No Image

USN-3161-4: Linux kernel (Qualcomm Snapdragon) vulnerabilities

2016-12-21 KENNETH 0

USN-3161-4: Linux kernel (Qualcomm Snapdragon) vulnerabilities Ubuntu Security Notice USN-3161-4 20th December, 2016 linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-snapdragon – Linux kernel for Snapdragon Processors Details Tilman Schmidt and Sasha Levin discovered a use-after-free condition in theTTY implementation in the Linux kernel. A local attacker could use this toexpose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two (v4l2) implementation in theLinux kernel did not properly handle multiple planes when processing aVIDIOC_DQBUF ioctl(). A local attacker could use this to cause a denial ofservice (system crash) or possibly execute arbitrary code. (CVE-2016-4568) CAI Qian discovered that shared bind mounts in a mount namespaceexponentially added entries without restriction to the Linux kernel's mounttable. A [ more… ]

No Image

USN-3161-3: Linux kernel (Raspberry Pi 2) vulnerabilities

2016-12-21 KENNETH 0

USN-3161-3: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-3161-3 20th December, 2016 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Tilman Schmidt and Sasha Levin discovered a use-after-free condition in theTTY implementation in the Linux kernel. A local attacker could use this toexpose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two (v4l2) implementation in theLinux kernel did not properly handle multiple planes when processing aVIDIOC_DQBUF ioctl(). A local attacker could use this to cause a denial ofservice (system crash) or possibly execute arbitrary code. (CVE-2016-4568) CAI Qian discovered that shared bind mounts in a mount namespaceexponentially added entries without restriction to the Linux kernel's [ more… ]

No Image

USN-3161-2: Linux kernel (Xenial HWE) vulnerabilities

2016-12-21 KENNETH 0

USN-3161-2: Linux kernel (Xenial HWE) vulnerabilities Ubuntu Security Notice USN-3161-2 20th December, 2016 linux-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3161-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu14.04 LTS. Tilman Schmidt and Sasha Levin discovered a use-after-free condition in theTTY implementation in the Linux kernel. A local attacker could use this toexpose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two (v4l2) implementation in theLinux kernel did not properly handle multiple planes when processing aVIDIOC_DQBUF ioctl(). A local attacker could use this to cause [ more… ]

No Image

USN-3161-1: Linux kernel vulnerabilities

2016-12-21 KENNETH 0

USN-3161-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3161-1 20th December, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Tilman Schmidt and Sasha Levin discovered a use-after-free condition in theTTY implementation in the Linux kernel. A local attacker could use this toexpose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two (v4l2) implementation in theLinux kernel did not properly handle multiple planes when processing aVIDIOC_DQBUF ioctl(). A local attacker could use this to cause a denial ofservice (system crash) or possibly execute arbitrary code. (CVE-2016-4568) CAI Qian discovered that shared bind mounts in a mount namespaceexponentially added entries without restriction to the Linux kernel's mounttable. A local attacker could use this [ more… ]

No Image

USN-3162-2: Linux kernel (Raspberry Pi 2) vulnerabilities

2016-12-21 KENNETH 0

USN-3162-2: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-3162-2 20th December, 2016 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Summary Several security issues were fixed in the kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details CAI Qian discovered that shared bind mounts in a mount namespaceexponentially added entries without restriction to the Linux kernel's mounttable. A local attacker could use this to cause a denial of service (systemcrash). (CVE-2016-6213) Andreas Gruenbacher and Jan Kara discovered that the filesystemimplementation in the Linux kernel did not clear the setgid bit during asetxattr call. A local attacker could use this to possibly elevate groupprivileges. (CVE-2016-7097) Marco Grassi discovered that the driver for Areca RAID Controllers in theLinux kernel did not properly validate control messages. A local attackercould use this [ more… ]