SECURITY

USN-2965-3: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-2965-3 6th May, 2016 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Jann Horn discovered that the extended Berkeley Packet Filter (eBPF)implementation in the Linux kernel did not properly reference count filedescriptors, leading to a use-after-free. A local unprivileged attackercould use this to gain administrative privileges. (CVE-2016-4557) Ralf Spenneberg discovered that the USB sound subsystem in the Linux kerneldid not properly validate USB device descriptors. An attacker with physicalaccess could use this to cause a denial of service (system crash).(CVE-2016-2184) Ralf Spenneberg discovered that the ATI Wonder Remote II USB driver in theLinux kernel did not properly validate USB device descriptors. An [ more… ]

USN-2965-2: Linux kernel (Xenial HWE) vulnerabilities Ubuntu Security Notice USN-2965-2 6th May, 2016 linux-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-2965-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu14.04 LTS. Jann Horn discovered that the extended Berkeley Packet Filter (eBPF)implementation in the Linux kernel did not properly reference count filedescriptors, leading to a use-after-free. A local unprivileged attackercould use this to gain administrative privileges. (CVE-2016-4557) Ralf Spenneberg discovered that the USB sound subsystem in the Linux kerneldid not properly validate USB device descriptors. An attacker with physicalaccess could use this [ more… ]

USN-2964-1: OpenJDK 7 vulnerabilities Ubuntu Security Notice USN-2964-1 4th May, 2016 openjdk-7 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Summary Several security issues were fixed in OpenJDK 7. Software description openjdk-7 – Open Source Java implementation Details Multiple vulnerabilities were discovered in the OpenJDK JRE related to informationdisclosure, data integrity, and availability. An attacker could exploitthese to cause a denial of service, expose sensitive data over the network,or possibly execute arbitrary code. (CVE-2016-0686, CVE-2016-0687,CVE-2016-3427) A vulnerability was discovered in the OpenJDK JRE related to informationdisclosure. An attacker could exploit this to expose sensitive data overthe network. (CVE-2016-0695) A vulnerability was discovered in the OpenJDK JRE related to availability.An attacker could exploit this to cause a denial of service.(CVE-2016-3425) Update instructions The problem can be corrected by updating your system to [ more… ]

USN-2963-1: OpenJDK 8 vulnerabilities Ubuntu Security Notice USN-2963-1 4th May, 2016 openjdk-8 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in OpenJDK 8. Software description openjdk-8 – Open Source Java implementation Details Multiple vulnerabilities were discovered in the OpenJDK JRE related toinformation disclosure, data integrity, and availability. An attackercould exploit these to cause a denial of service, expose sensitive dataover the network, or possibly execute arbitrary code. (CVE-2016-0686,CVE-2016-0687, CVE-2016-3427) Multiple vulnerabilities were discovered in the OpenJDK JRE relatedto information disclosure. An attacker could exploit this to exposesensitive data over the network. (CVE-2016-0695, CVE-2016-3426) A vulnerability was discovered in the OpenJDK JRE related to availability.An attacker could exploit this to cause a denial of service.(CVE-2016-3425) Update instructions The problem can be corrected by updating your system to the [ more… ]

USN-2961-1: Little CMS vulnerability Ubuntu Security Notice USN-2961-1 4th May, 2016 lcms2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Applications using the Little CMS library could be made to crash or run programs as your login if it opened a specially crafted file. Software description lcms2 – Little CMS color management library Details It was discovered that a double free() could occur when the intent handlingcode in the Little CMS library detected an error. An attacker could usethis to specially craft a file that caused an application using the LittleCMS library to crash or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: liblcms2-utils 2.5-0ubuntu4.1 liblcms2-2 2.5-0ubuntu4.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After [ more… ]