Articles by KENNETH

Ubuntu Security Notice USN-2843-1 17th December, 2015 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Jan Beulich discovered that the KVM svm hypervisor implementation in theLinux kernel did not properly catch Debug exceptions on AMD processors. Anattacker in a guest virtual machine could use this to cause a denial ofservice (system crash) in the host OS. (CVE-2015-8104) 郭永刚 discovered that the ppp implementation in the Linux kernel didnot ensure that certain slot numbers are valid. A local attacker with theprivilege to call ioctl() on /dev/ppp could cause a denial of service(system crash). (CVE-2015-7799) Dmitry Vyukov discovered that the Linux kernel's keyring handler attemptedto garbage collect incompletely instantiated keys. A local unprivilegedattacker could use this to cause a [ more… ]

Ubuntu Security Notice USN-2844-1 17th December, 2015 linux-lts-utopic vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-utopic – Linux hardware enablement kernel from Utopic Details Jan Beulich discovered that the KVM svm hypervisor implementation in theLinux kernel did not properly catch Debug exceptions on AMD processors. Anattacker in a guest virtual machine could use this to cause a denial ofservice (system crash) in the host OS. (CVE-2015-8104) 郭永刚 discovered that the ppp implementation in the Linux kernel didnot ensure that certain slot numbers are valid. A local attacker with theprivilege to call ioctl() on /dev/ppp could cause a denial of service(system crash). (CVE-2015-7799) It was discovered that the driver for Digi Neo and ClassicBoard devices didnot properly initialize data structures. A local [ more… ]

Ubuntu Security Notice USN-2838-1 16th December, 2015 cups-filters vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Summary cups-filters could be made to run programs as the lp user if it processed a specially crafted print job. Software description cups-filters – OpenPrinting CUPS Filters Details Adam Chester discovered that the cups-filters foomatic-rip filterincorrectly stripped shell escape characters. A remote attacker couldpossibly use this issue to execute arbitrary code as the lp user. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: cups-filters 1.0.76-1ubuntu0.2 Ubuntu 15.04: cups-filters 1.0.67-0ubuntu2.6 Ubuntu 14.04 LTS: cups-filters 1.0.52-0ubuntu1.7 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2015-8560 Source: ubuntu-usn