[월:] 2017년 09월

USN-3422-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3422-1 18th September, 2017 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel Details It was discovered that a buffer overflow existed in the Bluetooth stack ofthe Linux kernel when handling L2CAP configuration responses. A physicallyproximate attacker could use this to cause a denial of service (systemcrash). (CVE-2017-1000251) It was discovered that the asynchronous I/O (aio) subsystem of the Linuxkernel did not properly set permissions on aio memory mappings in somesituations. An attacker could use this to more easily exploit othervulnerabilities. (CVE-2016-10044) Baozeng Ding and Andrey Konovalov discovered a race condition in the L2TPv3IP Encapsulation implementation in the Linux kernel. A local attacker coulduse this to cause a denial of [ more… ]

USN-3420-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3420-1 18th September, 2017 linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gke – Linux kernel for Google Container Engine (GKE) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors Details It was discovered that a buffer overflow existed in the Bluetooth stack ofthe Linux kernel when handling L2CAP configuration responses. A physicallyproximate attacker could use this to cause a denial of service (systemcrash). (CVE-2017-1000251) It was discovered that the Flash-Friendly File System (f2fs) implementationin the Linux kernel did not [ more… ]

USN-3419-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3419-1 18th September, 2017 linux, linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-raspi2 – Linux kernel for Raspberry Pi 2 Details It was discovered that a buffer overflow existed in the Bluetooth stack ofthe Linux kernel when handling L2CAP configuration responses. A physicallyproximate attacker could use this to cause a denial of service (systemcrash). (CVE-2017-1000251) It was discovered that a buffer overflow existed in the Broadcom FullMACWLAN driver in the Linux kernel. A local attacker could use this to cause adenial of service (system crash) or possibly execute arbitrary code.(CVE-2017-7541) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: linux-image-generic [ more… ]

USN-3419-2: Linux kernel (HWE) vulnerabilities Ubuntu Security Notice USN-3419-2 18th September, 2017 linux-hwe vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-hwe – Linux hardware enablement (HWE) kernel Details USN-3419-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu16.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack ofthe Linux kernel when handling L2CAP configuration responses. A physicallyproximate attacker could use this to cause a denial of service (systemcrash). (CVE-2017-1000251) It was discovered that a buffer overflow existed in the Broadcom FullMACWLAN driver in the Linux kernel. A local attacker could use this to cause adenial of service (system crash) or [ more… ]