Articles by KENNETH

USN-3161-2: Linux kernel (Xenial HWE) vulnerabilities Ubuntu Security Notice USN-3161-2 20th December, 2016 linux-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3161-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu14.04 LTS. Tilman Schmidt and Sasha Levin discovered a use-after-free condition in theTTY implementation in the Linux kernel. A local attacker could use this toexpose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two (v4l2) implementation in theLinux kernel did not properly handle multiple planes when processing aVIDIOC_DQBUF ioctl(). A local attacker could use this to cause [ more… ]

USN-3161-3: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-3161-3 20th December, 2016 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Tilman Schmidt and Sasha Levin discovered a use-after-free condition in theTTY implementation in the Linux kernel. A local attacker could use this toexpose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two (v4l2) implementation in theLinux kernel did not properly handle multiple planes when processing aVIDIOC_DQBUF ioctl(). A local attacker could use this to cause a denial ofservice (system crash) or possibly execute arbitrary code. (CVE-2016-4568) CAI Qian discovered that shared bind mounts in a mount namespaceexponentially added entries without restriction to the Linux kernel's [ more… ]

USN-3161-4: Linux kernel (Qualcomm Snapdragon) vulnerabilities Ubuntu Security Notice USN-3161-4 20th December, 2016 linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-snapdragon – Linux kernel for Snapdragon Processors Details Tilman Schmidt and Sasha Levin discovered a use-after-free condition in theTTY implementation in the Linux kernel. A local attacker could use this toexpose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two (v4l2) implementation in theLinux kernel did not properly handle multiple planes when processing aVIDIOC_DQBUF ioctl(). A local attacker could use this to cause a denial ofservice (system crash) or possibly execute arbitrary code. (CVE-2016-4568) CAI Qian discovered that shared bind mounts in a mount namespaceexponentially added entries without restriction to the Linux kernel's mounttable. A [ more… ]

USN-3162-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3162-1 20th December, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details CAI Qian discovered that shared bind mounts in a mount namespaceexponentially added entries without restriction to the Linux kernel's mounttable. A local attacker could use this to cause a denial of service (systemcrash). (CVE-2016-6213) It was discovered that the KVM implementation for x86/x86_64 in the Linuxkernel could dereference a null pointer. An attacker in a guest virtualmachine could use this to cause a denial of service (system crash) in theKVM host. (CVE-2016-8630) Eyal Itkin discovered that the IP over IEEE 1394 (FireWire) implementationin the Linux kernel contained a buffer overflow when handling fragmentedpackets. A remote attacker could use [ more… ]

USN-3162-2: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-3162-2 20th December, 2016 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Summary Several security issues were fixed in the kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details CAI Qian discovered that shared bind mounts in a mount namespaceexponentially added entries without restriction to the Linux kernel's mounttable. A local attacker could use this to cause a denial of service (systemcrash). (CVE-2016-6213) Andreas Gruenbacher and Jan Kara discovered that the filesystemimplementation in the Linux kernel did not clear the setgid bit during asetxattr call. A local attacker could use this to possibly elevate groupprivileges. (CVE-2016-7097) Marco Grassi discovered that the driver for Areca RAID Controllers in theLinux kernel did not properly validate control messages. A local attackercould use this [ more… ]