SECURITY

USN-3162-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3162-1 20th December, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details CAI Qian discovered that shared bind mounts in a mount namespaceexponentially added entries without restriction to the Linux kernel's mounttable. A local attacker could use this to cause a denial of service (systemcrash). (CVE-2016-6213) It was discovered that the KVM implementation for x86/x86_64 in the Linuxkernel could dereference a null pointer. An attacker in a guest virtualmachine could use this to cause a denial of service (system crash) in theKVM host. (CVE-2016-8630) Eyal Itkin discovered that the IP over IEEE 1394 (FireWire) implementationin the Linux kernel contained a buffer overflow when handling fragmentedpackets. A remote attacker could use [ more… ]

USN-3160-2: Linux kernel (Trusty HWE) vulnerabilities Ubuntu Security Notice USN-3160-2 20th December, 2016 linux-lts-trusty vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise Details USN-3160-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu12.04 LTS. CAI Qian discovered that shared bind mounts in a mount namespaceexponentially added entries without restriction to the Linux kernel's mounttable. A local attacker could use this to cause a denial of service (systemcrash). (CVE-2016-6213) It was discovered that a race condition existed in the procfsenviron_read function in the Linux kernel, leading to an integerunderflow. A local attacker could use this [ more… ]

USN-3160-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3160-1 20th December, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details CAI Qian discovered that shared bind mounts in a mount namespaceexponentially added entries without restriction to the Linux kernel's mounttable. A local attacker could use this to cause a denial of service (systemcrash). (CVE-2016-6213) It was discovered that a race condition existed in the procfsenviron_read function in the Linux kernel, leading to an integerunderflow. A local attacker could use this to expose sensitiveinformation (kernel memory). (CVE-2016-7916) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: linux-image-powerpc-smp 3.13.0.106.114 linux-image-powerpc-e500mc 3.13.0.106.114 linux-image-3.13.0-106-powerpc64-emb 3.13.0-106.153 linux-image-3.13.0-106-lowlatency 3.13.0-106.153 linux-image-3.13.0-106-generic 3.13.0-106.153 linux-image-generic 3.13.0.106.114 [ more… ]

USN-3159-2: Linux kernel (OMAP4) vulnerability Ubuntu Security Notice USN-3159-2 20th December, 2016 linux-ti-omap4 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary The system could be made to expose sensitive information. Software description linux-ti-omap4 – Linux kernel for OMAP4 Details It was discovered that a race condition existed in the procfsenviron_read function in the Linux kernel, leading to an integerunderflow. A local attacker could use this to expose sensitiveinformation (kernel memory). Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-3.2.0-1497-omap4 3.2.0-1497.124 linux-image-omap4 3.2.0.1497.92 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new [ more… ]

USN-3159-1: Linux kernel vulnerability Ubuntu Security Notice USN-3159-1 20th December, 2016 linux vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary The system could be made to expose sensitive information. Software description linux – Linux kernel Details It was discovered that a race condition existed in the procfsenviron_read function in the Linux kernel, leading to an integerunderflow. A local attacker could use this to expose sensitiveinformation (kernel memory). Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-3.2.0-119-generic-pae 3.2.0-119.162 linux-image-3.2.0-119-omap 3.2.0-119.162 linux-image-powerpc-smp 3.2.0.119.134 linux-image-3.2.0-119-powerpc-smp 3.2.0-119.162 linux-image-generic-pae 3.2.0.119.134 linux-image-highbank 3.2.0.119.134 linux-image-3.2.0-119-powerpc64-smp 3.2.0-119.162 linux-image-virtual 3.2.0.119.134 linux-image-powerpc64-smp 3.2.0.119.134 linux-image-generic 3.2.0.119.134 linux-image-3.2.0-119-generic 3.2.0-119.162 linux-image-3.2.0-119-virtual 3.2.0-119.162 linux-image-omap 3.2.0.119.134 linux-image-3.2.0-119-highbank 3.2.0-119.162 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot [ more… ]