SECURITY

USN-3071-2: Linux kernel (Trusty HWE) vulnerabilities Ubuntu Security Notice USN-3071-2 29th August, 2016 linux-lts-trusty vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise Details USN-3071-1 fixed vulnerabilities in the Linux kernel for Ubuntu14.04 LTS. This update provides the corresponding updates for theLinux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS forUbuntu 12.04 LTS. Kangjie Lu discovered an information leak in the Reliable Datagram Sockets(RDS) implementation in the Linux kernel. A local attacker could use thisto obtain potentially sensitive information from kernel memory.(CVE-2016-5244) Yue Cao et al discovered a flaw in the TCP implementation's handling ofchallenge acks in the Linux kernel. A remote attacker could use this tocause a denial of service (reset connection) [ more… ]

USN-3071-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3071-1 29th August, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Kangjie Lu discovered an information leak in the Reliable Datagram Sockets(RDS) implementation in the Linux kernel. A local attacker could use thisto obtain potentially sensitive information from kernel memory.(CVE-2016-5244) Yue Cao et al discovered a flaw in the TCP implementation's handling ofchallenge acks in the Linux kernel. A remote attacker could use this tocause a denial of service (reset connection) or inject content into an TCPstream. (CVE-2016-5696) Pengfei Wang discovered a race condition in the MIC VOP driver in the Linuxkernel. A local attacker could use this to cause a denial of service(system crash) or obtain potentially [ more… ]

USN-3070-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3070-1 29th August, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details A missing permission check when settings ACLs was discovered in nfsd. Alocal user could exploit this flaw to gain access to any file by setting anACL. (CVE-2016-1237) Kangjie Lu discovered an information leak in the Reliable Datagram Sockets(RDS) implementation in the Linux kernel. A local attacker could use thisto obtain potentially sensitive information from kernel memory.(CVE-2016-5244) James Patrick-Evans discovered that the airspy USB device driver in theLinux kernel did not properly handle certain error conditions. An attackerwith physical access could use this to cause a denial of service (memoryconsumption). (CVE-2016-5400) Yue Cao et al discovered a flaw [ more… ]

USN-3069-1: Eye of GNOME vulnerability Ubuntu Security Notice USN-3069-1 25th August, 2016 eog vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Eye of GNOME could be made to crash or run programs as your login if it opened a specially crafted image. Software description eog – Eye of GNOME graphics viewer program Details It was discovered that Eye of GNOME incorrectly handled certain invalidUTF-8 strings. If a user were tricked into opening a specially-craftedimage, a remote attacker could use this issue to cause Eye of GNOME tocrash, resulting in a denial of service, or possibly execute arbitrarycode. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: eog 3.18.2-1ubuntu2.1 Ubuntu 14.04 LTS: eog 3.10.2-0ubuntu5.2 Ubuntu 12.04 LTS: [ more… ]