No Image

USN-3292-2: Linux kernel (HWE) vulnerability

2017-05-17 KENNETH 0

USN-3292-2: Linux kernel (HWE) vulnerability Ubuntu Security Notice USN-3292-2 16th May, 2017 linux-hwe vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary The system could be made to crash or run programs as an administrator. Software description linux-hwe – Linux hardware enablement (HWE) kernel Details USN-3292-1 fixed a vulnerability in the Linux kernel for Ubuntu 16.10.This update provides the corresponding updates for the Linux HardwareEnablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. Jason Donenfeld discovered a heap overflow in the MACsec module in theLinux kernel. An attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: linux-image-4.8.0-52-lowlatency 4.8.0-52.55~16.04.1 linux-image-generic-hwe-16.04 4.8.0.52.23 linux-image-4.8.0-52-generic-lpae 4.8.0-52.55~16.04.1 linux-image-lowlatency-hwe-16.04 4.8.0.52.23 linux-image-4.8.0-52-generic 4.8.0-52.55~16.04.1 [ more… ]

No Image

USN-3293-1: Linux kernel vulnerabilities

2017-05-17 KENNETH 0

USN-3293-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3293-1 16th May, 2017 linux, linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Dmitry Vyukov discovered that KVM implementation in the Linux kernelimproperly emulated the VMXON instruction. A local attacker in a guest OScould use this to cause a denial of service (memory consumption) in thehost OS. (CVE-2017-2596) Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linuxkernel contained a stack-based buffer overflow. A local attacker withaccess to an sg device could use this to cause a denial of service (systemcrash) or possibly execute arbitrary code. (CVE-2017-7187) It was discovered that a NULL pointer dereference existed in the DirectRendering Manager [ more… ]

No Image

USN-3276-2: shadow regression

2017-05-17 KENNETH 0

USN-3276-2: shadow regression Ubuntu Security Notice USN-3276-2 16th May, 2017 shadow regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3276-1 introduced a regression in su. Software description shadow – system login tools Details USN-3276-1 intended to fix a vulnerability in su. The solution introduceda regression in su signal handling. This update modifies the security fix.We apologize for the inconvenience. Original advisory details: Sebastian Krahmer discovered integer overflows in shadow utilities. A local attacker could possibly cause them to crash or potentially gain privileges via crafted input. (CVE-2016-6252) Tobias Stöckmann discovered a race condition in su. A local attacker could cause su to send SIGKILL to other processes with root privileges. (CVE-2017-2616) Update instructions The problem can be corrected by updating your system to the following [ more… ]

No Image

RHSA-2017:1233-1: Important: kernel security update

2017-05-17 KENNETH 0

RHSA-2017:1233-1: Important: kernel security update Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2017-2636 Source: RHSA-2017:1233-1: Important: kernel security update

No Image

RHSA-2017:1232-1: Important: kernel security update

2017-05-17 KENNETH 0

RHSA-2017:1232-1: Important: kernel security update Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support and Red Hat Enterprise Linux 6.5 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2017-2636 Source: RHSA-2017:1232-1: Important: kernel security update