[월:] 2019년 06월

USN-4007-1: Linux kernel vulnerability linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary A system hardening measure could be bypassed. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-kvm – Linux kernel for cloud environments linux-meta linux-oem – Linux kernel for OEM processors linux-oracle – Linux kernel for Oracle Cloud systems linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors Details Federico Manuel Bento discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid a.out binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in [ more… ]

USN-4005-1: Linux kernel vulnerabilities linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors Details It was discovered that a null pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810) It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the [ more… ]

USN-4006-1: Linux kernel vulnerability linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Summary A system hardening measure could be bypassed. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Federico Manuel Bento discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid a.out binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid a.out binary. As a hardening measure, this update disables a.out support. Update instructions The problem can be corrected by updating your system to the following [ more… ]