지락문화예술공작단

USN-3360-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3360-1 21st July, 2017 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel Details It was discovered that the Linux kernel did not properly initialize a Wake-on-Lan data structure. A local attacker could use this to expose sensitiveinformation (kernel memory). (CVE-2014-9900) It was discovered that the Linux kernel did not properly restrict access to/proc/iomem. A local attacker could use this to expose sensitiveinformation. (CVE-2015-8944) It was discovered that a use-after-free vulnerability existed in theperformance events and counters subsystem of the Linux kernel for ARM64. Alocal attacker could use this to cause a denial of service (system crash)or possibly execute arbitrary code. (CVE-2015-8955) It was discovered that the SCSI generic (sg) [ more… ]

USN-3359-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3359-1 20th July, 2017 linux, linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-raspi2 – Linux kernel for Raspberry Pi 2 Details It was discovered that the Linux kernel did not properly initialize a Wake-on-Lan data structure. A local attacker could use this to expose sensitiveinformation (kernel memory). (CVE-2014-9900) Dmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazetdiscovered that the netfiler subsystem in the Linux kernel mishandled IPv6packet reassembly. A local user could use this to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2016-9755) Alexander Potapenko discovered a race condition in the Advanced Linux SoundArchitecture (ALSA) subsystem in the Linux kernel. A local attacker coulduse this [ more… ]

USN-3358-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3358-1 20th July, 2017 linux, linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-raspi2 – Linux kernel for Raspberry Pi 2 Details It was discovered that the Linux kernel did not properly initialize a Wake-on-Lan data structure. A local attacker could use this to expose sensitiveinformation (kernel memory). (CVE-2014-9900) Alexander Potapenko discovered a race condition in the Advanced Linux SoundArchitecture (ALSA) subsystem in the Linux kernel. A local attacker coulduse this to expose sensitive information (kernel memory).(CVE-2017-1000380) Li Qiang discovered that the DRM driver for VMware Virtual GPUs in theLinux kernel did not properly validate some ioctl arguments. A localattacker could use this to cause a denial of service (system [ more… ]