This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
เนื้อหาจัดทำโดย Alex Murray and Ubuntu Security Team เนื้อหาพอดแคสต์ทั้งหมด รวมถึงตอน กราฟิก และคำอธิบายพอดแคสต์ได้รับการอัปโหลดและจัดหาให้โดยตรงจาก Alex Murray and Ubuntu Security Team หรือพันธมิตรแพลตฟอร์มพอดแคสต์ของพวกเขา หากคุณเชื่อว่ามีบุคคลอื่นใช้งานที่มีลิขสิทธิ์ของคุณโดยไม่ได้รับอนุญาต คุณสามารถปฏิบัติตามขั้นตอนที่แสดงไว้ที่นี่ https://th.player.fm/legal
Player FM - แอป Podcast
ออฟไลน์ด้วยแอป Player FM !
ออฟไลน์ด้วยแอป Player FM !
Episode 88
MP3•หน้าโฮมของตอน
Manage episode 270505458 series 2423058
เนื้อหาจัดทำโดย Alex Murray and Ubuntu Security Team เนื้อหาพอดแคสต์ทั้งหมด รวมถึงตอน กราฟิก และคำอธิบายพอดแคสต์ได้รับการอัปโหลดและจัดหาให้โดยตรงจาก Alex Murray and Ubuntu Security Team หรือพันธมิตรแพลตฟอร์มพอดแคสต์ของพวกเขา หากคุณเชื่อว่ามีบุคคลอื่นใช้งานที่มีลิขสิทธิ์ของคุณโดยไม่ได้รับอนุญาต คุณสามารถปฏิบัติตามขั้นตอนที่แสดงไว้ที่นี่ https://th.player.fm/legal
Overview
This week we talk antivirus scanners and false positives in the Ubuntu archive, plus we look at security updates for QEMU, Bind, Net-SNMP, sane-backends and more.
This week in Ubuntu Security Updates
56 unique CVEs addressed
[USN-4467-1] QEMU vulnerabilities [00:52]
- 13 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- OOB read in SLiRP networking implementation when replying to a ICMP ping echo request -> malicious guest could leak host memory -> info leak
- Network Block Device server assertion failure able to be triggered via a remote NBD client -> DoS
- Malicious guest could cause a OOB write / read in SM501 graphic driver on host -> crash / code exec
[USN-4466-2] curl vulnerability [01:58]
- 1 CVEs addressed in Trusty ESM (14.04 ESM)
- Episode 87 - connect_only option -> could connect to wrong destination -> info leak
[USN-4468-1, USN-4468-2] Bind vulnerabilities [02:16]
- 5 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- Assertion failures when handling:
- queries for zones signed by RSA signature
- truncated response to a TSIG-signed request
- queries when QNAME minimazation and forward first are enabled
- specially crafted large TCP payload on most recent versions (focal only)
[USN-4471-1] Net-SNMP vulnerabilities [03:10]
- 2 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- Would cache MIBs in a directory on the host - an attacker who has read-write access to the SNMP service could use the NET-SNMP-EXTEND-MIB extension to modify an existing MIB to add a command to be executed when the MIB attribute is read, and this would be cached for future. In general net-snmp server runs as a low privileged user, so any command-exec is not privileged, except at startup when it runs as root and loads the cached MIBs - these could then contain commands to change the configuration of net-snmp to instead run as root and not drop privileges. Then subsequent runs of net-snmp will run as root and so any command-exec can be done as root. Fix is to both disable the EXTEND-MIB extension by default and to not cache MIBs.
[USN-4469-1] Ghostscript vulnerabilities [04:47]
- 25 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- CVE-2020-17538
- CVE-2020-16310
- CVE-2020-16309
- CVE-2020-16308
- CVE-2020-16307
- CVE-2020-16306
- CVE-2020-16305
- CVE-2020-16304
- CVE-2020-16303
- CVE-2020-16302
- CVE-2020-16301
- CVE-2020-16300
- CVE-2020-16299
- CVE-2020-16298
- CVE-2020-16297
- CVE-2020-16296
- CVE-2020-16295
- CVE-2020-16294
- CVE-2020-16293
- CVE-2020-16292
- CVE-2020-16291
- CVE-2020-16290
- CVE-2020-16289
- CVE-2020-16288
- CVE-2020-16287
- Fixes for various buffer overflows etc found via fuzzing with address sanitizer enabled - crafted PDF files -> crash / RCE
[USN-4470-1] sane-backends vulnerabilities [05:17]
- 8 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- Heap buffer overflows when accessing network attached scanners - could happen automatically when starting a scanning app which then scans the local network -> crash / code exec - found by GitHub security team
- https://securitylab.github.com/research/last-orders-at-the-house-of-force
- https://youtu.be/EGiQ-0pCcwc
[USN-4472-1] PostgreSQL vulnerabilities [06:25]
- 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- 2 issues in the mishandling of the search path, allowing a remote attacker to execute arbitrary SQL code - one when using logical replication and the other with CREATE EXTENSION command.
