SECURITY

USN-3333-1: Linux kernel (HWE) vulnerabilities Ubuntu Security Notice USN-3333-1 19th June, 2017 linux-hwe, linux-meta-hwe vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-hwe – Linux hardware enablement (HWE) kernel Details It was discovered that a use-after-free flaw existed in the filesystemencryption subsystem in the Linux kernel. A local attacker could use thisto cause a denial of service (system crash). (CVE-2017-7374) It was discovered that the stack guard page for processes in the Linuxkernel was not sufficiently large enough to prevent overlapping with theheap. An attacker could leverage this with another vulnerability to executearbitrary code and gain administrative privileges (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in the Linuxkernel did not properly bounds check passed arguments. A local attackerwith [ more… ]

USN-3332-1: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-3332-1 19th June, 2017 linux-meta-raspi2, linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details It was discovered that the stack guard page for processes in the Linuxkernel was not sufficiently large enough to prevent overlapping with theheap. An attacker could leverage this with another vulnerability to executearbitrary code and gain administrative privileges (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in the Linuxkernel did not properly bounds check passed arguments. A local attackerwith write access to the kernel command line arguments could use this toexecute arbitrary code. (CVE-2017-1000363) A reference count bug was discovered in the Linux kernel ipx protocolstack. [ more… ]

USN-3331-1: Linux kernel (AWS) vulnerabilities Ubuntu Security Notice USN-3331-1 19th June, 2017 linux-aws, linux-meta-aws vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-aws – Linux kernel for Amazon Web Services (AWS) systems Details It was discovered that the stack guard page for processes in the Linuxkernel was not sufficiently large enough to prevent overlapping with theheap. An attacker could leverage this with another vulnerability to executearbitrary code and gain administrative privileges (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in the Linuxkernel did not properly bounds check passed arguments. A local attackerwith write access to the kernel command line arguments could use this toexecute arbitrary code. (CVE-2017-1000363) A reference count bug was discovered in the Linux kernel ipx protocolstack. [ more… ]

USN-3311-2: libnl vulnerability Ubuntu Security Notice USN-3311-2 19th June, 2017 libnl3 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary libnl could be made to run programs as an administrator. Software description libnl3 – library for dealing with netlink sockets Details USN-3311-1 fixed a vulnerability in libnl. This update provides thecorresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that libnl incorrectly handled memory when performing certain operations. A local attacker could possibly use this issue to cause libnl to crash, resulting in a denial of service, or execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: libnl-3-200 3.2.3-2ubuntu2.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot [ more… ]