022-36946
- CVE-2022-34495
- CVE-2022-34494
- CVE-2022-33744
- CVE-2022-33743
- CVE-2022-33742
- CVE-2022-33741
- CVE-2022-33740
- CVE-2022-2959
- CVE-2022-2873
- CVE-2022-26365
- CVE-2022-2503
- CVE-2022-2318
- CVE-2022-1973
- CVE-2022-1943
- CVE-2022-1852
- CVE-2022-1729
- CVE-2022-32296
- CVE-2022-1012
- CVE-2021-33655
- CVE-2021-33061
- 5.15 20.04 HWE
- all the vulns mentioned earlier plus a bunch in Xen (kernel side) - impact ranges from crashing guest and exposing its memory to DoS services on the host
[USN-5617-1] Xen vulnerabilities [07:45]
- 20 CVEs addressed in Focal (20.04 LTS)
- Community contributed update for xen - almost wins the award for the most CVEs patched in a single update for this week
- Most issues allow a malicious guest to attack the host -> DoS, privesc, code-exec etc
[USN-5619-1] LibTIFF vulnerabilities [08:17]
- 7 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
- Another package vying for most security updates recently
- Usual memory corruption issues when handling crafted files - stack / heap buffer overflows etc
[USN-5618-1] Ghostscript vulnerability [08:49]
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
- Heap buffer overflow when parsing a crafted PDF
[USN-5626-1] Bind vulnerabilities [08:58]
- 6 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
- Memory leaks when handling certain crypto algorithms with DNSSEC, resource-based DoS, buffer over-read -> info leak / crash, assertion-based crash via crafted query
[USN-5625-1] Mako vulnerability [09:22]
- 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
- ReDoS via crafted content
Goings on in Ubuntu Security Community
Preparing for the release of Ubuntu Pro [09:44]
- Team has worked on this for the last few years - finally will see the light of day in the coming week or two - more details to come
Get in contact
231 حلقات
مشاركة
Manage episode 341989523 series 2423058
المحتوى المقدم من Alex Murray and Ubuntu Security Team. يتم تحميل جميع محتويات البودكاست بما في ذلك الحلقات والرسومات وأوصاف البودكاست وتقديمها مباشرةً بواسطة Alex Murray and Ubuntu Security Team أو شريك منصة البودكاست الخاص بهم. إذا كنت تعتقد أن شخصًا ما يستخدم عملك المحمي بحقوق الطبع والنشر دون إذنك، فيمكنك اتباع العملية الموضحة هنا https://ar.player.fm/legal.
Overview
You can’t test your way out of security vulnerabilities (at least when writing your code in C), plus we cover security updates for Intel Microcode, vim, Wayland, the Linux kernel, SQLite and more.
This week in Ubuntu Security Updates
68 unique CVEs addressed
[USN-5606-2] poppler regression [00:45]
- Affecting Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
- [USN-5606-1] poppler vulnerability from Episode 177 - integer overflow in JBIG2 decoder
- When backporting the series of patches, missed one that updated the CMakeLists.txt to ensure a new header file that was added as part of the security update is actually installed by the libpoppler-dev package - without this if installed the update and then tried to recompile something locally it would fail
[USN-5612-1] Intel Microcode vulnerability [01:29]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
- Latest upstream Intel Microcode release (IPU 2022.2) - only security relevant for SGX
[USN-5613-1, USN-5613-2] Vim vulnerabilities [01:54]
- 7 CVEs addressed in Trusty ESM (14.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
- Various buffer overflows and the like that could be triggered when editing crafted files - have said in the past that vim is fast becoming one of the most security-patched packages in Ubuntu - all driven by their bug-bounty https://huntr.dev/repos/vim/vim/
[USN-5614-1] Wayland vulnerability [02:17]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
- Reference count overflow - used a 32-bit int to count the number of references - but on a 64-bit machine it is quite possible that a malicious client could allocate a huge amount of buffers to overflow and then possibly get a UAF - highly unlikely to be able to exploit in practice since would also need a large number of connections to the compositor as well - fixed by limiting the max number of objects that can be allocated
[USN-5615-1] SQLite vulnerabilities [03:01]
- 3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- NULL ptr deref, OOB read, unicode parsing issue - disputed by upstream as an actual vuln
- Has such a large amount of tests - https://www.sqlite.org/testing.html
- for 151 KSLOC has 92,038 KSLOC of tests -> 608 times as much code in tests that the actual library itself
- 4 different test harnesses, 100% branch coverage, OOM tests, I/O error tests, fuzz tests, boundary conditions, regression tests, valgrind, UB etc
- yet still has new vulns discovered every now and then
- you can’t test your way out of security issues - at least when you write your code in C which has just too many different operations that have UB
- you can perhaps do it via formal methods (seL4 etc) but is very expensive..
