SECURITY

USN-3378-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3378-1 3rd August, 2017 linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gke – Linux kernel for Google Container Engine (GKE) systems linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors Details Fan Wu and Shixiong Zhao discovered a race condition between inotify eventsand vfs rename operations in the Linux kernel. An unprivileged localattacker could use this to cause a denial of service (system crash) orexecute arbitrary code. (CVE-2017-7533) It was discovered that the Linux kernel did not properly restrictRLIMIT_STACK size. A local attacker could use this in conjunction [ more… ]

USN-3377-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3377-1 3rd August, 2017 linux, linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Fan Wu and Shixiong Zhao discovered a race condition between inotify eventsand vfs rename operations in the Linux kernel. An unprivileged localattacker could use this to cause a denial of service (system crash) orexecute arbitrary code. (CVE-2017-7533) It was discovered that the Linux kernel did not properly restrictRLIMIT_STACK size. A local attacker could use this in conjunction withanother vulnerability to possibly execute arbitrary code.(CVE-2017-1000365) 李强 discovered that the Virtio GPU driver in the Linux kernel did notproperly free memory in some situations. A local attacker could use this [ more… ]