Goings on in Ubuntu Security Community
Windows Defender and other AVs flagging jq as possibly malicious [06:54]
- https://discourse.ubuntu.com/t/several-av-engines-are-hating-on-usr-bin-jq-from-jq-1-6-1-false-positive-imo/18030
- https://bugs.launchpad.net/ubuntu/+source/jq/+bug/1892843
- https://bugs.launchpad.net/ubuntu/+source/jq/+bug/1892552
- Windows Defender flags as Trojan:Linux/CoinMiner.N!MTB whilst Trend Micro flags as Trojan.SH.HADGLIDER.TSE - false positives, possible hash collision?
sudo apt install jq xdg-open "https://www.virustotal.com/gui/file/$(sha256sum /usr/bin/jq | cut -f1 -d' ')"
Get in contact
231 ตอน
MP3•หน้าโฮมของตอน
Manage episode 270505458 series 2423058
เนื้อหาจัดทำโดย Alex Murray and Ubuntu Security Team เนื้อหาพอดแคสต์ทั้งหมด รวมถึงตอน กราฟิก และคำอธิบายพอดแคสต์ได้รับการอัปโหลดและจัดหาให้โดยตรงจาก Alex Murray and Ubuntu Security Team หรือพันธมิตรแพลตฟอร์มพอดแคสต์ของพวกเขา หากคุณเชื่อว่ามีบุคคลอื่นใช้งานที่มีลิขสิทธิ์ของคุณโดยไม่ได้รับอนุญาต คุณสามารถปฏิบัติตามขั้นตอนที่แสดงไว้ที่นี่ https://th.player.fm/legal
Overview
This week we talk antivirus scanners and false positives in the Ubuntu archive, plus we look at security updates for QEMU, Bind, Net-SNMP, sane-backends and more.
This week in Ubuntu Security Updates
56 unique CVEs addressed
[USN-4467-1] QEMU vulnerabilities [00:52]
- 13 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- OOB read in SLiRP networking implementation when replying to a ICMP ping echo request -> malicious guest could leak host memory -> info leak
- Network Block Device server assertion failure able to be triggered via a remote NBD client -> DoS
- Malicious guest could cause a OOB write / read in SM501 graphic driver on host -> crash / code exec
[USN-4466-2] curl vulnerability [01:58]
- 1 CVEs addressed in Trusty ESM (14.04 ESM)
- Episode 87 - connect_only option -> could connect to wrong destination -> info leak
[USN-4468-1, USN-4468-2] Bind vulnerabilities [02:16]
- 5 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- Assertion failures when handling:
- queries for zones signed by RSA signature
- truncated response to a TSIG-signed request
- queries when QNAME minimazation and forward first are enabled
- specially crafted large TCP payload on most recent versions (focal only)
[USN-4471-1] Net-SNMP vulnerabilities [03:10]
- 2 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- Would cache MIBs in a directory on the host - an attacker who has read-write access to the SNMP service could use the NET-SNMP-EXTEND-MIB extension to modify an existing MIB to add a command to be executed when the MIB attribute is read, and this would be cached for future. In general net-snmp server runs as a low privileged user, so any command-exec is not privileged, except at startup when it runs as root and loads the cached MIBs - these could then contain commands to change the configuration of net-snmp to instead run as root and not drop privileges. Then subsequent runs of net-snmp will run as root and so any command-exec can be done as root. Fix is to both disable the EXTEND-MIB extension by default and to not cache MIBs.
[USN-4469-1] Ghostscript vulnerabilities [04:47]
- 25 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- CVE-2020-17538
- CVE-2020-16310
- CVE-2020-16309
- CVE-2020-16308
- CVE-2020-16307
- CVE-2020-16306
- CVE-2020-16305
- CVE-2020-16304
- CVE-2020-16303
- CVE-2020-16302
- CVE-2020-16301
- CVE-2020-16300
- CVE-2020-16299
- CVE-2020-16298
- CVE-2020-16297
- CVE-2020-16296
- CVE-2020-16295
- CVE-2020-16294
- CVE-2020-16293
- CVE-2020-16292
- CVE-2020-16291
- CVE-2020-16290
- CVE-2020-16289
- CVE-2020-16288
- CVE-2020-16287
- Fixes for various buffer overflows etc found via fuzzing with address sanitizer enabled - crafted PDF files -> crash / RCE
[USN-4470-1] sane-backends vulnerabilities [05:17]
- 8 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- Heap buffer overflows when accessing network attached scanners - could happen automatically when starting a scanning app which then scans the local network -> crash / code exec - found by GitHub security team
- https://securitylab.github.com/research/last-orders-at-the-house-of-force
- https://youtu.be/EGiQ-0pCcwc
[USN-4472-1] PostgreSQL vulnerabilities [06:25]
- 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- 2 issues in the mishandling of the search path, allowing a remote attacker to execute arbitrary SQL code - one when using logical replication and the other with CREATE EXTENSION command.
Goings on in Ubuntu Security Community
Windows Defender and other AVs flagging jq as possibly malicious [06:54]
- https://discourse.ubuntu.com/t/several-av-engines-are-hating-on-usr-bin-jq-from-jq-1-6-1-false-positive-imo/18030
- https://bugs.launchpad.net/ubuntu/+source/jq/+bug/1892843
- https://bugs.launchpad.net/ubuntu/+source/jq/+bug/1892552
- Windows Defender flags as Trojan:Linux/CoinMiner.N!MTB whilst Trend Micro flags as Trojan.SH.HADGLIDER.TSE - false positives, possible hash collision?
sudo apt install jq xdg-open "https://www.virustotal.com/gui/file/$(sha256sum /usr/bin/jq | cut -f1 -d' ')"
Get in contact
231 ตอน
ทุกตอน
×ขอต้อนรับสู่ Player FM!
Player FM กำลังหาเว็บ