[월:] 2016년 02월

USN-2908-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-2908-1 22nd February, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,incorrectly propagated file attributes, including setuid. A localunprivileged attacker could use this to gain privileges. (CVE-2016-1576) halfdog discovered that OverlayFS in the Linux kernel incorrectlypropagated security sensitive extended attributes, such as POSIX ACLs. Alocal unprivileged attacker could use this to gain privileges.(CVE-2016-1575) It was discovered that the Linux kernel did not properly enforce rlimitsfor file descriptors sent over UNIX domain sockets. A local attacker coulduse this to cause a denial of service. (CVE-2013-4312) It was discovered that the Linux kernel's Filesystem in Userspace (FUSE)implementation did not handle [ more… ]

USN-2906-1: GNU cpio vulnerabilities Ubuntu Security Notice USN-2906-1 22nd February, 2016 cpio vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in GNU cpio. Software description cpio – a tool to manage archives of files Details Alexander Cherepanov discovered that GNU cpio incorrectly handled symboliclinks when used with the –no-absolute-filenames option. If a user orautomated system were tricked into extracting a specially-crafted cpioarchive, a remote attacker could possibly use this issue to write arbitraryfiles. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.(CVE-2015-1197) Gustavo Grieco discovered that GNU cpio incorrectly handled memory whenextracting archive files. If a user or automated system were tricked intoextracting a specially-crafted cpio archive, a remote attacker could usethis issue to cause GNU cpio to crash, resulting [ more… ]