Ubuntu security

Ubuntu security notices

No Image

USN-2966-1: OpenSSH vulnerabilities

2016-05-10 KENNETH 0

USN-2966-1: OpenSSH vulnerabilities Ubuntu Security Notice USN-2966-1 9th May, 2016 openssh vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in OpenSSH. Software description openssh – secure shell (SSH) for secure access to remote machines Details Shayan Sadigh discovered that OpenSSH incorrectly handled environment fileswhen the UseLogin feature is enabled. A local attacker could use this issueto gain privileges. (CVE-2015-8325) Ben Hawkes discovered that OpenSSH incorrectly handled certain networktraffic. A remote attacker could possibly use this issue to cause OpenSSHto crash, resulting in a denial of service. This issue only applied toUbuntu 15.10. (CVE-2016-1907) Thomas Hoger discovered that OpenSSH incorrectly handled untrusted X11forwarding when the SECURITY extension is disabled. A connection configuredas being untrusted could get switched to trusted in certain scenarios,contrary to [ more… ]

No Image

USN-2965-1: Linux kernel vulnerabilities

2016-05-07 KENNETH 0

USN-2965-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-2965-1 6th May, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Jann Horn discovered that the extended Berkeley Packet Filter (eBPF)implementation in the Linux kernel did not properly reference count filedescriptors, leading to a use-after-free. A local unprivileged attackercould use this to gain administrative privileges. (CVE-2016-4557) Ralf Spenneberg discovered that the USB sound subsystem in the Linux kerneldid not properly validate USB device descriptors. An attacker with physicalaccess could use this to cause a denial of service (system crash).(CVE-2016-2184) Ralf Spenneberg discovered that the ATI Wonder Remote II USB driver in theLinux kernel did not properly validate USB device descriptors. An attackerwith physical access could use this to [ more… ]

No Image

USN-2965-4: Linux kernel (Qualcomm Snapdragon) vulnerability

2016-05-07 KENNETH 0

USN-2965-4: Linux kernel (Qualcomm Snapdragon) vulnerability Ubuntu Security Notice USN-2965-4 6th May, 2016 linux-snapdragon vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-snapdragon – Linux kernel for Snapdragon Processors Details Jann Horn discovered that the extended Berkeley Packet Filter (eBPF)implementation in the Linux kernel did not properly reference count filedescriptors, leading to a use-after-free. A local unprivileged attackercould use this to gain administrative privileges. Ralf Spenneberg discovered that the USB sound subsystem in the Linux kerneldid not properly validate USB device descriptors. An attacker with physicalaccess could use this to cause a denial of service (system crash).(CVE-2016-2184) Ralf Spenneberg discovered that the ATI Wonder Remote II USB driver in theLinux kernel did not properly validate USB device descriptors. An attackerwith physical access [ more… ]

No Image

USN-2965-3: Linux kernel (Raspberry Pi 2) vulnerabilities

2016-05-07 KENNETH 0

USN-2965-3: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-2965-3 6th May, 2016 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Jann Horn discovered that the extended Berkeley Packet Filter (eBPF)implementation in the Linux kernel did not properly reference count filedescriptors, leading to a use-after-free. A local unprivileged attackercould use this to gain administrative privileges. (CVE-2016-4557) Ralf Spenneberg discovered that the USB sound subsystem in the Linux kerneldid not properly validate USB device descriptors. An attacker with physicalaccess could use this to cause a denial of service (system crash).(CVE-2016-2184) Ralf Spenneberg discovered that the ATI Wonder Remote II USB driver in theLinux kernel did not properly validate USB device descriptors. An [ more… ]

No Image

USN-2965-2: Linux kernel (Xenial HWE) vulnerabilities

2016-05-07 KENNETH 0

USN-2965-2: Linux kernel (Xenial HWE) vulnerabilities Ubuntu Security Notice USN-2965-2 6th May, 2016 linux-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-2965-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu14.04 LTS. Jann Horn discovered that the extended Berkeley Packet Filter (eBPF)implementation in the Linux kernel did not properly reference count filedescriptors, leading to a use-after-free. A local unprivileged attackercould use this to gain administrative privileges. (CVE-2016-4557) Ralf Spenneberg discovered that the USB sound subsystem in the Linux kerneldid not properly validate USB device descriptors. An attacker with physicalaccess could use this [ more… ]