[월:] 2016년 06월

USN-3020-1: Linux kernel (Vivid HWE) vulnerabilities Ubuntu Security Notice USN-3020-1 27th June, 2016 linux-lts-vivid vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-vivid – Linux hardware enablement kernel from Vivid for Trusty Details Jesse Hertz and Tim Newsham discovered that the Linux netfilterimplementation did not correctly perform validation when handling 32 bitcompatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A localunprivileged attacker could use this to cause a denial of service (systemcrash) or execute arbitrary code with administrative privileges.(CVE-2016-4997) Kangjie Lu discovered an information leak in the core USB implementation inthe Linux kernel. A local attacker could use this to obtain potentiallysensitive information from kernel memory. (CVE-2016-4482) Kangjie Lu discovered an information leak in the timer handlingimplementation in the Advanced Linux Sound Architecture [ more… ]

USN-3017-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3017-1 27th June, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Jesse Hertz and Tim Newsham discovered that the Linux netfilterimplementation did not correctly perform validation when handling 32 bitcompatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A localunprivileged attacker could use this to cause a denial of service (systemcrash) or execute arbitrary code with administrative privileges.(CVE-2016-4997) Kangjie Lu discovered an information leak in the core USB implementation inthe Linux kernel. A local attacker could use this to obtain potentiallysensitive information from kernel memory. (CVE-2016-4482) Kangjie Lu discovered an information leak in the timer handlingimplementation in the Advanced Linux Sound Architecture (ALSA) subsystem ofthe Linux kernel. A local attacker could [ more… ]

USN-3017-2: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-3017-2 27th June, 2016 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Summary Several security issues were fixed in the kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Jesse Hertz and Tim Newsham discovered that the Linux netfilterimplementation did not correctly perform validation when handling 32 bitcompatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A localunprivileged attacker could use this to cause a denial of service (systemcrash) or execute arbitrary code with administrative privileges.(CVE-2016-4997) Kangjie Lu discovered an information leak in the core USB implementation inthe Linux kernel. A local attacker could use this to obtain potentiallysensitive information from kernel memory. (CVE-2016-4482) Kangjie Lu discovered an information leak in the timer handlingimplementation in the Advanced Linux Sound Architecture (ALSA) subsystem [ more… ]

USN-3017-3: Linux kernel (Wily HWE) vulnerabilities Ubuntu Security Notice USN-3017-3 27th June, 2016 linux-lts-wily vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-wily – Linux hardware enablement kernel from Wily for Trusty Details USN-3017-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10.This update provides the corresponding updates for the Linux HardwareEnablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilterimplementation did not correctly perform validation when handling 32 bitcompatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A localunprivileged attacker could use this to cause a denial of service (systemcrash) or execute arbitrary code with administrative privileges.(CVE-2016-4997) Kangjie Lu discovered an information leak in the core USB implementation inthe Linux kernel. A local [ more… ]

USN-3016-4: Linux kernel (Xenial HWE) vulnerabilities Ubuntu Security Notice USN-3016-4 27th June, 2016 linux-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3016-1 fixed vulnerabilities in the Linux kernel for Ubuntu16.04 LTS. This update provides the corresponding updates for theLinux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS forUbuntu 14.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilterimplementation did not correctly perform validation when handling 32 bitcompatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A localunprivileged attacker could use this to cause a denial of service (systemcrash) or execute arbitrary code with administrative privileges.(CVE-2016-4997) Kangjie Lu discovered an information leak in the core USB implementation inthe Linux kernel. A [ more… ]