Articles by KENNETH

USN-3487-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3487-1 21st November, 2017 linux, linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-raspi2 – Linux kernel for Raspberry Pi 2 Details It was discovered that the KVM subsystem in the Linux kernel did notproperly keep track of nested levels in guest page tables. A local attackerin a guest VM could use this to cause a denial of service (host OS crash)or possibly execute arbitrary code in the host OS. (CVE-2017-12188) It was discovered that on the PowerPC architecture, the kernel did notproperly sanitize the signal stack when handling sigreturn(). A localattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code. (CVE-2017-1000255) Bo Zhang [ more… ]

USN-3488-1: Linux kernel (Azure) vulnerability Ubuntu Security Notice USN-3488-1 21st November, 2017 linux-azure vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary The system could be made to crash or run programs as an administrator. Software description linux-azure – Linux kernel for Microsoft Azure Cloud systems Details It was discovered that the KVM subsystem in the Linux kernel did notproperly keep track of nested levels in guest page tables. A local attackerin a guest VM could use this to cause a denial of service (host OS crash)or possibly execute arbitrary code in the host OS. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: linux-image-4.11.0-1015-azure 4.11.0-1015.15 linux-image-azure 4.11.0.1015.15 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you [ more… ]

USN-3484-3: Linux kernel (GCP) vulnerability Ubuntu Security Notice USN-3484-3 21st November, 2017 linux-gcp vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary The system could be made to crash or run programs as an administrator. Software description linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems Details It was discovered that the KVM subsystem in the Linux kernel did notproperly keep track of nested levels in guest page tables. A local attackerin a guest VM could use this to cause a denial of service (host OS crash)or possibly execute arbitrary code in the host OS. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: linux-image-4.10.0-1009-gcp 4.10.0-1009.9 linux-image-gcp 4.10.0.1009.11 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update [ more… ]

USN-3485-3: Linux kernel (AWS) vulnerabilities Ubuntu Security Notice USN-3485-3 21st November, 2017 linux-aws vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-aws – Linux kernel for Amazon Web Services (AWS) systems Details It was discovered that a race condition existed in the ALSA subsystem ofthe Linux kernel when creating and deleting a port via ioctl(). A localattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code. (CVE-2017-15265) Eric Biggers discovered that the key management subsystem in the Linuxkernel did not properly restrict adding a key that already exists but isuninstantiated. A local attacker could use this to cause a denial ofservice (system crash) or possibly execute arbitrary code. (CVE-2017-15299) It was discovered that a race [ more… ]

USN-3486-2: Samba vulnerability Ubuntu Security Notice USN-3486-2 21st November, 2017 samba vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Samba could be made to expose sensitive information over the network. Software description samba – SMB/CIFS file, print, and login server for Unix Details USN-3486-1 fixed a vulnerability in Samba. This update provides thecorresponding update for Ubuntu 12.04 ESM. Original advisory details: Volker Lendecke discovered that Samba incorrectly cleared memory when returning data to a client. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2017-15275) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: samba 2:3.6.25-0ubuntu0.12.04.14 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-15275 [ more… ]