SECURITY

No Image

RHSA-2017:2428-1: Important: kernel security update

2017-08-08 KENNETH 0

RHSA-2017:2428-1: Important: kernel security update Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support and Red Hat Enterprise Linux 6.5 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2017-7895 Source: RHSA-2017:2428-1: Important: kernel security update

No Image

RHSA-2017:2429-1: Important: kernel security and bug fix update

2017-08-08 KENNETH 0

RHSA-2017:2429-1: Important: kernel security and bug fix update Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2017-7895 Source: RHSA-2017:2429-1: Important: kernel security and bug fix update

No Image

USN-3381-2: Linux kernel (Trusty HWE) vulnerabilities

2017-08-08 KENNETH 0

USN-3381-2: Linux kernel (Trusty HWE) vulnerabilities Ubuntu Security Notice USN-3381-2 7th August, 2017 linux-lts-trusty vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise ESM Details USN-3381-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu12.04 ESM. Peter Pi discovered that the colormap handling for frame buffer devices inthe Linux kernel contained an integer overflow. A local attacker could usethis to disclose sensitive information (kernel memory). (CVE-2016-8405) It was discovered that the Linux kernel did not properly restrictRLIMIT_STACK size. A local attacker could use this in conjunction withanother vulnerability to possibly execute arbitrary code.(CVE-2017-1000365) It [ more… ]

No Image

USN-3381-1: Linux kernel vulnerabilities

2017-08-08 KENNETH 0

USN-3381-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3381-1 7th August, 2017 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel Details Peter Pi discovered that the colormap handling for frame buffer devices inthe Linux kernel contained an integer overflow. A local attacker could usethis to disclose sensitive information (kernel memory). (CVE-2016-8405) It was discovered that the Linux kernel did not properly restrictRLIMIT_STACK size. A local attacker could use this in conjunction withanother vulnerability to possibly execute arbitrary code.(CVE-2017-1000365) It was discovered that SELinux in the Linux kernel did not properly handleempty writes to /proc/pid/attr. A local attacker could use this to cause adenial of service (system crash). (CVE-2017-2618) 石磊 discovered that the RxRPC Kerberos 5 ticket handling [ more… ]

No Image

The MSRC 2017 list of “Top 100” security researchers

2017-08-08 KENNETH 0

The MSRC 2017 list of “Top 100” security researchers Security researchers play an essential role in Microsoft’s security strategy and are key to community-based defense. To show our appreciation for their hard work and partnership, each year at BlackHat North America, the Microsoft Security Response Center highlights contributions of these researchers through the list of “Top 100” security researchers reporting to Microsoft. This list ranks security researchers reporting directly to Microsoft according to the quantity and quality of all reports for which we’ve issued fixes. While one criteria for the ranking is volume of reports a researcher has made, the severity and impact of the reports is very important to the ranking. Higher-impact issues carry more weight than lower-impact ones. While this list does not include security researchers who report to our partners ZDI and iDefense as we do not [ more… ]