Articles by KENNETH

USN-3510-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3510-1 7th December, 2017 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel Details Mohamed Ghannam discovered that a use-after-free vulnerability existed inthe Netlink subsystem (XFRM) in the Linux kernel. A local attacker coulduse this to cause a denial of service (system crash) or possibly executearbitrary code. (CVE-2017-16939) It was discovered that the Linux kernel did not properly handle copy-on-write of transparent huge pages. A local attacker could use this to cause adenial of service (application crashes) or possibly gain administrativeprivileges. (CVE-2017-1000405) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: linux-image-3.13.0-137-powerpc-smp 3.13.0-137.186 linux-image-powerpc-smp 3.13.0.137.146 linux-image-powerpc-e500mc 3.13.0.137.146 linux-image-generic 3.13.0.137.146 linux-image-3.13.0-137-powerpc64-smp [ more… ]

USN-3510-2: Linux kernel (Trusty HWE) vulnerabilities Ubuntu Security Notice USN-3510-2 7th December, 2017 linux-lts-trusty vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise ESM Details USN-3510-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu12.04 ESM. Mohamed Ghannam discovered that a use-after-free vulnerability existed inthe Netlink subsystem (XFRM) in the Linux kernel. A local attacker coulduse this to cause a denial of service (system crash) or possibly executearbitrary code. (CVE-2017-16939) It was discovered that the Linux kernel did not properly handle copy-on-write of transparent huge pages. A local attacker could use this to cause [ more… ]

USN-3511-1: Linux kernel (Azure) vulnerabilities Ubuntu Security Notice USN-3511-1 7th December, 2017 linux-azure vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-azure – Linux kernel for Microsoft Azure Cloud systems Details Mohamed Ghannam discovered that a use-after-free vulnerability existed inthe Netlink subsystem (XFRM) in the Linux kernel. A local attacker coulduse this to cause a denial of service (system crash) or possibly executearbitrary code. (CVE-2017-16939) It was discovered that the Linux kernel did not properly handle copy-on-write of transparent huge pages. A local attacker could use this to cause adenial of service (application crashes) or possibly gain administrativeprivileges. (CVE-2017-1000405) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: linux-image-azure 4.11.0.1016.16 linux-image-4.11.0-1016-azure [ more… ]