[월:] 2015년 12월

Ubuntu Security Notice USN-2851-1 19th December, 2015 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Felix Wilhelm discovered a race condition in the Xen paravirtualizeddrivers which can cause double fetch vulnerabilities. An attacker in theparavirtualized guest could exploit this flaw to cause a denial of service(crash the host) or potentially execute arbitrary code on the host.(CVE-2015-8550) Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does notperform sanity checks on the device's state. An attacker could exploit thisflaw to cause a denial of service (NULL dereference) on the host.(CVE-2015-8551) Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does notperform sanity checks on the device's state. An attacker could exploit thisflaw to cause a denial of service [ more… ]

Ubuntu Security Notice USN-2852-1 19th December, 2015 linux-raspi2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Summary The system could be made to provide access outside of namespace sandbox. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Jann Horn discovered a ptrace issue with user namespaces in the Linuxkernel. The namespace owner could potentially exploit this flaw by ptracinga root owned process entering the user namespace to elevate its privilegesand potentially gain access outside of the namespace.(http://bugs.launchpad.net/bugs/1527374) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: linux-image-4.2.0-1017-raspi2 4.2.0-1017.24 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel [ more… ]