Articles by KENNETH

USN-3070-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3070-1 29th August, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details A missing permission check when settings ACLs was discovered in nfsd. Alocal user could exploit this flaw to gain access to any file by setting anACL. (CVE-2016-1237) Kangjie Lu discovered an information leak in the Reliable Datagram Sockets(RDS) implementation in the Linux kernel. A local attacker could use thisto obtain potentially sensitive information from kernel memory.(CVE-2016-5244) James Patrick-Evans discovered that the airspy USB device driver in theLinux kernel did not properly handle certain error conditions. An attackerwith physical access could use this to cause a denial of service (memoryconsumption). (CVE-2016-5400) Yue Cao et al discovered a flaw [ more… ]

USN-3071-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3071-1 29th August, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Kangjie Lu discovered an information leak in the Reliable Datagram Sockets(RDS) implementation in the Linux kernel. A local attacker could use thisto obtain potentially sensitive information from kernel memory.(CVE-2016-5244) Yue Cao et al discovered a flaw in the TCP implementation's handling ofchallenge acks in the Linux kernel. A remote attacker could use this tocause a denial of service (reset connection) or inject content into an TCPstream. (CVE-2016-5696) Pengfei Wang discovered a race condition in the MIC VOP driver in the Linuxkernel. A local attacker could use this to cause a denial of service(system crash) or obtain potentially [ more… ]