Articles by KENNETH

USN-3582-2: Linux kernel (Xenial HWE) vulnerabilities Ubuntu Security Notice USN-3582-2 22nd February, 2018 linux-lts-xenial, linux-aws vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3582-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu14.04 LTS. Mohamed Ghannam discovered that the IPv4 raw socket implementation in theLinux kernel contained a race condition leading to uninitialized pointerusage. A local attacker could use this to cause a denial of service orpossibly execute arbitrary code. (CVE-2017-17712) Laurent Guerby discovered that the mbcache feature in the ext2 and [ more… ]

USN-3580-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3580-1 21st February, 2018 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel Details Jann Horn discovered that microprocessors utilizing speculative executionand branch prediction may allow unauthorized memory reads via sidechannelattacks. This flaw is known as Spectre. A local attacker could use this toexpose sensitive information, including kernel memory. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-3.2.0-133-generic-pae 3.2.0-133.179 linux-image-generic 3.2.0.133.148 linux-image-generic-pae 3.2.0.133.148 linux-image-3.2.0-133-generic 3.2.0-133.179 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2)requires corresponding processor microcode/firmware updates or,in virtual environments, hypervisor updates. On i386 and amd64architectures, the IBRS and [ more… ]

USN-3579-1: LibreOffice vulnerability Ubuntu Security Notice USN-3579-1 21st February, 2018 libreoffice vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary LibreOffice would allow unintended access to files over the network. Software description libreoffice – Office productivity suite Details It was discovered that =WEBSERVICE calls in a document could be used toread arbitrary files. If a user were tricked in to opening a speciallycrafted document, a remote attacker could exploit this to obtain sensitiveinformation. (CVE-2018-6871) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libreoffice-core 1:5.4.5-0ubuntu0.17.10.1 Ubuntu 16.04 LTS: libreoffice-core 1:5.1.6~rc2-0ubuntu1~xenial3 Ubuntu 14.04 LTS: libreoffice-core 1:4.2.8-0ubuntu5.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart LibreOffice to makeall the necessary changes. [ more… ]