SECURITY

USN-3019-1: Linux kernel (Utopic HWE) vulnerabilities Ubuntu Security Notice USN-3019-1 27th June, 2016 linux-lts-utopic vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-utopic – Linux hardware enablement kernel from Utopic for Trusty Details Jesse Hertz and Tim Newsham discovered that the Linux netfilterimplementation did not correctly perform validation when handling 32 bitcompatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A localunprivileged attacker could use this to cause a denial of service (systemcrash) or execute arbitrary code with administrative privileges.(CVE-2016-4997) Kangjie Lu discovered an information leak in the core USB implementation inthe Linux kernel. A local attacker could use this to obtain potentiallysensitive information from kernel memory. (CVE-2016-4482) Jann Horn discovered that the InfiniBand interfaces within the Linux kernelcould be coerced into overwriting kernel [ more… ]

USN-3018-2: Linux kernel (Trusty HWE) vulnerabilities Ubuntu Security Notice USN-3018-2 27th June, 2016 linux-lts-trusty vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise Details USN-3018-1 fixed vulnerabilities in the Linux kernel for Ubuntu14.04 LTS. This update provides the corresponding updates for theLinux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS forUbuntu 12.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilterimplementation did not correctly perform validation when handling 32 bitcompatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A localunprivileged attacker could use this to cause a denial of service (systemcrash) or execute arbitrary code with administrative privileges.(CVE-2016-4997) Kangjie Lu discovered an information leak in the core USB implementation inthe Linux kernel. A [ more… ]

USN-3018-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3018-1 27th June, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Jesse Hertz and Tim Newsham discovered that the Linux netfilterimplementation did not correctly perform validation when handling 32 bitcompatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A localunprivileged attacker could use this to cause a denial of service (systemcrash) or execute arbitrary code with administrative privileges.(CVE-2016-4997) Kangjie Lu discovered an information leak in the core USB implementation inthe Linux kernel. A local attacker could use this to obtain potentiallysensitive information from kernel memory. (CVE-2016-4482) Jann Horn discovered that the InfiniBand interfaces within the Linux kernelcould be coerced into overwriting kernel memory. A local unprivilegedattacker could use this to [ more… ]

USN-3016-4: Linux kernel (Xenial HWE) vulnerabilities Ubuntu Security Notice USN-3016-4 27th June, 2016 linux-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3016-1 fixed vulnerabilities in the Linux kernel for Ubuntu16.04 LTS. This update provides the corresponding updates for theLinux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS forUbuntu 14.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilterimplementation did not correctly perform validation when handling 32 bitcompatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A localunprivileged attacker could use this to cause a denial of service (systemcrash) or execute arbitrary code with administrative privileges.(CVE-2016-4997) Kangjie Lu discovered an information leak in the core USB implementation inthe Linux kernel. A [ more… ]

USN-3017-3: Linux kernel (Wily HWE) vulnerabilities Ubuntu Security Notice USN-3017-3 27th June, 2016 linux-lts-wily vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-wily – Linux hardware enablement kernel from Wily for Trusty Details USN-3017-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10.This update provides the corresponding updates for the Linux HardwareEnablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilterimplementation did not correctly perform validation when handling 32 bitcompatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A localunprivileged attacker could use this to cause a denial of service (systemcrash) or execute arbitrary code with administrative privileges.(CVE-2016-4997) Kangjie Lu discovered an information leak in the core USB implementation inthe Linux kernel. A local [ more… ]