[월:] 2017년 05월

USN-3291-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3291-1 16th May, 2017 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linuxkernel contained a stack-based buffer overflow. A local attacker withaccess to an sg device could use this to cause a denial of service (systemcrash) or possibly execute arbitrary code. (CVE-2017-7187) It was discovered that a NULL pointer dereference existed in the DirectRendering Manager (DRM) driver for VMWare devices in the Linux kernel. Alocal attacker could use this to cause a denial of service (system crash).(CVE-2017-7261) Li Qiang discovered that an integer overflow vulnerability existed in theDirect Rendering Manager (DRM) driver for VMWare devices in the Linuxkernel. [ more… ]

USN-3292-1: Linux kernel vulnerability Ubuntu Security Notice USN-3292-1 16th May, 2017 linux, linux-raspi2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Summary The system could be made to crash or run programs as an administrator. Software description linux – Linux kernel linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Jason Donenfeld discovered a heap overflow in the MACsec module in theLinux kernel. An attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: linux-image-powerpc-smp 4.8.0.52.64 linux-image-powerpc-e500mc 4.8.0.52.64 linux-image-4.8.0-52-lowlatency 4.8.0-52.55 linux-image-generic-lpae 4.8.0.52.64 linux-image-4.8.0-52-generic 4.8.0-52.55 linux-image-4.8.0-52-generic-lpae 4.8.0-52.55 linux-image-4.8.0-52-powerpc64-emb 4.8.0-52.55 linux-image-generic 4.8.0.52.64 linux-image-4.8.0-52-powerpc-e500mc 4.8.0-52.55 linux-image-4.8.0-1036-raspi2 4.8.0-1036.39 linux-image-lowlatency 4.8.0.52.64 linux-image-powerpc64-emb 4.8.0.52.64 linux-image-raspi2 4.8.0.1036.40 linux-image-4.8.0-52-powerpc-smp 4.8.0-52.55 To update your system, please follow these instructions: [ more… ]

USN-3292-2: Linux kernel (HWE) vulnerability Ubuntu Security Notice USN-3292-2 16th May, 2017 linux-hwe vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary The system could be made to crash or run programs as an administrator. Software description linux-hwe – Linux hardware enablement (HWE) kernel Details USN-3292-1 fixed a vulnerability in the Linux kernel for Ubuntu 16.10.This update provides the corresponding updates for the Linux HardwareEnablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. Jason Donenfeld discovered a heap overflow in the MACsec module in theLinux kernel. An attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: linux-image-4.8.0-52-lowlatency 4.8.0-52.55~16.04.1 linux-image-generic-hwe-16.04 4.8.0.52.23 linux-image-4.8.0-52-generic-lpae 4.8.0-52.55~16.04.1 linux-image-lowlatency-hwe-16.04 4.8.0.52.23 linux-image-4.8.0-52-generic 4.8.0-52.55~16.04.1 [ more… ]

USN-3293-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3293-1 16th May, 2017 linux, linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Dmitry Vyukov discovered that KVM implementation in the Linux kernelimproperly emulated the VMXON instruction. A local attacker in a guest OScould use this to cause a denial of service (memory consumption) in thehost OS. (CVE-2017-2596) Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linuxkernel contained a stack-based buffer overflow. A local attacker withaccess to an sg device could use this to cause a denial of service (systemcrash) or possibly execute arbitrary code. (CVE-2017-7187) It was discovered that a NULL pointer dereference existed in the DirectRendering Manager [ more… ]

USN-3276-2: shadow regression Ubuntu Security Notice USN-3276-2 16th May, 2017 shadow regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3276-1 introduced a regression in su. Software description shadow – system login tools Details USN-3276-1 intended to fix a vulnerability in su. The solution introduceda regression in su signal handling. This update modifies the security fix.We apologize for the inconvenience. Original advisory details: Sebastian Krahmer discovered integer overflows in shadow utilities. A local attacker could possibly cause them to crash or potentially gain privileges via crafted input. (CVE-2016-6252) Tobias Stöckmann discovered a race condition in su. A local attacker could cause su to send SIGKILL to other processes with root privileges. (CVE-2017-2616) Update instructions The problem can be corrected by updating your system to the following [ more… ]