[월:] 2017년 08월

USN-3381-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3381-1 7th August, 2017 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel Details Peter Pi discovered that the colormap handling for frame buffer devices inthe Linux kernel contained an integer overflow. A local attacker could usethis to disclose sensitive information (kernel memory). (CVE-2016-8405) It was discovered that the Linux kernel did not properly restrictRLIMIT_STACK size. A local attacker could use this in conjunction withanother vulnerability to possibly execute arbitrary code.(CVE-2017-1000365) It was discovered that SELinux in the Linux kernel did not properly handleempty writes to /proc/pid/attr. A local attacker could use this to cause adenial of service (system crash). (CVE-2017-2618) 石磊 discovered that the RxRPC Kerberos 5 ticket handling [ more… ]

USN-3381-2: Linux kernel (Trusty HWE) vulnerabilities Ubuntu Security Notice USN-3381-2 7th August, 2017 linux-lts-trusty vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise ESM Details USN-3381-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu12.04 ESM. Peter Pi discovered that the colormap handling for frame buffer devices inthe Linux kernel contained an integer overflow. A local attacker could usethis to disclose sensitive information (kernel memory). (CVE-2016-8405) It was discovered that the Linux kernel did not properly restrictRLIMIT_STACK size. A local attacker could use this in conjunction withanother vulnerability to possibly execute arbitrary code.(CVE-2017-1000365) It [ more… ]

USN-3380-1: FreeRDP vulnerabilities Ubuntu Security Notice USN-3380-1 7th August, 2017 freerdp vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in FreeRDP. Software description freerdp – RDP client for Windows Terminal Services Details It was discovered that FreeRDP incorrectly handled certain width and heightvalues. A malicious server could use this issue to cause FreeRDP to crash,resulting in a denial of service, or possibly execute arbitrary code. Thisissue only applied to Ubuntu 14.04 LTS. (CVE-2014-0250) It was discovered that FreeRDP incorrectly handled certain values in aScope List. A malicious server could use this issue to cause FreeRDP tocrash, resulting in a denial of service, or possibly execute arbitrarycode. (CVE-2014-0791) Tyler Bohan discovered that FreeRDP incorrectly handled certain lengthvalues. A malicious server could use this [ more… ]