[월:] 2017년 02월

USN-3206-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3206-1 21st February, 2017 linux, linux-ti-omap4 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel linux-ti-omap4 – Linux kernel for OMAP4 Details It was discovered that a use-after-free vulnerability existed in the blockdevice layer of the Linux kernel. A local attacker could use this to causea denial of service (system crash) or possibly gain administrativeprivileges. (CVE-2016-7910) Dmitry Vyukov discovered a use-after-free vulnerability in thesys_ioprio_get() function in the Linux kernel. A local attacker coulduse this to cause a denial of service (system crash) or possibly gainadministrative privileges. (CVE-2016-7911) Andrey Konovalov discovered a use-after-free vulnerability in the DCCPimplementation in the Linux kernel. A local attacker could use this tocause a denial of service (system [ more… ]

USN-3207-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3207-1 21st February, 2017 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details It was discovered that a use-after-free vulnerability existed in the blockdevice layer of the Linux kernel. A local attacker could use this to causea denial of service (system crash) or possibly gain administrativeprivileges. (CVE-2016-7910) Dmitry Vyukov discovered a use-after-free vulnerability in thesys_ioprio_get() function in the Linux kernel. A local attacker could usethis to cause a denial of service (system crash) or possibly gainadministrative privileges. (CVE-2016-7911) Andrey Konovalov discovered a use-after-free vulnerability in the DCCPimplementation in the Linux kernel. A local attacker could use this tocause a denial of service (system crash) or possibly gain administrativeprivileges. (CVE-2017-6074) Update [ more… ]

USN-3207-2: Linux kernel (Trusty HWE) vulnerabilities Ubuntu Security Notice USN-3207-2 21st February, 2017 linux-lts-trusty vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise Details USN-3207-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu12.04 LTS. It was discovered that a use-after-free vulnerability existed in the blockdevice layer of the Linux kernel. A local attacker could use this to causea denial of service (system crash) or possibly gain administrativeprivileges. (CVE-2016-7910) Dmitry Vyukov discovered a use-after-free vulnerability in thesys_ioprio_get() function in the Linux kernel. A local attacker could usethis to cause a denial of service (system crash) [ more… ]

USN-3208-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3208-1 22nd February, 2017 linux, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel linux-snapdragon – Linux kernel for Snapdragon Processors Details It was discovered that the generic SCSI block layer in the Linux kernel didnot properly restrict write operations in certain situations. A localattacker could use this to cause a denial of service (system crash) orpossibly gain administrative privileges. (CVE-2016-10088) CAI Qian discovered that the sysctl implementation in the Linux kernel didnot properly perform reference counting in some situations. An unprivilegedattacker could use this to cause a denial of service (system hang).(CVE-2016-9191) Jim Mattson discovered that the KVM implementation in the Linux kernelmismanages the #BP and #OF exceptions. A local [ more… ]

USN-3208-2: Linux kernel (Xenial HWE) vulnerabilities Ubuntu Security Notice USN-3208-2 22nd February, 2017 linux-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3208-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu14.04 LTS. It was discovered that the generic SCSI block layer in the Linux kernel didnot properly restrict write operations in certain situations. A localattacker could use this to cause a denial of service (system crash) orpossibly gain administrative privileges. (CVE-2016-10088) CAI Qian discovered that the sysctl implementation in the Linux kernel didnot properly perform reference counting in some situations. An unprivilegedattacker [ more… ]