Ubuntu security

USN-2978-3: Linux kernel (Raspberry Pi 2) vulnerability Ubuntu Security Notice USN-2978-3 16th May, 2016 linux-raspi2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Summary The system could be made to crash or run programs as an administrator. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder didnot properly process certificate files with tags of indefinite length. Alocal unprivileged attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code with administrativeprivileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: linux-image-4.2.0-1029-raspi2 4.2.0-1029.38 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. ATTENTION: [ more… ]

USN-2979-3: Linux kernel (Raspberry Pi 2) vulnerability Ubuntu Security Notice USN-2979-3 16th May, 2016 linux-raspi2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary The system could be made to crash or run programs as an administrator. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder didnot properly process certificate files with tags of indefinite length. Alocal unprivileged attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code with administrativeprivileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: linux-image-4.4.0-1010-raspi2 4.4.0-1010.13 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary [ more… ]

USN-2979-2: Linux kernel (Xenial HWE) vulnerabilities Ubuntu Security Notice USN-2979-2 16th May, 2016 linux-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-2979-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu14.04 LTS. David Matlack discovered that the Kernel-based Virtual Machine (KVM)implementation in the Linux kernel did not properly restrict variableMemory Type Range Registers (MTRR) in KVM guests. A privileged user in aguest VM could use this to cause a denial of service (system crash) in thehost, expose sensitive information from the host, or possibly gainadministrative privileges in the host. (CVE-2016-3713) Philip Pettersson [ more… ]

USN-2979-4: Linux kernel (Qualcomm Snapdragon) vulnerability Ubuntu Security Notice USN-2979-4 16th May, 2016 linux-snapdragon vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary The system could be made to crash or run programs as an administrator. Software description linux-snapdragon – Linux kernel for Snapdragon Processors Details Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder didnot properly process certificate files with tags of indefinite length. Alocal unprivileged attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code with administrativeprivileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: linux-image-4.4.0-1013-snapdragon 4.4.0-1013.15 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. ATTENTION: [ more… ]

USN-2974-1: QEMU vulnerabilities Ubuntu Security Notice USN-2974-1 12th May, 2016 qemu, qemu-kvm vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in QEMU. Software description qemu – Machine emulator and virtualizer qemu-kvm – Machine emulator and virtualizer Details Zuozhi Fzz discovered that QEMU incorrectly handled USB OHCI emulationsupport. A privileged attacker inside the guest could use this issue tocause QEMU to crash, resulting in a denial of service. (CVE-2016-2391) Qinghao Tang discovered that QEMU incorrectly handled USB Net emulationsupport. A privileged attacker inside the guest could use this issue tocause QEMU to crash, resulting in a denial of service. (CVE-2016-2392) Qinghao Tang discovered that QEMU incorrectly handled USB Net emulationsupport. A privileged attacker inside the guest could use this issue [ more… ]