SECURITY

USN-3070-3: Linux kernel (Qualcomm Snapdragon) vulnerabilities Ubuntu Security Notice USN-3070-3 30th August, 2016 linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-snapdragon – Linux kernel for Snapdragon Processors Details A missing permission check when settings ACLs was discovered in nfsd. Alocal user could exploit this flaw to gain access to any file by setting anACL. (CVE-2016-1237) Kangjie Lu discovered an information leak in the Reliable Datagram Sockets(RDS) implementation in the Linux kernel. A local attacker could use thisto obtain potentially sensitive information from kernel memory.(CVE-2016-5244) James Patrick-Evans discovered that the airspy USB device driver in theLinux kernel did not properly handle certain error conditions. An attackerwith physical access could use this to cause a denial of service (memoryconsumption). (CVE-2016-5400) Yue Cao [ more… ]

USN-3070-2: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-3070-2 30th August, 2016 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details A missing permission check when settings ACLs was discovered in nfsd. Alocal user could exploit this flaw to gain access to any file by setting anACL. (CVE-2016-1237) Kangjie Lu discovered an information leak in the Reliable Datagram Sockets(RDS) implementation in the Linux kernel. A local attacker could use thisto obtain potentially sensitive information from kernel memory.(CVE-2016-5244) James Patrick-Evans discovered that the airspy USB device driver in theLinux kernel did not properly handle certain error conditions. An attackerwith physical access could use this to cause a denial of service (memoryconsumption). (CVE-2016-5400) [ more… ]

USN-3072-2: Linux kernel (OMAP4) vulnerabilities Ubuntu Security Notice USN-3072-2 29th August, 2016 linux-ti-omap4 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-ti-omap4 – Linux kernel for OMAP4 Details Kangjie Lu discovered an information leak in the Reliable Datagram Sockets(RDS) implementation in the Linux kernel. A local attacker could use thisto obtain potentially sensitive information from kernel memory.(CVE-2016-5244) Yue Cao et al discovered a flaw in the TCP implementation's handling ofchallenge acks in the Linux kernel. A remote attacker could use this tocause a denial of service (reset connection) or inject content into an TCPstream. (CVE-2016-5696) It was discovered that a heap based buffer overflow existed in the USB HIDdriver in the Linux kernel. A local attacker could use this cause a denialof [ more… ]

USN-3072-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3072-1 29th August, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Kangjie Lu discovered an information leak in the Reliable Datagram Sockets(RDS) implementation in the Linux kernel. A local attacker could use thisto obtain potentially sensitive information from kernel memory.(CVE-2016-5244) Yue Cao et al discovered a flaw in the TCP implementation's handling ofchallenge acks in the Linux kernel. A remote attacker could use this tocause a denial of service (reset connection) or inject content into an TCPstream. (CVE-2016-5696) It was discovered that a heap based buffer overflow existed in the USB HIDdriver in the Linux kernel. A local attacker could use this cause a denialof service (system crash) [ more… ]