[월:] 2019년 12월

USN-4209-1: Linux kernel vulnerabilities linux, linux-aws, linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-kvm – Linux kernel for cloud environments linux-oracle – Linux kernel for Oracle Cloud systems linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-aws-5.0 – Linux kernel for Amazon Web Services (AWS) systems linux-gke-5.0 – Linux kernel for Google Container Engine (GKE) systems linux-hwe – Linux hardware enablement (HWE) kernel linux-oem-osp1 – Linux kernel for OEM processors linux-oracle-5.0 – Linux kernel for Oracle Cloud systems Details Jann Horn discovered that the OverlayFS [ more… ]

USN-4208-1: Linux kernel vulnerabilities linux, linux-aws, linux-gcp, linux-gcp-5.3, linux-kvm, linux-oracle vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-kvm – Linux kernel for cloud environments linux-oracle – Linux kernel for Oracle Cloud systems linux-gcp-5.3 – Linux kernel for Google Cloud Platform (GCP) systems Details Jann Horn discovered that the OverlayFS and ShiftFS Drivers in the Linux kernel did not properly handle reference counting during memory mapping operations when used in conjunction with AUFS. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15794) Nicolas Waisman [ more… ]