SECURITY

USN-3127-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3127-1 11th November, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details It was discovered that the compression handling code in the Advanced LinuxSound Architecture (ALSA) subsystem in the Linux kernel did not properlycheck for an integer overflow. A local attacker could use this to cause adenial of service (system crash). (CVE-2014-9904) Kirill A. Shutemov discovered that memory manager in the Linux kernel didnot properly handle anonymous pages. A local attacker could use this tocause a denial of service or possibly gain administrative privileges.(CVE-2015-3288) Vitaly Kuznetsov discovered that the Linux kernel did not properly suppresshugetlbfs support in X86 paravirtualized guests. An attacker in the guestOS could cause a denial [ more… ]

USN-3126-2: Linux kernel (OMAP4) vulnerabilities Ubuntu Security Notice USN-3126-2 11th November, 2016 linux-ti-omap4 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-ti-omap4 – Linux kernel for OMAP4 Details Ondrej Kozina discovered that the keyring interface in the Linux kernelcontained a buffer overflow when displaying timeout events via the/proc/keys interface. A local attacker could use this to cause a denial ofservice (system crash). (CVE-2016-7042) Dmitry Vyukov discovered a use-after-free vulnerability during errorprocessing in the recvmmsg(2) implementation in the Linux kernel. A remoteattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code. (CVE-2016-7117) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-omap4 3.2.0.1493.88 linux-image-3.2.0-1493-omap4 3.2.0-1493.120 To update [ more… ]

USN-3126-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3126-1 11th November, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Ondrej Kozina discovered that the keyring interface in the Linux kernelcontained a buffer overflow when displaying timeout events via the/proc/keys interface. A local attacker could use this to cause a denial ofservice (system crash). (CVE-2016-7042) Dmitry Vyukov discovered a use-after-free vulnerability during errorprocessing in the recvmmsg(2) implementation in the Linux kernel. A remoteattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code. (CVE-2016-7117) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-3.2.0-115-generic 3.2.0-115.157 linux-image-3.2.0-115-powerpc-smp 3.2.0-115.157 linux-image-powerpc 3.2.0.115.131 linux-image-3.2.0-115-virtual 3.2.0-115.157 linux-image-3.2.0-115-highbank [ more… ]

USN-3129-2: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-3129-2 11th November, 2016 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Summary The system could be made to crash under certain conditions. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Ondrej Kozina discovered that the keyring interface in the Linux kernelcontained a buffer overflow when displaying timeout events via the/proc/keys interface. A local attacker could use this to cause a denial ofservice (system crash). (CVE-2016-7042) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: linux-image-4.8.0-1018-raspi2 4.8.0-1018.21 linux-image-raspi2 4.8.0.1018.21 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. ATTENTION: Due to an unavoidable ABI change [ more… ]

USN-3129-1: Linux kernel vulnerability Ubuntu Security Notice USN-3129-1 11th November, 2016 linux vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Summary The system could be made to crash under certain conditions. Software description linux – Linux kernel Details Ondrej Kozina discovered that the keyring interface in the Linux kernelcontained a buffer overflow when displaying timeout events via the/proc/keys interface. A local attacker could use this to cause a denial ofservice (system crash). Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: linux-image-powerpc-smp 4.8.0.27.36 linux-image-powerpc-e500mc 4.8.0.27.36 linux-image-4.8.0-27-lowlatency 4.8.0-27.29 linux-image-generic 4.8.0.27.36 linux-image-generic-lpae 4.8.0.27.36 linux-image-4.8.0-27-generic-lpae 4.8.0-27.29 linux-image-powerpc64-emb 4.8.0.27.36 linux-image-4.8.0-27-powerpc64-emb 4.8.0-27.29 linux-image-powerpc64-smp 4.8.0.27.36 linux-image-4.8.0-27-generic 4.8.0-27.29 linux-image-4.8.0-27-powerpc-e500mc 4.8.0-27.29 linux-image-lowlatency 4.8.0.27.36 linux-image-virtual 4.8.0.27.36 linux-image-4.8.0-27-powerpc-smp 4.8.0-27.29 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need [ more… ]