Articles by KENNETH

USN-3312-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3312-1 6th June, 2017 linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gke – Linux kernel for Google Container Engine (GKE) systems linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon Processors Details It was discovered that the netfilter netlink implementation in the Linuxkernel did not properly validate batch messages. A local attacker with theCAP_NET_ADMIN capability could use this to expose sensitive information orcause a denial of service. (CVE-2016-7917) Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build()function in the Linux kernel. A local attacker could use to cause [ more… ]

USN-3312-2: Linux kernel (Xenial HWE) vulnerabilities Ubuntu Security Notice USN-3312-2 6th June, 2017 linux-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3312-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu14.04 LTS. It was discovered that the netfilter netlink implementation in the Linuxkernel did not properly validate batch messages. A local attacker with theCAP_NET_ADMIN capability could use this to expose sensitive information orcause a denial of service. (CVE-2016-7917) Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build()function in the Linux kernel. A local attacker could use to cause a denialof [ more… ]

USN-3313-2: Linux kernel (HWE) vulnerability Ubuntu Security Notice USN-3313-2 7th June, 2017 linux-hwe vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary The system could be made to run programs as an administrator. Software description linux-hwe – Linux hardware enablement (HWE) kernel Details USN-3313-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10.This update provides the corresponding updates for the Linux HardwareEnablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. It was discovered that a buffer overflow existed in the trace subsystem inthe Linux kernel. A privileged local attacker could use this to executearbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: linux-image-4.8.0-54-generic 4.8.0-54.57~16.04.1 linux-image-4.8.0-54-generic-lpae 4.8.0-54.57~16.04.1 linux-image-lowlatency-hwe-16.04 4.8.0.54.25 linux-image-generic-hwe-16.04 4.8.0.54.25 linux-image-4.8.0-54-lowlatency 4.8.0-54.57~16.04.1 linux-image-generic-lpae-hwe-16.04 4.8.0.54.25 To update your system, please follow [ more… ]

USN-3314-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3314-1 7th June, 2017 linux, linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-raspi2 – Linux kernel for Raspberry Pi 2 Details It was discovered that the keyring implementation in the Linux kernel insome situations did not prevent special internal keyrings from being joinedby userspace keyrings. A privileged local attacker could use this to bypassmodule verification. (CVE-2016-9604) It was discovered that a buffer overflow existed in the trace subsystem inthe Linux kernel. A privileged local attacker could use this to executearbitrary code. (CVE-2017-0605) Daniel Jiang discovered that a race condition existed in the ipv4 pingsocket implementation in the Linux kernel. A local privileged attackercould use this to cause a denial [ more… ]