No Image

USN-2857-1: Linux kernel vulnerability

2016-01-06 KENNETH 0

Ubuntu Security Notice USN-2857-1 5th January, 2016 linux vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04 Summary The system could be made to run programs as an administrator. Software description linux – Linux kernel Details Nathan Williams discovered that overlayfs in the Linux kernel incorrectlyhandled setattr operations. A local unprivileged attacker could use this tocreate files with administrative permission attributes and executearbitrary code with elevated privileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.04: linux-image-3.19.0-43-generic 3.19.0-43.49 linux-image-3.19.0-43-lowlatency 3.19.0-43.49 linux-image-3.19.0-43-powerpc64-smp 3.19.0-43.49 linux-image-3.19.0-43-generic-lpae 3.19.0-43.49 linux-image-3.19.0-43-powerpc64-emb 3.19.0-43.49 linux-image-3.19.0-43-powerpc-smp 3.19.0-43.49 linux-image-3.19.0-43-powerpc-e500mc 3.19.0-43.49 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen [ more… ]

No Image

USN-2856-1: ldb vulnerabilities

2016-01-06 KENNETH 0

Ubuntu Security Notice USN-2856-1 5th January, 2016 ldb vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in ldb. Software description ldb – LDAP-like embedded database Details Thilo Uttendorfer discovered that the ldb incorrectly handled certain zerovalues. A remote attacker could use this issue to cause applications usingldb, such as Samba, to stop responding, resulting in a denial of service.(CVE-2015-3223) Douglas Bagnall discovered that ldb incorrectly handled certain stringlengths. A remote attacker could use this issue to possibly accesssensitive information from memory of applications using ldb, such as Samba.(CVE-2015-5330) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libldb1 2:1.1.20-2ubuntu0.1 Ubuntu 15.04: libldb1 1:1.1.18-1ubuntu0.1 Ubuntu 14.04 LTS: libldb1 1:1.1.16-1ubuntu0.1 Ubuntu 12.04 LTS: [ more… ]

No Image

USN-2855-1: Samba vulnerabilities

2016-01-06 KENNETH 0

Ubuntu Security Notice USN-2855-1 5th January, 2016 samba vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Samba. Software description samba – SMB/CIFS file, print, and login server for Unix Details Thilo Uttendorfer discovered that the Samba LDAP server incorrectly handledcertain packets. A remote attacker could use this issue to cause the LDAPserver to stop responding, resulting in a denial of service. This issueonly affected Ubuntu 14.04 LTS, Ubuntu 15.04 and Ubuntu 15.10.(CVE-2015-3223) Jan Kasprzak discovered that Samba incorrectly handled certain symlinks. Aremote attacker could use this issue to access files outside the exportedshare path. (CVE-2015-5252) Stefan Metzmacher discovered that Samba did not enforce signing whencreating encrypted connections. If a remote attacker were able to perform aman-in-the-middle attack, this flaw [ more… ]

No Image

USN-2854-1: Linux kernel (Vivid HWE) vulnerabilities

2015-12-20 KENNETH 0

Ubuntu Security Notice USN-2854-1 20th December, 2015 linux-lts-vivid vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-vivid – Linux hardware enablement kernel from Vivid Details Felix Wilhelm discovered a race condition in the Xen paravirtualizeddrivers which can cause double fetch vulnerabilities. An attacker in theparavirtualized guest could exploit this flaw to cause a denial of service(crash the host) or potentially execute arbitrary code on the host.(CVE-2015-8550) Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does notperform sanity checks on the device's state. An attacker could exploit thisflaw to cause a denial of service (NULL dereference) on the host.(CVE-2015-8551) Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does notperform sanity checks on the device's state. An attacker could exploit thisflaw to [ more… ]

No Image

USN-2853-1: Linux kernel (Wily HWE) vulnerabilities

2015-12-20 KENNETH 0

Ubuntu Security Notice USN-2853-1 20th December, 2015 linux-lts-wily vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-wily – Linux hardware enablement kernel from Wily Details Felix Wilhelm discovered a race condition in the Xen paravirtualizeddrivers which can cause double fetch vulnerabilities. An attacker in theparavirtualized guest could exploit this flaw to cause a denial of service(crash the host) or potentially execute arbitrary code on the host.(CVE-2015-8550) Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does notperform sanity checks on the device's state. An attacker could exploit thisflaw to cause a denial of service (NULL dereference) on the host.(CVE-2015-8551) Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does notperform sanity checks on the device's state. An attacker could exploit thisflaw to [ more… ]