지락문화예술공작단

USN-3161-3: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-3161-3 20th December, 2016 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Tilman Schmidt and Sasha Levin discovered a use-after-free condition in theTTY implementation in the Linux kernel. A local attacker could use this toexpose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two (v4l2) implementation in theLinux kernel did not properly handle multiple planes when processing aVIDIOC_DQBUF ioctl(). A local attacker could use this to cause a denial ofservice (system crash) or possibly execute arbitrary code. (CVE-2016-4568) CAI Qian discovered that shared bind mounts in a mount namespaceexponentially added entries without restriction to the Linux kernel's [ more… ]

USN-3161-4: Linux kernel (Qualcomm Snapdragon) vulnerabilities Ubuntu Security Notice USN-3161-4 20th December, 2016 linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-snapdragon – Linux kernel for Snapdragon Processors Details Tilman Schmidt and Sasha Levin discovered a use-after-free condition in theTTY implementation in the Linux kernel. A local attacker could use this toexpose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two (v4l2) implementation in theLinux kernel did not properly handle multiple planes when processing aVIDIOC_DQBUF ioctl(). A local attacker could use this to cause a denial ofservice (system crash) or possibly execute arbitrary code. (CVE-2016-4568) CAI Qian discovered that shared bind mounts in a mount namespaceexponentially added entries without restriction to the Linux kernel's mounttable. A [ more… ]

USN-3162-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3162-1 20th December, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details CAI Qian discovered that shared bind mounts in a mount namespaceexponentially added entries without restriction to the Linux kernel's mounttable. A local attacker could use this to cause a denial of service (systemcrash). (CVE-2016-6213) It was discovered that the KVM implementation for x86/x86_64 in the Linuxkernel could dereference a null pointer. An attacker in a guest virtualmachine could use this to cause a denial of service (system crash) in theKVM host. (CVE-2016-8630) Eyal Itkin discovered that the IP over IEEE 1394 (FireWire) implementationin the Linux kernel contained a buffer overflow when handling fragmentedpackets. A remote attacker could use [ more… ]

USN-3162-2: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-3162-2 20th December, 2016 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Summary Several security issues were fixed in the kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details CAI Qian discovered that shared bind mounts in a mount namespaceexponentially added entries without restriction to the Linux kernel's mounttable. A local attacker could use this to cause a denial of service (systemcrash). (CVE-2016-6213) Andreas Gruenbacher and Jan Kara discovered that the filesystemimplementation in the Linux kernel did not clear the setgid bit during asetxattr call. A local attacker could use this to possibly elevate groupprivileges. (CVE-2016-7097) Marco Grassi discovered that the driver for Areca RAID Controllers in theLinux kernel did not properly validate control messages. A local attackercould use this [ more… ]