Ubuntu security

USN-3419-2: Linux kernel (HWE) vulnerabilities Ubuntu Security Notice USN-3419-2 18th September, 2017 linux-hwe vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-hwe – Linux hardware enablement (HWE) kernel Details USN-3419-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu16.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack ofthe Linux kernel when handling L2CAP configuration responses. A physicallyproximate attacker could use this to cause a denial of service (systemcrash). (CVE-2017-1000251) It was discovered that a buffer overflow existed in the Broadcom FullMACWLAN driver in the Linux kernel. A local attacker could use this to cause adenial of service (system crash) or [ more… ]

USN-3419-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3419-1 18th September, 2017 linux, linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-raspi2 – Linux kernel for Raspberry Pi 2 Details It was discovered that a buffer overflow existed in the Bluetooth stack ofthe Linux kernel when handling L2CAP configuration responses. A physicallyproximate attacker could use this to cause a denial of service (systemcrash). (CVE-2017-1000251) It was discovered that a buffer overflow existed in the Broadcom FullMACWLAN driver in the Linux kernel. A local attacker could use this to cause adenial of service (system crash) or possibly execute arbitrary code.(CVE-2017-7541) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: linux-image-generic [ more… ]

USN-3420-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3420-1 18th September, 2017 linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gke – Linux kernel for Google Container Engine (GKE) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors Details It was discovered that a buffer overflow existed in the Bluetooth stack ofthe Linux kernel when handling L2CAP configuration responses. A physicallyproximate attacker could use this to cause a denial of service (systemcrash). (CVE-2017-1000251) It was discovered that the Flash-Friendly File System (f2fs) implementationin the Linux kernel did not [ more… ]

USN-3422-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3422-1 18th September, 2017 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel Details It was discovered that a buffer overflow existed in the Bluetooth stack ofthe Linux kernel when handling L2CAP configuration responses. A physicallyproximate attacker could use this to cause a denial of service (systemcrash). (CVE-2017-1000251) It was discovered that the asynchronous I/O (aio) subsystem of the Linuxkernel did not properly set permissions on aio memory mappings in somesituations. An attacker could use this to more easily exploit othervulnerabilities. (CVE-2016-10044) Baozeng Ding and Andrey Konovalov discovered a race condition in the L2TPv3IP Encapsulation implementation in the Linux kernel. A local attacker coulduse this to cause a denial of [ more… ]

USN-3424-1: libxml2 vulnerabilities Ubuntu Security Notice USN-3424-1 18th September, 2017 libxml2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in libxml2. Software description libxml2 – GNOME XML library Details It was discovered that a type confusion error existed in libxml2. Anattacker could use this to specially construct XML data thatcould cause a denial of service or possibly execute arbitrarycode. (CVE-2017-0663) It was discovered that libxml2 did not properly validate parsed entityreferences. An attacker could use this to specially construct XMLdata that could expose sensitive information. (CVE-2017-7375) It was discovered that a buffer overflow existed in libxml2 whenhandling HTTP redirects. An attacker could use this to speciallyconstruct XML data that could cause a denial of service or possiblyexecute arbitrary code. (CVE-2017-7376) Marcel Böhme [ more… ]