[월:] 2016년 06월

USN-3016-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3016-1 27th June, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Jesse Hertz and Tim Newsham discovered that the Linux netfilterimplementation did not correctly perform validation when handling 32 bitcompatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A localunprivileged attacker could use this to cause a denial of service (systemcrash) or execute arbitrary code with administrative privileges.(CVE-2016-4997) Kangjie Lu discovered an information leak in the core USB implementation inthe Linux kernel. A local attacker could use this to obtain potentiallysensitive information from kernel memory. (CVE-2016-4482) Kangjie Lu discovered an information leak in the timer handlingimplementation in the Advanced Linux Sound Architecture (ALSA) subsystem ofthe Linux kernel. A local attacker [ more… ]

USN-3016-2: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-3016-2 27th June, 2016 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Jesse Hertz and Tim Newsham discovered that the Linux netfilterimplementation did not correctly perform validation when handling 32 bitcompatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A localunprivileged attacker could use this to cause a denial of service (systemcrash) or execute arbitrary code with administrative privileges.(CVE-2016-4997) Kangjie Lu discovered an information leak in the core USB implementation inthe Linux kernel. A local attacker could use this to obtain potentiallysensitive information from kernel memory. (CVE-2016-4482) Kangjie Lu discovered an information leak in the timer handlingimplementation in the Advanced Linux Sound Architecture (ALSA) [ more… ]

USN-3016-3: Linux kernel (Qualcomm Snapdragon) vulnerabilities Ubuntu Security Notice USN-3016-3 27th June, 2016 linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-snapdragon – Linux kernel for Snapdragon Processors Details Jesse Hertz and Tim Newsham discovered that the Linux netfilterimplementation did not correctly perform validation when handling 32 bitcompatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A localunprivileged attacker could use this to cause a denial of service (systemcrash) or execute arbitrary code with administrative privileges.(CVE-2016-4997) Kangjie Lu discovered an information leak in the core USB implementation inthe Linux kernel. A local attacker could use this to obtain potentiallysensitive information from kernel memory. (CVE-2016-4482) Kangjie Lu discovered an information leak in the timer handlingimplementation in the Advanced Linux Sound Architecture (ALSA) subsystem ofthe [ more… ]