No Image

USN-2845-1: SoS vulnerabilities

2015-12-18 KENNETH 0

Ubuntu Security Notice USN-2845-1 17th December, 2015 sosreport vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Summary sosreport could be made to expose sensitive information or overwrite files as the administrator. Software description sosreport – Set of tools to gather troubleshooting data from a system Details Dolev Farhi discovered an information disclosure issue in SoS. If the/etc/fstab file contained passwords, the passwords were included in theSoS report. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-3925) Mateusz Guzik discovered that SoS incorrectly handled temporary files. Alocal attacker could possibly use this issue to overwrite arbitrary filesor gain access to temporary file contents containing sensitive systeminformation. (CVE-2015-7529) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: sosreport 3.2-2ubuntu1.1 Ubuntu 15.04: sosreport 3.2-2ubuntu0.1 [ more… ]

No Image

Recompiling VirtualBox kernel modules [FAILED] on centos7.2 or rhel7.2

2015-12-18 KENNETH 0

Recompiling VirtualBox kernel modules [FAILED] on centos7.2 or rhel7.2   환경 OS : CentOS7 (7.2.1511) VirtualBox : 5.0.10_104061_el7-1 yum-repository 등록후 yum install VirtualBox-5.0 명령을 통한 설치 작업진행 사실 CentOS-7.2업데이트후 정상적인 구동이 되지 않았기 때문에 재설치 까지 진행해 본 것임   설치시 오류 No precompiled module for this kernel found — trying to build one. Messages emitted during module compilation will be logged to /var/log/vbox-install.log. Stopping VirtualBox kernel modules [ OK ] Recompiling VirtualBox kernel modules [FAILED] (Look at /var/log/vbox-install.log to find out what went wrong) Verifying : VirtualBox-5.0-5.0.10_104061_el7-1.x86_64 1/1 Installed: VirtualBox-5.0.x86_64 0:5.0.10_104061_el7-1   로그 내용 로그 내용은 상당히 많지만 대략 이정도가 주목 할 만 한듯 /tmp/vbox.0/linux/VBoxNetFlt-linux.c: In function ‘vboxNetFltLinuxPacketHandler’: /tmp/vbox.0/linux/VBoxNetFlt-linux.c:928:9: error: implicit declaration of function ‘vlan_tx_tag_present’ [-Werror=implicit-function-declaration] if (vlan_tx_tag_present(pBuf) && skb_headroom(pBuf) >= VLAN_ETH_HLEN) ^ /tmp/vbox.0/linux/VBoxNetFlt-linux.c:938:13: error: implicit declaration of function ‘vlan_tx_tag_get’ [-Werror=implicit-function-declaration] pVHdr->h_vlan_TCI = RT_H2N_U16(vlan_tx_tag_get(pBuf)); ^ cc1: some warnings being treated [ more… ]

No Image

USN-2843-2: Linux kernel (Wily HWE) vulnerabilities

2015-12-18 KENNETH 0

Ubuntu Security Notice USN-2843-2 17th December, 2015 linux-lts-wily vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-wily – Linux hardware enablement kernel from Wily Details Jan Beulich discovered that the KVM svm hypervisor implementation in theLinux kernel did not properly catch Debug exceptions on AMD processors. Anattacker in a guest virtual machine could use this to cause a denial ofservice (system crash) in the host OS. (CVE-2015-8104) 郭永刚 discovered that the ppp implementation in the Linux kernel didnot ensure that certain slot numbers are valid. A local attacker with theprivilege to call ioctl() on /dev/ppp could cause a denial of service(system crash). (CVE-2015-7799) Dmitry Vyukov discovered that the Linux kernel's keyring handler attemptedto garbage collect incompletely instantiated keys. A local unprivilegedattacker could [ more… ]

No Image

USN-2843-3: Linux kernel (Raspberry Pi 2) vulnerabilities

2015-12-18 KENNETH 0

Ubuntu Security Notice USN-2843-3 17th December, 2015 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Summary Several security issues were fixed in the kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details 郭永刚 discovered that the ppp implementation in the Linux kernel didnot ensure that certain slot numbers are valid. A local attacker with theprivilege to call ioctl() on /dev/ppp could cause a denial of service(system crash). (CVE-2015-7799) Dmitry Vyukov discovered that the Linux kernel's keyring handler attemptedto garbage collect incompletely instantiated keys. A local unprivilegedattacker could use this to cause a denial of service (system crash).(CVE-2015-7872) It was discovered that the virtual video osd test driver in the Linuxkernel did not properly initialize data structures. A local attacker coulduse this to obtain sensitive information from the kernel. (CVE-2015-7884) It [ more… ]

No Image

USN-2840-2: Linux kernel (OMAP4) vulnerability

2015-12-18 KENNETH 0

Ubuntu Security Notice USN-2840-2 17th December, 2015 linux-ti-omap4 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary The system could be made to crash under certain conditions. Software description linux-ti-omap4 – Linux kernel for OMAP4 Details Dmitry Vyukov discovered that the Linux kernel's keyring handler attemptedto garbage collect incompletely instantiated keys. A local unprivilegedattacker could use this to cause a denial of service (system crash). Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-3.2.0-1475-omap4 3.2.0-1475.97 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall [ more… ]