Episode 132
Ubuntu Security Podcast
English - September 24, 2021 05:35 - 17 minutes - 12.8 MB - ★★★★★ - 10 ratingsTechnology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Extended Security Maintenance gets an extension, Linux disk encryption and
authentication goes under the microscope and we cover security updates for
libgcrypt, the Linux kernel, Python, and more.
Overview
Extended Security Maintenance gets an extension, Linux disk encryption and
authentication goes under the microscope and we cover security updates for
libgcrypt, the Linux kernel, Python, and more.
This week in Ubuntu Security Updates
20 unique CVEs addressed
[USN-5078-2] Squashfs-Tools vulnerabilities [01:02]
2 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-5080-1, USN-5080-2] Libgcrypt vulnerabilities [01:43]
2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Hirsute (21.04)
Side-channel attacks against the various ElGamal implementations in
OpenPGP - https://eprint.iacr.org/2021/923 - researchers from IBM
Research Europe
Patent free public key encryption scheme - popular in OpenPGP - 1 in 6
registered OpenPGP keys have an ElGamal subkey
Various implementations of ElGamal are used in different OpenPGP
implementations - Go stdlib, Crypto++ and gcrypt
libgcrypt has previously had other side-channel vulns found and was used
in the development of FLUSH+RELOAD attack against GnuPG
This attack exploits the different configurations used in the various
implementations to use timing differences to be able to recover plaintext
Fixed to remove support for smaller key lengths and add exponent blinding
(combining the exponent with randomness to avoid it being inferred by
timing analysis)
[USN-5071-2] Linux kernel (HWE) vulnerabilities [04:11]
5 CVEs addressed in Bionic (18.04 LTS)
CVE-2021-3612
CVE-2021-22543
CVE-2020-36311
CVE-2021-3653
CVE-2021-3656
AMD nested virtualisation vulns (Episode 130, Episode 131)
2 other KVM vulns - UAF
OOB write in joystick subsystem via a malicious ioctl()
requires a joystick device to be present
snaps joystick interface is not auto-connected by default
[USN-5071-3] Linux kernel (Raspberry Pi) vulnerabilities
2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-5082-1] Linux kernel (OEM) vulnerabilities
3 CVEs addressed in Focal (20.04 LTS)
CVE-2021-3609
CVE-2021-3653
CVE-2021-3656
CAN BCM UAF (Episode 121), AMD nested virtualisation
[USN-5073-2] Linux kernel (GCP) vulnerabilities
5 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
CVE-2021-38160
CVE-2021-3612
CVE-2021-34693
CVE-2021-3653
CVE-2021-3656
[USN-5073-3] Linux kernel (Raspberry Pi) vulnerabilities
3 CVEs addressed in Bionic (18.04 LTS)
CVE-2021-38160
CVE-2021-3612
CVE-2021-34693
[USN-5079-3] curl vulnerabilities [06:34]
3 CVEs addressed in Bionic (18.04 LTS)
CVE-2021-22947
CVE-2021-22946
CVE-2021-22945
[USN-5081-1] Qt vulnerabilities [06:49]
2 CVEs addressed in Bionic (18.04 LTS)
2 issues in graphics / image handling
crafted XBM trigger OOB read -> crash
OOB write when rendering SVG or other crafted vector content
[USN-5083-1] Python vulnerabilities [07:22]
2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
ReDOS - a malicious HTTP server which would send a crafted response for
BasicAuth which would cause high CPU usage in trying to match the header
value via a regex - fixed to use a simpler regex
Malicious server could cause a client to hang even if the client had set
a timeout - server sends a ‘100 Continue’ response and the client would
sit there waiting to receive more input which would never arrive (since
server is malicious)
[USN-5084-1] LibTIFF vulnerability [08:32]
1 CVEs addressed in Focal (20.04 LTS)
Buffer overflow via crafted TIFF file
[USN-5079-4] curl regression [08:42]
2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
Mistake in backporting patch would cause STARTTLS to fail when used for
SMTP only - thanks for tuaris for metioning this on
https://ubuntuforums.org/showthread.php?t=2467177 but next time please
file a LP bug directly as you will get our attention much faster (and
more reliably)
Goings on in Ubuntu Security Community
Authenticated boot and disk encryption on Linux [09:28]
http://0pointer.net/blog/authenticated-boot-and-disk-encryption-on-linux.html
systemd focused review of existing FDE in general purpose Linux distros
with pointers to proposed mechanisms to implement authenticated FDE etc
Laments lack of authenticated initrd, use of TPMs etc
Proposal is quite different than traditional distros - immutable,
authenticated /usr, encrypted, authenticated /etc, /var and per-user
/home/user encryption using their own login password
UC20 already does TPM backed FDE with authentication
Ubuntu 14.04 and 16.04 ESM extended [14:16]
https://ubuntu.com/blog/ubuntu-14-04-and-16-04-lifecycle-extended-to-ten-years
Total of 10 years of support (5 LTS, 5 ESM)
RELEASE
RELEASE DATE
END OF LIFE*
Ubuntu 14.04 (Trusty Tahr)
April 2014
April 2024(from April 2022)
Ubuntu 16.04 (Xenial Xerus)
April 2016
April 2026(from April 2024)
Ubuntu 18.04 (Bionic Beaver)
April 2018
April 2028(unchanged)
Ubuntu 20.04 (Focal Fossa)
April 2020
April 2030(unchanged)
Use extra time to plan upgrades
Hiring [15:48]
Linux Cryptography and Security Engineer
https://canonical.com/careers/2612092/linux-cryptography-and-security-engineer-remote
Security Engineer - Ubuntu
https://canonical.com/careers/2925180/security-engineer-ubuntu-remote
Security Product Manager
https://canonical.com/careers/2278145/security-product-manager-remote
Get in contact
[email protected]
#ubuntu-security on the Libera.Chat IRC network
ubuntu-hardened mailing list
Security section on discourse.ubuntu.com
@ubuntu_sec on twitter