[월:] 2016년 12월

USN-3146-2: Linux kernel (Xenial HWE) vulnerabilities Ubuntu Security Notice USN-3146-2 30th November, 2016 linux-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3146-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu14.04 LTS. It was discovered that the __get_user_asm_ex implementation in the Linuxkernel for x86/x86_64 contained extended asm statements that wereincompatible with the exception table. A local attacker could use this togain administrative privileges. (CVE-2016-9644) Andreas Gruenbacher and Jan Kara discovered that the filesystemimplementation in the Linux kernel did not clear the setgid bit during asetxattr call. A local attacker could use this [ more… ]

USN-3147-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3147-1 30th November, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Andreas Gruenbacher and Jan Kara discovered that the filesystemimplementation in the Linux kernel did not clear the setgid bit during asetxattr call. A local attacker could use this to possibly elevate groupprivileges. (CVE-2016-7097) Marco Grassi discovered that the driver for Areca RAID Controllers in theLinux kernel did not properly validate control messages. A local attackercould use this to cause a denial of service (system crash) or possibly gainprivileges. (CVE-2016-7425) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: linux-image-powerpc-smp 4.8.0.28.37 linux-image-powerpc-e500mc 4.8.0.28.37 linux-image-generic 4.8.0.28.37 linux-image-4.8.0-28-lowlatency 4.8.0-28.30 linux-image-lowlatency 4.8.0.28.37 linux-image-4.8.0-28-generic [ more… ]

USN-3142-1: ImageMagick vulnerabilities Ubuntu Security Notice USN-3142-1 30th November, 2016 imagemagick vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in ImageMagick. Software description imagemagick – Image manipulation programs and library Details It was discovered that ImageMagick incorrectly handled certain malformedimage files. If a user or automated system using ImageMagick were trickedinto opening a specially crafted image, an attacker could exploit this tocause a denial of service or possibly execute code with the privileges ofthe user invoking the program. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu8.2 libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu8.2 imagemagick 8:6.8.9.9-7ubuntu8.2 imagemagick-6.q16 8:6.8.9.9-7ubuntu8.2 libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu8.2 Ubuntu 16.04 LTS: libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.3 libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu5.3 imagemagick 8:6.8.9.9-7ubuntu5.3 imagemagick-6.q16 8:6.8.9.9-7ubuntu5.3 libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.3 [ more… ]

USN-3143-1: c-ares vulnerability Ubuntu Security Notice USN-3143-1 30th November, 2016 c-ares vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary c-ares could be made to crash or run programs if it processed a specially crafted hostname. Software description c-ares – library for asynchronous name resolves Details Gzob Qq discovered that c-ares incorrectly handled certain hostnames. Aremote attacker could use this issue to cause applications using c-ares tocrash, resulting in a denial of service, or possibly execute arbitrarycode. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libc-ares2 1.11.0-1ubuntu0.1 Ubuntu 16.04 LTS: libc-ares2 1.10.0-3ubuntu0.1 Ubuntu 14.04 LTS: libc-ares2 1.10.0-2ubuntu0.1 Ubuntu 12.04 LTS: libc-ares2 1.7.5-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard [ more… ]