Articles by KENNETH

USN-3486-1: Samba vulnerabilities Ubuntu Security Notice USN-3486-1 21st November, 2017 samba vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Samba. Software description samba – SMB/CIFS file, print, and login server for Unix Details Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memorywhen processing certain SMB1 requests. A remote attacker could possibly usethis issue to execute arbitrary code. (CVE-2017-14746) Volker Lendecke discovered that Samba incorrectly cleared memory whenreturning data to a client. A remote attacker could possibly use this issueto obtain sensitive information. (CVE-2017-15275) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: samba 2:4.6.7+dfsg-1ubuntu3.1 Ubuntu 17.04: samba 2:4.5.8+dfsg-0ubuntu0.17.04.8 Ubuntu 16.04 LTS: samba 2:4.3.11+dfsg-0ubuntu0.16.04.12 Ubuntu 14.04 LTS: samba 2:4.3.11+dfsg-0ubuntu0.14.04.13 [ more… ]

USN-3483-2: procmail vulnerability Ubuntu Security Notice USN-3483-2 21st November, 2017 procmail vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary formail could be made to crash or run programs if it processed specially crafted mail. Software description procmail – Versatile e-mail processor Details USN-3483-1 fixed a vulnerability in procmail. This update provides thecorresponding update for Ubuntu 12.04 ESM. Original advisory details: Jakub Wilk discovered that the formail tool incorrectly handled certain malformed mail messages. An attacker could use this flaw to cause formail to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: procmail 3.22-19ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will [ more… ]

USN-3484-1: Linux kernel vulnerability Ubuntu Security Notice USN-3484-1 20th November, 2017 linux, linux-raspi2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary The system could be made to crash or run programs as an administrator. Software description linux – Linux kernel linux-raspi2 – Linux kernel for Raspberry Pi 2 Details It was discovered that the KVM subsystem in the Linux kernel did notproperly keep track of nested levels in guest page tables. A local attackerin a guest VM could use this to cause a denial of service (host OS crash)or possibly execute arbitrary code in the host OS. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: linux-image-4.10.0-40-generic 4.10.0-40.44 linux-image-4.10.0-40-lowlatency 4.10.0-40.44 linux-image-generic 4.10.0.40.40 linux-image-4.10.0-40-generic-lpae 4.10.0-40.44 linux-image-generic-lpae 4.10.0.40.40 linux-image-lowlatency 4.10.0.40.40 linux-image-raspi2 4.10.0.1021.22 linux-image-4.10.0-1021-raspi2 4.10.0-1021.24 To update [ more… ]

USN-3485-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3485-1 20th November, 2017 linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gke – Linux kernel for Google Container Engine (GKE) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors Details It was discovered that a race condition existed in the ALSA subsystem ofthe Linux kernel when creating and deleting a port via ioctl(). A localattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code. (CVE-2017-15265) Eric Biggers discovered that the key management subsystem [ more… ]

USN-3484-2: Linux kernel (HWE) vulnerability Ubuntu Security Notice USN-3484-2 21st November, 2017 linux-hwe vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary The system could be made to crash or run programs as an administrator. Software description linux-hwe – Linux hardware enablement (HWE) kernel Details USN-3484-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.This update provides the corresponding updates for the Linux HardwareEnablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that the KVM subsystem in the Linux kernel did notproperly keep track of nested levels in guest page tables. A local attackerin a guest VM could use this to cause a denial of service (host OS crash)or possibly execute arbitrary code in the host OS. Update instructions The problem can be corrected by updating your system to [ more… ]