[월:] 2016년 05월

USN-2976-1: Linux kernel (Utopic HWE) vulnerability Ubuntu Security Notice USN-2976-1 16th May, 2016 linux-lts-utopic vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary The system could be made to crash or run programs as an administrator. Software description linux-lts-utopic – Linux hardware enablement kernel from Utopic for Trusty Details Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder didnot properly process certificate files with tags of indefinite length. Alocal unprivileged attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code with administrativeprivileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: linux-image-3.16.0-71-powerpc-smp 3.16.0-71.92~14.04.1 linux-image-3.16.0-71-generic-lpae 3.16.0-71.92~14.04.1 linux-image-3.16.0-71-powerpc-e500mc 3.16.0-71.92~14.04.1 linux-image-3.16.0-71-lowlatency 3.16.0-71.92~14.04.1 linux-image-3.16.0-71-powerpc64-emb 3.16.0-71.92~14.04.1 linux-image-3.16.0-71-powerpc64-smp 3.16.0-71.92~14.04.1 linux-image-3.16.0-71-generic 3.16.0-71.92~14.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a [ more… ]

USN-2977-1: Linux kernel (Vivid HWE) vulnerability Ubuntu Security Notice USN-2977-1 16th May, 2016 linux-lts-vivid vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary The system could be made to crash or run programs as an administrator. Software description linux-lts-vivid – Linux hardware enablement kernel from Vivid for Trusty Details Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder didnot properly process certificate files with tags of indefinite length. Alocal unprivileged attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code with administrativeprivileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: linux-image-3.19.0-59-powerpc64-smp 3.19.0-59.66~14.04.1 linux-image-3.19.0-59-lowlatency 3.19.0-59.66~14.04.1 linux-image-3.19.0-59-powerpc64-emb 3.19.0-59.66~14.04.1 linux-image-3.19.0-59-powerpc-smp 3.19.0-59.66~14.04.1 linux-image-3.19.0-59-powerpc-e500mc 3.19.0-59.66~14.04.1 linux-image-3.19.0-59-generic-lpae 3.19.0-59.66~14.04.1 linux-image-3.19.0-59-generic 3.19.0-59.66~14.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a [ more… ]

USN-2978-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-2978-1 16th May, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details David Matlack discovered that the Kernel-based Virtual Machine (KVM)implementation in the Linux kernel did not properly restrict variableMemory Type Range Registers (MTRR) in KVM guests. A privileged user in aguest VM could use this to cause a denial of service (system crash) in thehost, expose sensitive information from the host, or possibly gainadministrative privileges in the host. (CVE-2016-3713) Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder didnot properly process certificate files with tags of indefinite length. Alocal unprivileged attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code with administrativeprivileges. [ more… ]

USN-2978-2: Linux kernel (Wily HWE) vulnerabilities Ubuntu Security Notice USN-2978-2 16th May, 2016 linux-lts-wily vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-wily – Linux hardware enablement kernel from Wily for Trusty Details USN-2978-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10.This update provides the corresponding updates for the Linux HardwareEnablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. David Matlack discovered that the Kernel-based Virtual Machine (KVM)implementation in the Linux kernel did not properly restrict variableMemory Type Range Registers (MTRR) in KVM guests. A privileged user in aguest VM could use this to cause a denial of service (system crash) in thehost, expose sensitive information from the host, or possibly gainadministrative privileges in the host. (CVE-2016-3713) Philip Pettersson discovered [ more… ]

USN-2978-3: Linux kernel (Raspberry Pi 2) vulnerability Ubuntu Security Notice USN-2978-3 16th May, 2016 linux-raspi2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Summary The system could be made to crash or run programs as an administrator. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder didnot properly process certificate files with tags of indefinite length. Alocal unprivileged attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code with administrativeprivileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: linux-image-4.2.0-1029-raspi2 4.2.0-1029.38 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. ATTENTION: [ more… ]