[월:] 2016년 02월

USN-2907-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-2907-1 22nd February, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,incorrectly propagated file attributes, including setuid. A localunprivileged attacker could use this to gain privileges. (CVE-2016-1576) halfdog discovered that OverlayFS in the Linux kernel incorrectlypropagated security sensitive extended attributes, such asPOSIX ACLs. A local unprivileged attacker could use this to gainprivileges. (CVE-2016-1575) It was discovered that the Linux kernel keyring subsystem contained a racebetween read and revoke operations. A local attacker could use this tocause a denial of service (system crash). (CVE-2015-7550) 郭永刚 discovered that the Linux kernel networking implementation didnot validate protocol identifiers for certain [ more… ]

USN-2907-2: Linux kernel (Trusty HWE) vulnerabilities Ubuntu Security Notice USN-2907-2 22nd February, 2016 linux-lts-trusty vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty Details halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,incorrectly propagated file attributes, including setuid. A localunprivileged attacker could use this to gain privileges. (CVE-2016-1576) halfdog discovered that OverlayFS in the Linux kernel incorrectlypropagated security sensitive extended attributes, such asPOSIX ACLs. A local unprivileged attacker could use this to gainprivileges. (CVE-2016-1575) It was discovered that the Linux kernel keyring subsystem contained a racebetween read and revoke operations. A local attacker could use this tocause a denial of service (system crash). (CVE-2015-7550) 郭永刚 discovered that the Linux kernel networking implementation [ more… ]

USN-2908-3: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-2908-3 22nd February, 2016 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Summary Several security issues were fixed in the kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,incorrectly propagated file attributes, including setuid. A localunprivileged attacker could use this to gain privileges. (CVE-2016-1576) halfdog discovered that OverlayFS in the Linux kernel incorrectlypropagated security sensitive extended attributes, such as POSIX ACLs. Alocal unprivileged attacker could use this to gain privileges.(CVE-2016-1575) It was discovered that the Linux kernel did not properly enforce rlimitsfor file descriptors sent over UNIX domain sockets. A local attacker coulduse this to cause a denial of service. (CVE-2013-4312) It was discovered that the Linux kernel's [ more… ]

USN-2908-2: Linux kernel (Wily HWE) vulnerabilities Ubuntu Security Notice USN-2908-2 22nd February, 2016 linux-lts-wily vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-wily – Linux hardware enablement kernel from Wily Details halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,incorrectly propagated file attributes, including setuid. A localunprivileged attacker could use this to gain privileges. (CVE-2016-1576) halfdog discovered that OverlayFS in the Linux kernel incorrectlypropagated security sensitive extended attributes, such as POSIX ACLs. Alocal unprivileged attacker could use this to gain privileges.(CVE-2016-1575) It was discovered that the Linux kernel did not properly enforce rlimitsfor file descriptors sent over UNIX domain sockets. A local attacker coulduse this to cause a denial of service. (CVE-2013-4312) It was discovered that the Linux kernel's [ more… ]