Articles by KENNETH

USN-3523-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3523-1 9th January, 2018 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel Details Jann Horn discovered that microprocessors utilizing speculative executionand indirect branch prediction may allow unauthorized memory reads viasidechannel attacks. This flaw is known as Meltdown. A local attacker coulduse this to expose sensitive information, including kernel memory.(CVE-2017-5754) Jann Horn discovered that the Berkeley Packet Filter (BPF) implementationin the Linux kernel did not properly check the relationship between pointervalues and the BPF stack. A local attacker could use this to cause a denialof service (system crash) or possibly execute arbitrary code.(CVE-2017-17863) Jann Horn discovered that the Berkeley Packet Filter (BPF) implementationin the Linux kernel improperly performed sign extension in [ more… ]

USN-3522-1: Linux kernel vulnerability Ubuntu Security Notice USN-3522-1 9th January, 2018 linux, linux-aws, linux-euclid, linux-kvm vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-euclid – Linux kernel for Intel Euclid systems linux-kvm – Linux kernel for cloud environments Details Jann Horn discovered that microprocessors utilizing speculative executionand indirect branch prediction may allow unauthorized memory reads viasidechannel attacks. This flaw is known as Meltdown. A local attacker coulduse this to expose sensitive information, including kernel memory.(CVE-2017-5754) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: linux-image-4.4.0-108-lowlatency 4.4.0-108.131 linux-image-euclid 4.4.0.9021.21 linux-image-4.4.0-108-generic 4.4.0-108.131 linux-image-4.4.0-9021-euclid 4.4.0-9021.22 linux-image-generic 4.4.0.108.113 linux-image-aws 4.4.0.1047.49 linux-image-kvm [ more… ]

USN-3524-1: Linux kernel vulnerability Ubuntu Security Notice USN-3524-1 9th January, 2018 linux vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel Details Jann Horn discovered that microprocessors utilizing speculative executionand indirect branch prediction may allow unauthorized memory reads viasidechannel attacks. This flaw is known as Meltdown. A local attacker coulduse this to expose sensitive information, including kernel memory.(CVE-2017-5754) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: linux-image-generic 3.13.0.139.148 linux-image-3.13.0-139-lowlatency 3.13.0-139.188 linux-image-lowlatency 3.13.0.139.148 linux-image-3.13.0-139-generic 3.13.0-139.188 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. ATTENTION: Due to an unavoidable ABI change the [ more… ]