Ubuntu security

USN-2935-1: PAM vulnerabilities Ubuntu Security Notice USN-2935-1 16th March, 2016 pam vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in PAM. Software description pam – Pluggable Authentication Modules Details It was discovered that the PAM pam_userdb module incorrectly used acase-insensitive method when comparing hashed passwords. A local attackercould possibly use this issue to make brute force attacks easier. Thisissue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2013-7041) Sebastian Krahmer discovered that the PAM pam_timestamp module incorrectlyperformed filtering. A local attacker could use this issue to createarbitrary files, or possibly bypass authentication. This issue onlyaffected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-2583) Sebastien Macke discovered that the PAM pam_unix module incorrectly handledlarge passwords. A local attacker could possibly use this [ more… ]

USN-2930-3: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-2930-3 16th March, 2016 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Summary Several security issues were fixed in the kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Ben Hawkes discovered that the Linux netfilter implementation did notcorrectly perform validation when handling IPT_SO_SET_REPLACE events. Alocal unprivileged attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code with administrativeprivileges. (CVE-2016-3134) Ben Hawkes discovered an integer overflow in the Linux netfilterimplementation. On systems running 32 bit kernels, a local unprivilegedattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code with administrative privileges.(CVE-2016-3135) Ralf Spenneberg discovered that the USB driver for Clie devices in theLinux kernel did not properly sanity [ more… ]

USN-2933-1: Exim vulnerabilities Ubuntu Security Notice USN-2933-1 15th March, 2016 exim4 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Exim. Software description exim4 – Exim is a mail transport agent Details It was discovered that Exim incorrectly filtered environment variables whenused with the perl_startup configuration option. If the perl_startup optionwas enabled, a local attacker could use this issue to escalate theirprivileges to the root user. This issue has been fixed by having Exim cleanthe complete execution environment by default on startup, including anysubprocesses such as transports that call other programs. This change inbehaviour may break existing installations and can be adjusted by using twonew configuration options, keep_environment and add_environment.(CVE-2016-1531) Patrick William discovered that Exim incorrectly expanded mathematicalcomparisons twice. A local attacker [ more… ]

USN-2930-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-2930-1 14th March, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Ben Hawkes discovered that the Linux netfilter implementation did notcorrectly perform validation when handling IPT_SO_SET_REPLACE events. Alocal unprivileged attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code with administrativeprivileges. (CVE-2016-3134) Ben Hawkes discovered an integer overflow in the Linux netfilterimplementation. On systems running 32 bit kernels, a local unprivilegedattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code with administrative privileges.(CVE-2016-3135) Ralf Spenneberg discovered that the USB driver for Clie devices in theLinux kernel did not properly sanity check the endpoints reported by thedevice. An [ more… ]

USN-2932-1: Linux kernel (Vivid HWE) vulnerabilities Ubuntu Security Notice USN-2932-1 14th March, 2016 linux-lts-vivid vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-vivid – Linux hardware enablement kernel from Vivid for Trusty Details Ben Hawkes discovered that the Linux netfilter implementation did notcorrectly perform validation when handling IPT_SO_SET_REPLACE events. Alocal unprivileged attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code with administrativeprivileges. (CVE-2016-3134) It was discovered that the Linux kernel did not properly enforce rlimitsfor file descriptors sent over UNIX domain sockets. A local attacker coulduse this to cause a denial of service. (CVE-2013-4312) Ralf Spenneberg discovered that the USB driver for Clie devices in theLinux kernel did not properly sanity check the endpoints reported [ more… ]