[월:] 2016년 06월

USN-3002-1: Linux kernel (Wily HWE) vulnerabilities Ubuntu Security Notice USN-3002-1 10th June, 2016 linux-lts-wily vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-wily – Linux hardware enablement kernel from Wily for Trusty Details Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linuxkernel incorrectly enables scatter/gather I/O. A remote attacker could usethis to obtain potentially sensitive information from kernel memory.(CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap()handler of a lower filesystem that did not implement one, causing arecursive page fault to occur. A local unprivileged attacker could use tocause a denial of service (system crash) or possibly execute arbitrary codewith administrative privileges. (CVE-2016-1583) Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USBover wifi device [ more… ]

USN-3003-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3003-1 10th June, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linuxkernel incorrectly enables scatter/gather I/O. A remote attacker could usethis to obtain potentially sensitive information from kernel memory.(CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap()handler of a lower filesystem that did not implement one, causing arecursive page fault to occur. A local unprivileged attacker could use tocause a denial of service (system crash) or possibly execute arbitrary codewith administrative privileges. (CVE-2016-1583) Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USBover wifi device drivers in the Linux kernel. A remote attacker could [ more… ]

USN-3004-1: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-3004-1 10th June, 2016 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Summary Several security issues were fixed in the kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linuxkernel incorrectly enables scatter/gather I/O. A remote attacker could usethis to obtain potentially sensitive information from kernel memory.(CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap()handler of a lower filesystem that did not implement one, causing arecursive page fault to occur. A local unprivileged attacker could use tocause a denial of service (system crash) or possibly execute arbitrary codewith administrative privileges. (CVE-2016-1583) Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USBover wifi device drivers in [ more… ]

USN-2995-1: Squid vulnerabilities Ubuntu Security Notice USN-2995-1 9th June, 2016 squid3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Squid. Software description squid3 – Web proxy cache server Details Yuriy M. Kaminskiy discovered that the Squid pinger utility incorrectlyhandled certain ICMPv6 packets. A remote attacker could use this issue tocause Squid to crash, resulting in a denial of service, or possibly causeSquid to leak information into log files. (CVE-2016-3947) Yuriy M. Kaminskiy discovered that the Squid cachemgr.cgi tool incorrectlyhandled certain crafted data. A remote attacker could use this issue tocause Squid to crash, resulting in a denial of service, or possibly executearbitrary code. (CVE-2016-4051) It was discovered that Squid incorrectly handled certain Edge Side Includes(ESI) responses. A remote [ more… ]

USN-2993-1: Firefox vulnerabilities Ubuntu Security Notice USN-2993-1 9th June, 2016 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software description firefox – Mozilla Open Source web browser Details Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel,Sylvestre Ledru, Julian Seward, Olli Pettay, Karl Tomlinson, ChristophDiehl, Julian Hector, Jan de Mooij, Mats Palmgren, and Tooru Fujisawadiscovered multiple memory safety issues in Firefox. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit these to cause a denial of service via applicationcrash, or execute arbitrary code. (CVE-2016-2815, CVE-2016-2818) A buffer overflow was discovered when parsing HTML5 fragments in somecircumstances. If a [ more… ]