[월:] 2016년 12월

USN-3144-1: Linux kernel vulnerability Ubuntu Security Notice USN-3144-1 30th November, 2016 linux vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary The system could be made to crash under certain conditions. Software description linux – Linux kernel Details Marco Grassi discovered that the driver for Areca RAID Controllers in theLinux kernel did not properly validate control messages. A local attackercould use this to cause a denial of service (system crash) or possibly gainprivileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-powerpc-smp 3.2.0.116.132 linux-image-3.2.0-116-generic 3.2.0-116.158 linux-image-3.2.0-116-virtual 3.2.0-116.158 linux-image-3.2.0-116-generic-pae 3.2.0-116.158 linux-image-generic 3.2.0.116.132 linux-image-generic-pae 3.2.0.116.132 linux-image-highbank 3.2.0.116.132 linux-image-3.2.0-116-powerpc64-smp 3.2.0-116.158 linux-image-virtual 3.2.0.116.132 linux-image-powerpc64-smp 3.2.0.116.132 linux-image-3.2.0-116-highbank 3.2.0-116.158 linux-image-3.2.0-116-omap 3.2.0-116.158 linux-image-3.2.0-116-powerpc-smp 3.2.0-116.158 linux-image-omap 3.2.0.116.132 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system [ more… ]

USN-3144-2: Linux kernel (OMAP4) vulnerability Ubuntu Security Notice USN-3144-2 30th November, 2016 linux-ti-omap4 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary The system could be made to crash under certain conditions. Software description linux-ti-omap4 – Linux kernel for OMAP4 Details Marco Grassi discovered that the driver for Areca RAID Controllers in theLinux kernel did not properly validate control messages. A local attackercould use this to cause a denial of service (system crash) or possibly gainprivileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-omap4 3.2.0.1494.89 linux-image-3.2.0-1494-omap4 3.2.0-1494.121 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel [ more… ]

USN-3145-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3145-1 30th November, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Marco Grassi discovered that the driver for Areca RAID Controllers in theLinux kernel did not properly validate control messages. A local attackercould use this to cause a denial of service (system crash) or possibly gainprivileges. (CVE-2016-7425) Daxing Guo discovered a stack-based buffer overflow in the BroadcomIEEE802.11n FullMAC driver in the Linux kernel. A local attacker could usethis to cause a denial of service (system crash) or possibly gainprivileges. (CVE-2016-8658) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: linux-image-powerpc-smp 3.13.0.103.111 linux-image-powerpc-e500mc 3.13.0.103.111 linux-image-3.13.0-103-powerpc-e500 3.13.0-103.150 linux-image-3.13.0-103-generic 3.13.0-103.150 linux-image-generic [ more… ]

USN-3145-2: Linux kernel (Trusty HWE) vulnerabilities Ubuntu Security Notice USN-3145-2 30th November, 2016 linux-lts-trusty vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise Details USN-3145-1 fixed vulnerabilities in the Linux kernel for Ubuntu14.04 LTS. This update provides the corresponding updates for theLinux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS forUbuntu 12.04 LTS. Marco Grassi discovered that the driver for Areca RAID Controllers in theLinux kernel did not properly validate control messages. A local attackercould use this to cause a denial of service (system crash) or possibly gainprivileges. (CVE-2016-7425) Daxing Guo discovered a stack-based buffer overflow in the BroadcomIEEE802.11n FullMAC driver in the Linux kernel. A local attacker could usethis to cause a [ more… ]

USN-3146-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3146-1 30th November, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details It was discovered that the __get_user_asm_ex implementation in the Linuxkernel for x86/x86_64 contained extended asm statements that wereincompatible with the exception table. A local attacker could use this togain administrative privileges. (CVE-2016-9644) Andreas Gruenbacher and Jan Kara discovered that the filesystemimplementation in the Linux kernel did not clear the setgid bit during asetxattr call. A local attacker could use this to possibly elevate groupprivileges. (CVE-2016-7097) Marco Grassi discovered that the driver for Areca RAID Controllers in theLinux kernel did not properly validate control messages. A local attackercould use this to cause a denial of service (system crash) [ more… ]