Articles by KENNETH

USN-3583-2: Linux kernel (Trusty HWE) vulnerabilities Ubuntu Security Notice USN-3583-2 23rd February, 2018 linux-lts-trusty vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise ESM Details USN-3583-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu12.04 ESM. It was discovered that an out-of-bounds write vulnerability existed in theFlash-Friendly File System (f2fs) in the Linux kernel. An attacker couldconstruct a malicious file system that, when mounted, could cause a denialof service (system crash) or possibly execute arbitrary code.(CVE-2017-0750) It was discovered that a race condition leading to a use-after-freevulnerability existed in the ALSA PCM subsystem of [ more… ]

USN-3581-3: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-3581-3 23rd February, 2018 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Summary Several security issues were fixed in the Linux kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Mohamed Ghannam discovered that the IPv4 raw socket implementation in theLinux kernel contained a race condition leading to uninitialized pointerusage. A local attacker could use this to cause a denial of service orpossibly execute arbitrary code. (CVE-2017-17712) ChunYu Wang discovered that a use-after-free vulnerability existed in theSCTP protocol implementation in the Linux kernel. A local attacker coulduse this to cause a denial of service (system crash) or possibly executearbitrary code, (CVE-2017-15115) Mohamed Ghannam discovered a use-after-free vulnerability in the DCCPprotocol implementation in the Linux kernel. A local attacker could usethis [ more… ]