No Image

USN-3620-2: Linux kernel (Trusty HWE) vulnerabilities

2018-04-05 KENNETH 0

USN-3620-2: Linux kernel (Trusty HWE) vulnerabilities linux-lts-trusty vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Several security issues were fixed in the Linux kernel. Software Description linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise ESM Details USN-3620-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715) It was discovered that the netlink 802.11 configuration interface in the Linux kernel did not properly validate some attributes passed from userspace. A [ more… ]

No Image

USN-3620-1: Linux kernel vulnerabilities

2018-04-05 KENNETH 0

USN-3620-1: Linux kernel vulnerabilities linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel Details It was discovered that the netlink 802.11 configuration interface in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker with the CAP_NET_ADMIN privilege could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11089) It was discovered that a buffer overflow existed in the ioctl handling code in the ISDN subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-12762) It was discovered that the netfilter component of the Linux did not properly restrict access to [ more… ]

No Image

USN-3619-1: Linux kernel vulnerabilities

2018-04-05 KENNETH 0

USN-3619-1: Linux kernel vulnerabilities linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors Details Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16995) It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could [ more… ]

No Image

USN-3617-3: Linux kernel (Raspberry Pi 2) vulnerabilities

2018-04-05 KENNETH 0

USN-3617-3: Linux kernel (Raspberry Pi 2) vulnerabilities linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Summary Several security issues were fixed in the Linux kernel. Software Description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861) It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129) Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. [ more… ]

No Image

USN-3618-1: LibVNCServer vulnerability

2018-04-04 KENNETH 0

USN-3618-1: LibVNCServer vulnerability libvncserver vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary LibVNCServer could be made to crash, expose sensitive information, or run programs if it received specially crafted network traffic. Software Description libvncserver – vnc server library Details It was discovered that LibVNCServer incorrectly handled certain packet lengths. A remote attacker able to connect to a LibVNCServer could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10 libvncclient1 – 0.9.11+dfsg-1ubuntu0.1 libvncserver1 – 0.9.11+dfsg-1ubuntu0.1 Ubuntu 16.04 LTS libvncserver1 – 0.9.10+dfsg-3ubuntu0.16.04.2 Ubuntu 14.04 LTS libvncserver0 – 0.9.9+dfsg-1ubuntu1.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you [ more… ]