Ubuntu security

USN-2907-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-2907-1 22nd February, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,incorrectly propagated file attributes, including setuid. A localunprivileged attacker could use this to gain privileges. (CVE-2016-1576) halfdog discovered that OverlayFS in the Linux kernel incorrectlypropagated security sensitive extended attributes, such asPOSIX ACLs. A local unprivileged attacker could use this to gainprivileges. (CVE-2016-1575) It was discovered that the Linux kernel keyring subsystem contained a racebetween read and revoke operations. A local attacker could use this tocause a denial of service (system crash). (CVE-2015-7550) 郭永刚 discovered that the Linux kernel networking implementation didnot validate protocol identifiers for certain [ more… ]

USN-2908-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-2908-1 22nd February, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,incorrectly propagated file attributes, including setuid. A localunprivileged attacker could use this to gain privileges. (CVE-2016-1576) halfdog discovered that OverlayFS in the Linux kernel incorrectlypropagated security sensitive extended attributes, such as POSIX ACLs. Alocal unprivileged attacker could use this to gain privileges.(CVE-2016-1575) It was discovered that the Linux kernel did not properly enforce rlimitsfor file descriptors sent over UNIX domain sockets. A local attacker coulduse this to cause a denial of service. (CVE-2013-4312) It was discovered that the Linux kernel's Filesystem in Userspace (FUSE)implementation did not handle [ more… ]

USN-2908-2: Linux kernel (Wily HWE) vulnerabilities Ubuntu Security Notice USN-2908-2 22nd February, 2016 linux-lts-wily vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-wily – Linux hardware enablement kernel from Wily Details halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,incorrectly propagated file attributes, including setuid. A localunprivileged attacker could use this to gain privileges. (CVE-2016-1576) halfdog discovered that OverlayFS in the Linux kernel incorrectlypropagated security sensitive extended attributes, such as POSIX ACLs. Alocal unprivileged attacker could use this to gain privileges.(CVE-2016-1575) It was discovered that the Linux kernel did not properly enforce rlimitsfor file descriptors sent over UNIX domain sockets. A local attacker coulduse this to cause a denial of service. (CVE-2013-4312) It was discovered that the Linux kernel's [ more… ]

USN-2906-1: GNU cpio vulnerabilities Ubuntu Security Notice USN-2906-1 22nd February, 2016 cpio vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in GNU cpio. Software description cpio – a tool to manage archives of files Details Alexander Cherepanov discovered that GNU cpio incorrectly handled symboliclinks when used with the –no-absolute-filenames option. If a user orautomated system were tricked into extracting a specially-crafted cpioarchive, a remote attacker could possibly use this issue to write arbitraryfiles. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.(CVE-2015-1197) Gustavo Grieco discovered that GNU cpio incorrectly handled memory whenextracting archive files. If a user or automated system were tricked intoextracting a specially-crafted cpio archive, a remote attacker could usethis issue to cause GNU cpio to crash, resulting [ more… ]

USN-2895-1: Oxide vulnerabilities Ubuntu Security Notice USN-2895-1 18th February, 2016 oxide-qt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Summary Several security issues were fixed in Oxide. Software description oxide-qt – Web browser engine library for Qt (QML plugin) Details The DOM implementation in Chromium did not properly restrict frame-attachoperations from occurring during or after frame-detach operations. If auser were tricked in to opening a specially crafted website, an attackercould potentially exploit this to bypass same-origin restrictions.(CVE-2016-1623) An integer underflow was discovered in Brotli. If a user were tricked into opening a specially crafted website, an attacker could potentiallyexploit this to cause a denial of service via application crash, orexecute arbitrary code with the privileges of the user invoking theprogram. (CVE-2016-1624) Update instructions The problem can be corrected by updating your [ more… ]