No Image

USN-3224-1: LXC vulnerability

2017-03-10 KENNETH 0

USN-3224-1: LXC vulnerability Ubuntu Security Notice USN-3224-1 9th March, 2017 lxc vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary LXC could be made to create arbitrary virtual network interfaces as an administrator. Software description lxc – Linux Containers userspace tools Details Jann Horn discovered that LXC incorrectly verified permissions when creatingvirtual network interfaces. A local attacker could possibly use this issue tocreate virtual network interfaces in network namespaces that they do not own. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: lxc-common 2.0.7-0ubuntu1~16.10.2 Ubuntu 16.04 LTS: lxc-common 2.0.7-0ubuntu1~16.04.2 Ubuntu 14.04 LTS: lxc 1.0.9-0ubuntu3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-5985 Source: [ more… ]

No Image

RHBA-2017:0477-1: Red Hat Certification bug fix and enhancement update

2017-03-10 KENNETH 0

RHBA-2017:0477-1: Red Hat Certification bug fix and enhancement update Red Hat Enterprise Linux: An updated redhat-certification package that fixes several bugs and adds various enhancements is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Source: RHBA-2017:0477-1: Red Hat Certification bug fix and enhancement update

No Image

USN-3220-3: Linux kernel (AWS) vulnerability

2017-03-09 KENNETH 0

USN-3220-3: Linux kernel (AWS) vulnerability Ubuntu Security Notice USN-3220-3 8th March, 2017 linux-aws vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary The system could be made to crash or run programs as an administrator. Software description linux-aws – Linux kernel for Amazon Web Services (AWS) systems Details USN-3220-1 fixed a vulnerability in the Linux kernel. This updateprovides the corresponding updates for the Linux kernel for AmazonWeb Services (AWS). Alexander Popov discovered that the N_HDLC line discipline implementationin the Linux kernel contained a double-free vulnerability. A local attackercould use this to cause a denial of service (system crash) or possibly gainadministrative privileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: linux-image-4.4.0-1007-aws 4.4.0-1007.16 linux-image-aws 4.4.0.1007.8 To update your system, please follow these instructions: [ more… ]