- $200-400/LoC
- eg. to formally prove SQLite would then cost ~$18.4M-$36.8M
- use rust?
- would hopefully help at least for the first 2 issues - can still have logic flaws and hence security vulns (eg. failing to properly validate a TLS cert or similar)
[USN-5616-1] Linux kernel (Intel IoTG) vulnerabilities [06:00]
- 10 CVEs addressed in Jammy (22.04 LTS)
- 5.15
- Some of these have covered previously
- Intel 10GbE PCI Express driver, IP source port randomisation failure, perf UAF, KVM NULL ptr deref, various file-system OOB R/W etc
[USN-5621-1] Linux kernel vulnerabilities [06:32]
- 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
- 4.15 GA 18.04 LTS, HWE 16.04 ESM
- console framebuffer and netfilter OOB writes covered in previous episodes
[USN-5622-1] Linux kernel vulnerabilities [06:57]
- 6 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- 5.4 GA 20.04 LTS / HWE 18.04 LTS
x*** [USN-5624-1] Linux kernel vulnerabilities [07:05]
- 11 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- 5.15 GA 22.04 LTS / Azure 20.04 LTS
[USN-5623-1] Linux kernel (HWE) vulnerabilities [07:12]
- 21 CVEs addressed in Focal (20.04 LTS)
- CVE-2022-36946
- CVE-2022-34495
- CVE-2022-34494
- CVE-2022-33744
- CVE-2022-33743
- CVE-2022-33742
- CVE-2022-33741
- CVE-2022-33740
- CVE-2022-2959
- CVE-2022-2873
- CVE-2022-26365
- CVE-2022-2503
- CVE-2022-2318
- CVE-2022-1973
- CVE-2022-1943
- CVE-2022-1852
- CVE-2022-1729
- CVE-2022-32296
- CVE-2022-1012
- CVE-2021-33655
- CVE-2021-33061
- 5.15 20.04 HWE
- all the vulns mentioned earlier plus a bunch in Xen (kernel side) - impact ranges from crashing guest and exposing its memory to DoS services on the host
[USN-5617-1] Xen vulnerabilities [07:45]
- 20 CVEs addressed in Focal (20.04 LTS)
- Community contributed update for xen - almost wins the award for the most CVEs patched in a single update for this week
- Most issues allow a malicious guest to attack the host -> DoS, privesc, code-exec etc
[USN-5619-1] LibTIFF vulnerabilities [08:17]
- 7 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
- Another package vying for most security updates recently
- Usual memory corruption issues when handling crafted files - stack / heap buffer overflows etc
[USN-5618-1] Ghostscript vulnerability [08:49]
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
- Heap buffer overflow when parsing a crafted PDF
[USN-5626-1] Bind vulnerabilities [08:58]
- 6 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
- Memory leaks when handling certain crypto algorithms with DNSSEC, resource-based DoS, buffer over-read -> info leak / crash, assertion-based crash via crafted query
[USN-5625-1] Mako vulnerability [09:22]
- 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
- ReDoS via crafted content
Goings on in Ubuntu Security Community
Preparing for the release of Ubuntu Pro [09:44]
- Team has worked on this for the last few years - finally will see the light of day in the coming week or two - more details to come
Get in contact
231 حلقات
كل الحلقات
×
مرحبًا بك في مشغل أف ام!
يقوم برنامج مشغل أف أم بمسح الويب للحصول على بودكاست عالية الجودة لتستمتع بها الآن. إنه أفضل تطبيق بودكاست ويعمل على أجهزة اندرويد والأيفون والويب. قم بالتسجيل لمزامنة الاشتراكات عبر الأجهزة.
مشابه لـUbuntu Security Podcast
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
We head to the Lone Star State to connect with fellow Linux enthusiasts and immerse ourselves in the vibrant scene of Austin, Texas. Live chat: https:/jblive.tv
…
continue reading
Player FM - تطبيق بودكاست
انتقل إلى وضع عدم الاتصال باستخدام تطبيق Player FM !
انتقل إلى وضع عدم الاتصال باستخدام تطبيق Player FM !
