Ubuntu security

USN-3510-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3510-1 7th December, 2017 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel Details Mohamed Ghannam discovered that a use-after-free vulnerability existed inthe Netlink subsystem (XFRM) in the Linux kernel. A local attacker coulduse this to cause a denial of service (system crash) or possibly executearbitrary code. (CVE-2017-16939) It was discovered that the Linux kernel did not properly handle copy-on-write of transparent huge pages. A local attacker could use this to cause adenial of service (application crashes) or possibly gain administrativeprivileges. (CVE-2017-1000405) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: linux-image-3.13.0-137-powerpc-smp 3.13.0-137.186 linux-image-powerpc-smp 3.13.0.137.146 linux-image-powerpc-e500mc 3.13.0.137.146 linux-image-generic 3.13.0.137.146 linux-image-3.13.0-137-powerpc64-smp [ more… ]

USN-3510-2: Linux kernel (Trusty HWE) vulnerabilities Ubuntu Security Notice USN-3510-2 7th December, 2017 linux-lts-trusty vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise ESM Details USN-3510-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu12.04 ESM. Mohamed Ghannam discovered that a use-after-free vulnerability existed inthe Netlink subsystem (XFRM) in the Linux kernel. A local attacker coulduse this to cause a denial of service (system crash) or possibly executearbitrary code. (CVE-2017-16939) It was discovered that the Linux kernel did not properly handle copy-on-write of transparent huge pages. A local attacker could use this to cause [ more… ]

USN-3511-1: Linux kernel (Azure) vulnerabilities Ubuntu Security Notice USN-3511-1 7th December, 2017 linux-azure vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-azure – Linux kernel for Microsoft Azure Cloud systems Details Mohamed Ghannam discovered that a use-after-free vulnerability existed inthe Netlink subsystem (XFRM) in the Linux kernel. A local attacker coulduse this to cause a denial of service (system crash) or possibly executearbitrary code. (CVE-2017-16939) It was discovered that the Linux kernel did not properly handle copy-on-write of transparent huge pages. A local attacker could use this to cause adenial of service (application crashes) or possibly gain administrativeprivileges. (CVE-2017-1000405) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: linux-image-azure 4.11.0.1016.16 linux-image-4.11.0-1016-azure [ more… ]

USN-3506-1: rsync vulnerabilities Ubuntu Security Notice USN-3506-1 7th December, 2017 rsync vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in rsync. Software description rsync – fast, versatile, remote (and local) file-copying tool Details It was discovered that rsync proceeds with certain file metadata updatesbefore checking for a filename. An attacker could use this to bypass accessrestrictions. (CVE-2017-17433) It was discovered that rsync does not check for fnamecmp filenames and alsodoes not apply the sanitize_paths protection mechanism to pathnames. An attackercould use this to bypass access restrictions. (CVE-2017-17434) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: rsync 3.1.2-2ubuntu0.1 Ubuntu 17.04: rsync 3.1.2-1ubuntu0.1 Ubuntu 16.04 LTS: rsync 3.1.1-3ubuntu1.1 Ubuntu 14.04 LTS: rsync [ more… ]

USN-3506-2: rsync vulnerabilities Ubuntu Security Notice USN-3506-2 7th December, 2017 rsync vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in rsync. Software description rsync – fast, versatile, remote (and local) file-copying tool Details USN-3506-1 fixed two vulnerabilities in rsync. This update providesthe corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that rsync proceeds with certain file metadata updates before checking for a filename. An attacker could use this to bypass access restrictions. (CVE-2017-17433) It was discovered that rsync does not check for fnamecmp filenames and also does not apply the sanitize_paths protection mechanism to pathnames. An attacker could use this to bypass access restrictions. (CVE-2017-17434) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 [ more… ]