SECURITY

USN-3144-2: Linux kernel (OMAP4) vulnerability Ubuntu Security Notice USN-3144-2 30th November, 2016 linux-ti-omap4 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary The system could be made to crash under certain conditions. Software description linux-ti-omap4 – Linux kernel for OMAP4 Details Marco Grassi discovered that the driver for Areca RAID Controllers in theLinux kernel did not properly validate control messages. A local attackercould use this to cause a denial of service (system crash) or possibly gainprivileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-omap4 3.2.0.1494.89 linux-image-3.2.0-1494-omap4 3.2.0-1494.121 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel [ more… ]

USN-3144-1: Linux kernel vulnerability Ubuntu Security Notice USN-3144-1 30th November, 2016 linux vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary The system could be made to crash under certain conditions. Software description linux – Linux kernel Details Marco Grassi discovered that the driver for Areca RAID Controllers in theLinux kernel did not properly validate control messages. A local attackercould use this to cause a denial of service (system crash) or possibly gainprivileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-powerpc-smp 3.2.0.116.132 linux-image-3.2.0-116-generic 3.2.0-116.158 linux-image-3.2.0-116-virtual 3.2.0-116.158 linux-image-3.2.0-116-generic-pae 3.2.0-116.158 linux-image-generic 3.2.0.116.132 linux-image-generic-pae 3.2.0.116.132 linux-image-highbank 3.2.0.116.132 linux-image-3.2.0-116-powerpc64-smp 3.2.0-116.158 linux-image-virtual 3.2.0.116.132 linux-image-powerpc64-smp 3.2.0.116.132 linux-image-3.2.0-116-highbank 3.2.0-116.158 linux-image-3.2.0-116-omap 3.2.0-116.158 linux-image-3.2.0-116-powerpc-smp 3.2.0-116.158 linux-image-omap 3.2.0.116.132 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system [ more… ]

USN-3147-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3147-1 30th November, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Andreas Gruenbacher and Jan Kara discovered that the filesystemimplementation in the Linux kernel did not clear the setgid bit during asetxattr call. A local attacker could use this to possibly elevate groupprivileges. (CVE-2016-7097) Marco Grassi discovered that the driver for Areca RAID Controllers in theLinux kernel did not properly validate control messages. A local attackercould use this to cause a denial of service (system crash) or possibly gainprivileges. (CVE-2016-7425) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: linux-image-powerpc-smp 4.8.0.28.37 linux-image-powerpc-e500mc 4.8.0.28.37 linux-image-generic 4.8.0.28.37 linux-image-4.8.0-28-lowlatency 4.8.0-28.30 linux-image-lowlatency 4.8.0.28.37 linux-image-4.8.0-28-generic [ more… ]

USN-3143-1: c-ares vulnerability Ubuntu Security Notice USN-3143-1 30th November, 2016 c-ares vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary c-ares could be made to crash or run programs if it processed a specially crafted hostname. Software description c-ares – library for asynchronous name resolves Details Gzob Qq discovered that c-ares incorrectly handled certain hostnames. Aremote attacker could use this issue to cause applications using c-ares tocrash, resulting in a denial of service, or possibly execute arbitrarycode. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libc-ares2 1.11.0-1ubuntu0.1 Ubuntu 16.04 LTS: libc-ares2 1.10.0-3ubuntu0.1 Ubuntu 14.04 LTS: libc-ares2 1.10.0-2ubuntu0.1 Ubuntu 12.04 LTS: libc-ares2 1.7.5-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard [ more… ]