SECURITY

USN-3190-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3190-1 3rd February, 2017 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Mikulas Patocka discovered that the asynchronous multibuffer cryptographicdaemon (mcryptd) in the Linux kernel did not properly handle being invokedwith incompatible algorithms. A local attacker could use this to cause adenial of service (system crash). (CVE-2016-10147) It was discovered that a use-after-free existed in the KVM susbsystem ofthe Linux kernel when creating devices. A local attacker could use this tocause a denial of service (system crash). (CVE-2016-10150) Qidan He discovered that the ICMP implementation in the Linux kernel didnot properly check the size of an ICMP header. A local attacker withCAP_NET_ADMIN could use this to expose sensitive information.(CVE-2016-8399) Qian [ more… ]

USN-3189-2: Linux kernel (Xenial HWE) vulnerabilities Ubuntu Security Notice USN-3189-2 3rd February, 2017 linux-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3189-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu14.04 LTS. Mikulas Patocka discovered that the asynchronous multibuffer cryptographicdaemon (mcryptd) in the Linux kernel did not properly handle being invokedwith incompatible algorithms. A local attacker could use this to cause adenial of service (system crash). (CVE-2016-10147) Qidan He discovered that the ICMP implementation in the Linux kernel didnot properly check the size of an ICMP header. A local attacker withCAP_NET_ADMIN could [ more… ]

USN-3189-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3189-1 3rd February, 2017 linux, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon Processors Details Mikulas Patocka discovered that the asynchronous multibuffer cryptographicdaemon (mcryptd) in the Linux kernel did not properly handle being invokedwith incompatible algorithms. A local attacker could use this to cause adenial of service (system crash). (CVE-2016-10147) Qidan He discovered that the ICMP implementation in the Linux kernel didnot properly check the size of an ICMP header. A local attacker withCAP_NET_ADMIN could use this to expose sensitive information.(CVE-2016-8399) Update instructions The problem can be corrected by updating your system to the following [ more… ]

USN-3188-2: Linux kernel (Trusty HWE) vulnerability Ubuntu Security Notice USN-3188-2 3rd February, 2017 linux-lts-trusty vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary The system could be made to crash if it received specially crafted network traffic. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise Details USN-3188-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu12.04 LTS. Andrey Konovalov discovered that the SCTP implementation in the Linuxkernel improperly handled validation of incoming data. A remote attackercould use this to cause a denial of service (system crash). Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-3.13.0-108-generic-lpae 3.13.0-108.155~precise1 linux-image-generic-lpae-lts-trusty 3.13.0.108.99 linux-image-3.13.0-108-generic 3.13.0-108.155~precise1 [ more… ]

USN-3188-1: Linux kernel vulnerability Ubuntu Security Notice USN-3188-1 3rd February, 2017 linux vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary The system could be made to crash if it received specially crafted network traffic. Software description linux – Linux kernel Details Andrey Konovalov discovered that the SCTP implementation in the Linuxkernel improperly handled validation of incoming data. A remote attackercould use this to cause a denial of service (system crash). Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: linux-image-powerpc-smp 3.13.0.108.116 linux-image-powerpc-e500mc 3.13.0.108.116 linux-image-3.13.0-108-generic 3.13.0-108.155 linux-image-generic 3.13.0.108.116 linux-image-3.13.0-108-powerpc-e500 3.13.0-108.155 linux-image-powerpc64-emb 3.13.0.108.116 linux-image-3.13.0-108-generic-lpae 3.13.0-108.155 linux-image-3.13.0-108-powerpc-smp 3.13.0-108.155 linux-image-3.13.0-108-powerpc-e500mc 3.13.0-108.155 linux-image-3.13.0-108-lowlatency 3.13.0-108.155 linux-image-3.13.0-108-powerpc64-emb 3.13.0-108.155 linux-image-generic-lpae 3.13.0.108.116 linux-image-powerpc-e500 3.13.0.108.116 linux-image-lowlatency 3.13.0.108.116 linux-image-3.13.0-108-powerpc64-smp 3.13.0-108.155 linux-image-powerpc64-smp 3.13.0.108.116 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a [ more… ]