Articles by KENNETH

USN-3169-3: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-3169-3 11th January, 2017 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Baozeng Ding discovered a race condition that could lead to a use-after-free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linuxkernel. A local attacker could use this to cause a denial of service(system crash). (CVE-2016-9794) Andrey Konovalov discovered that signed integer overflows existed in thesetsockopt() system call when handling the SO_SNDBUFFORCE andSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capabilitycould use this to cause a denial of service (system crash or memorycorruption). (CVE-2016-9793) Update instructions The problem can be corrected by updating your system to the following package [ more… ]

USN-3169-4: Linux kernel (Qualcomm Snapdragon) vulnerabilities Ubuntu Security Notice USN-3169-4 11th January, 2017 linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-snapdragon – Linux kernel for Snapdragon Processors Details Baozeng Ding discovered a race condition that could lead to a use-after-free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linuxkernel. A local attacker could use this to cause a denial of service(system crash). (CVE-2016-9794) Andrey Konovalov discovered that signed integer overflows existed in thesetsockopt() system call when handling the SO_SNDBUFFORCE andSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capabilitycould use this to cause a denial of service (system crash or memorycorruption). (CVE-2016-9793) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu [ more… ]

USN-3170-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3170-1 11th January, 2017 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Dmitry Vyukov discovered that the KVM implementation in the Linux kerneldid not properly initialize the Code Segment (CS) in certain error cases. Alocal attacker could use this to expose sensitive information (kernelmemory). (CVE-2016-9756) Andrey Konovalov discovered that signed integer overflows existed in thesetsockopt() system call when handling the SO_SNDBUFFORCE andSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capabilitycould use this to cause a denial of service (system crash or memorycorruption). (CVE-2016-9793) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: linux-image-powerpc-smp 4.8.0.34.43 linux-image-powerpc-e500mc 4.8.0.34.43 linux-image-4.8.0-34-lowlatency 4.8.0-34.36 linux-image-generic 4.8.0.34.43 linux-image-generic-lpae [ more… ]

USN-3170-2: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-3170-2 11th January, 2017 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Summary Several security issues were fixed in the kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Andrey Konovalov discovered that the ipv6 icmp implementation in the Linuxkernel did not properly check data structures on send. A remote attackercould use this to cause a denial of service (system crash). (CVE-2016-9919) Andrey Konovalov discovered that signed integer overflows existed in thesetsockopt() system call when handling the SO_SNDBUFFORCE andSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capabilitycould use this to cause a denial of service (system crash or memorycorruption). (CVE-2016-9793) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: linux-image-4.8.0-1022-raspi2 4.8.0-1022.25 [ more… ]