Articles by KENNETH

USN-3578-1: WavPack vulnerabilities Ubuntu Security Notice USN-3578-1 21st February, 2018 wavpack vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Summary Several security issues were fixed in WavPack. Software description wavpack – audio codec (lossy and lossless) – encoder and decoder Details It was discovered that WavPack incorrectly handled certain DSDIFF files.An attacker could possibly use this to execute arbitrary code orcause a denial of service. (CVE-2018-7253) It was discovered that WavPack incorrectly handled certain CAF files.An attacker could possibly use this to cause a denial of service.(CVE-2018-7254) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libwavpack1 5.1.0-2ubuntu0.2 wavpack 5.1.0-2ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2018-7253, CVE-2018-7254 Source: [ more… ]

USN-3581-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3581-1 22nd February, 2018 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel Details Mohamed Ghannam discovered that the IPv4 raw socket implementation in theLinux kernel contained a race condition leading to uninitialized pointerusage. A local attacker could use this to cause a denial of service orpossibly execute arbitrary code. (CVE-2017-17712) ChunYu Wang discovered that a use-after-free vulnerability existedin the SCTP protocol implementation in the Linux kernel. A localattacker could use this to cause a denial of service (system crash)or possibly execute arbitrary code, (CVE-2017-15115) Mohamed Ghannam discovered a use-after-free vulnerability in the DCCPprotocol implementation in the Linux kernel. A local attacker could usethis to cause a denial of service (system [ more… ]

USN-3581-2: Linux kernel (HWE) vulnerabilities Ubuntu Security Notice USN-3581-2 22nd February, 2018 linux-hwe, linux-azure, linux-gcp, linux-oem vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-hwe – Linux hardware enablement (HWE) kernel linux-oem – Linux kernel for OEM processors Details USN-3581-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10.This update provides the corresponding updates for the Linux HardwareEnablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Mohamed Ghannam discovered that the IPv4 raw socket implementation in theLinux kernel contained a race condition leading to uninitialized pointerusage. A local attacker could use this to cause a denial of service orpossibly execute arbitrary [ more… ]