No Image

USN-2912-1: libssh vulnerabilities

2016-02-24 KENNETH 0

USN-2912-1: libssh vulnerabilities Ubuntu Security Notice USN-2912-1 23rd February, 2016 libssh vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in libssh. Software description libssh – A tiny C SSH library Details Mariusz Ziulek discovered that libssh incorrectly handled certain packets.A remote attacker could possibly use this issue to cause libssh to crash,resulting in a denial of service.(CVE-2015-3146) Aris Adamantiadis discovered that libssh incorrectly generated ephemeralsecret keys of 128 bits instead of the recommended 1024 or 2048 bits whenusing the diffie-hellman-group1 and diffie-hellman-group14 methods. If aremote attacker were able to perform a man-in-the-middle attack, this flawcould be exploited to view sensitive information. (CVE-2016-0739) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libssh-4 0.6.3-3ubuntu3.2 [ more… ]

No Image

USN-2905-1: Oxide vulnerability

2016-02-23 KENNETH 0

USN-2905-1: Oxide vulnerability Ubuntu Security Notice USN-2905-1 23rd February, 2016 oxide-qt vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Summary Oxide could be made to bypass same-origin restrictions. Software description oxide-qt – Web browser engine library for Qt (QML plugin) Details A security issue was discovered in Chromium. If a user were tricked in toopening a specially crafted website, an attacker could potentially exploitthis to bypass same-origin restrictions or a sandbox protection mechanism.(CVE-2016-1629) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: liboxideqtcore0 1.12.7-0ubuntu0.15.10.1 Ubuntu 14.04 LTS: liboxideqtcore0 1.12.7-0ubuntu0.14.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-1629 Source: USN-2905-1: Oxide vulnerability

No Image

USN-2911-2: Linux kernel (OMAP4) vulnerability

2016-02-23 KENNETH 0

USN-2911-2: Linux kernel (OMAP4) vulnerability Ubuntu Security Notice USN-2911-2 22nd February, 2016 linux-ti-omap4 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary The system could be made to crash under certain conditions. Software description linux-ti-omap4 – Linux kernel for OMAP4 Details It was discovered that the Linux kernel keyring subsystem contained a racebetween read and revoke operations. A local attacker could use this tocause a denial of service (system crash). Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-3.2.0-1477-omap4 3.2.0-1477.100 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which [ more… ]

No Image

USN-2911-1: Linux kernel vulnerability

2016-02-23 KENNETH 0

USN-2911-1: Linux kernel vulnerability Ubuntu Security Notice USN-2911-1 22nd February, 2016 linux vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary The system could be made to crash under certain conditions. Software description linux – Linux kernel Details It was discovered that the Linux kernel keyring subsystem contained a racebetween read and revoke operations. A local attacker could use this tocause a denial of service (system crash). Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-3.2.0-99-generic-pae 3.2.0-99.139 linux-image-3.2.0-99-powerpc64-smp 3.2.0-99.139 linux-image-3.2.0-99-generic 3.2.0-99.139 linux-image-3.2.0-99-virtual 3.2.0-99.139 linux-image-3.2.0-99-highbank 3.2.0-99.139 linux-image-3.2.0-99-powerpc-smp 3.2.0-99.139 linux-image-3.2.0-99-omap 3.2.0-99.139 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. ATTENTION: Due to an unavoidable ABI change the [ more… ]

No Image

USN-2910-1: Linux kernel (Vivid HWE) vulnerabilities

2016-02-23 KENNETH 0

USN-2910-1: Linux kernel (Vivid HWE) vulnerabilities Ubuntu Security Notice USN-2910-1 22nd February, 2016 linux-lts-vivid vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-vivid – Linux hardware enablement kernel from Vivid Details halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,incorrectly propagated file attributes, including setuid. A localunprivileged attacker could use this to gain privileges. (CVE-2016-1576) halfdog discovered that OverlayFS in the Linux kernel incorrectlypropagated security sensitive extended attributes, such as POSIX ACLs. Alocal unprivileged attacker could use this to gain privileges.(CVE-2016-1575) It was discovered that the Linux kernel keyring subsystem contained a racebetween read and revoke operations. A local attacker could use this tocause a denial of service (system crash). (CVE-2015-7550) 郭永刚 discovered that the Linux kernel networking implementation [ more… ]