[월:] 2015년 12월

Ubuntu Security Notice USN-2845-1 17th December, 2015 sosreport vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Summary sosreport could be made to expose sensitive information or overwrite files as the administrator. Software description sosreport – Set of tools to gather troubleshooting data from a system Details Dolev Farhi discovered an information disclosure issue in SoS. If the/etc/fstab file contained passwords, the passwords were included in theSoS report. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-3925) Mateusz Guzik discovered that SoS incorrectly handled temporary files. Alocal attacker could possibly use this issue to overwrite arbitrary filesor gain access to temporary file contents containing sensitive systeminformation. (CVE-2015-7529) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: sosreport 3.2-2ubuntu1.1 Ubuntu 15.04: sosreport 3.2-2ubuntu0.1 [ more… ]

Ubuntu Security Notice USN-2843-2 17th December, 2015 linux-lts-wily vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-wily – Linux hardware enablement kernel from Wily Details Jan Beulich discovered that the KVM svm hypervisor implementation in theLinux kernel did not properly catch Debug exceptions on AMD processors. Anattacker in a guest virtual machine could use this to cause a denial ofservice (system crash) in the host OS. (CVE-2015-8104) 郭永刚 discovered that the ppp implementation in the Linux kernel didnot ensure that certain slot numbers are valid. A local attacker with theprivilege to call ioctl() on /dev/ppp could cause a denial of service(system crash). (CVE-2015-7799) Dmitry Vyukov discovered that the Linux kernel's keyring handler attemptedto garbage collect incompletely instantiated keys. A local unprivilegedattacker could [ more… ]

Ubuntu Security Notice USN-2843-3 17th December, 2015 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Summary Several security issues were fixed in the kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details 郭永刚 discovered that the ppp implementation in the Linux kernel didnot ensure that certain slot numbers are valid. A local attacker with theprivilege to call ioctl() on /dev/ppp could cause a denial of service(system crash). (CVE-2015-7799) Dmitry Vyukov discovered that the Linux kernel's keyring handler attemptedto garbage collect incompletely instantiated keys. A local unprivilegedattacker could use this to cause a denial of service (system crash).(CVE-2015-7872) It was discovered that the virtual video osd test driver in the Linuxkernel did not properly initialize data structures. A local attacker coulduse this to obtain sensitive information from the kernel. (CVE-2015-7884) It [ more… ]