Articles by KENNETH

USN-3485-3: Linux kernel (AWS) vulnerabilities Ubuntu Security Notice USN-3485-3 21st November, 2017 linux-aws vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-aws – Linux kernel for Amazon Web Services (AWS) systems Details It was discovered that a race condition existed in the ALSA subsystem ofthe Linux kernel when creating and deleting a port via ioctl(). A localattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code. (CVE-2017-15265) Eric Biggers discovered that the key management subsystem in the Linuxkernel did not properly restrict adding a key that already exists but isuninstantiated. A local attacker could use this to cause a denial ofservice (system crash) or possibly execute arbitrary code. (CVE-2017-15299) It was discovered that a race [ more… ]

USN-3486-2: Samba vulnerability Ubuntu Security Notice USN-3486-2 21st November, 2017 samba vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Samba could be made to expose sensitive information over the network. Software description samba – SMB/CIFS file, print, and login server for Unix Details USN-3486-1 fixed a vulnerability in Samba. This update provides thecorresponding update for Ubuntu 12.04 ESM. Original advisory details: Volker Lendecke discovered that Samba incorrectly cleared memory when returning data to a client. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2017-15275) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: samba 2:3.6.25-0ubuntu0.12.04.14 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-15275 [ more… ]