[월:] 2017년 04월

USN-3264-2: Linux kernel (Trusty HWE) vulnerability Ubuntu Security Notice USN-3264-2 24th April, 2017 linux-lts-trusty vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary The system could be made to crash under certain conditions. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise Details USN-3264-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu12.04 LTS. Alexander Popov discovered that a race condition existed in the StreamControl Transmission Protocol (SCTP) implementation in the Linux kernel. Alocal attacker could use this to cause a denial of service (system crash). Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-3.13.0-117-generic 3.13.0-117.164~precise1 linux-image-3.13.0-117-generic-lpae 3.13.0-117.164~precise1 linux-image-generic-lpae-lts-trusty 3.13.0.117.108 linux-image-generic-lts-trusty [ more… ]

USN-3265-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3265-1 24th April, 2017 linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gke – Linux kernel for Google Container Engine (GKE) systems linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon Processors Details It was discovered that a use-after-free flaw existed in the filesystemencryption subsystem in the Linux kernel. A local attacker could use thisto cause a denial of service (system crash). (CVE-2017-7374) Andrey Konovalov discovered an out-of-bounds access in the IPv6 GenericRouting Encapsulation (GRE) tunneling implementation in the Linux kernel.An attacker could use this to possibly expose sensitive information.(CVE-2017-5897) Andrey [ more… ]

USN-3265-2: Linux kernel (Xenial HWE) vulnerabilities Ubuntu Security Notice USN-3265-2 24th April, 2017 linux-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3265-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu14.04 LTS. It was discovered that a use-after-free flaw existed in the filesystemencryption subsystem in the Linux kernel. A local attacker could use thisto cause a denial of service (system crash). (CVE-2017-7374) Andrey Konovalov discovered an out-of-bounds access in the IPv6 GenericRouting Encapsulation (GRE) tunneling implementation in the Linux kernel.An attacker could use this to possibly expose sensitive information.(CVE-2017-5897) Andrey Konovalov discovered [ more… ]

USN-3266-1: Linux kernel vulnerability Ubuntu Security Notice USN-3266-1 24th April, 2017 linux, linux-raspi2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Summary The system could be made to crash under certain conditions. Software description linux – Linux kernel linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Alexander Popov discovered that a race condition existed in the StreamControl Transmission Protocol (SCTP) implementation in the Linux kernel. Alocal attacker could use this to cause a denial of service (system crash). Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: linux-image-powerpc-smp 4.8.0.49.61 linux-image-powerpc-e500mc 4.8.0.49.61 linux-image-4.8.0-49-generic-lpae 4.8.0-49.52 linux-image-4.8.0-1035-raspi2 4.8.0-1035.38 linux-image-generic-lpae 4.8.0.49.61 linux-image-4.8.0-49-lowlatency 4.8.0-49.52 linux-image-4.8.0-49-powerpc-smp 4.8.0-49.52 linux-image-4.8.0-49-powerpc-e500mc 4.8.0-49.52 linux-image-generic 4.8.0.49.61 linux-image-4.8.0-49-generic 4.8.0-49.52 linux-image-lowlatency 4.8.0.49.61 linux-image-raspi2 4.8.0.1035.39 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system [ more… ]

USN-3266-2: Linux kernel (HWE) vulnerability Ubuntu Security Notice USN-3266-2 24th April, 2017 linux-hwe vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary The system could be made to crash under certain conditions. Software description linux-hwe – Linux hardware enablement (HWE) kernel Details USN-3266-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10.This update provides the corresponding updates for the Linux HardwareEnablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. Alexander Popov discovered that a race condition existed in the StreamControl Transmission Protocol (SCTP) implementation in the Linux kernel. Alocal attacker could use this to cause a denial of service (system crash). Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: linux-image-4.8.0-49-generic 4.8.0-49.52~16.04.1 linux-image-lowlatency-hwe-16.04 4.8.0.49.21 linux-image-generic-hwe-16.04 4.8.0.49.21 linux-image-4.8.0-49-lowlatency 4.8.0-49.52~16.04.1 linux-image-4.8.0-49-generic-lpae 4.8.0-49.52~16.04.1 linux-image-generic-lpae-hwe-16.04 4.8.0.49.21 [ more… ]