지락문화예술공작단

USN-2947-2: Linux kernel (Wily HWE) vulnerabilities Ubuntu Security Notice USN-2947-2 6th April, 2016 linux-lts-wily vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-wily – Linux hardware enablement kernel from Wily for Trusty Details Ralf Spenneberg discovered that the usbvision driver in the Linux kerneldid not properly sanity check the interfaces and endpoints reported by thedevice. An attacker with physical access could cause a denial of service(system crash). (CVE-2015-7833) Venkatesh Pottem discovered a use-after-free vulnerability in the Linuxkernel's CXGB3 driver. A local attacker could use this to cause a denial ofservice (system crash) or possibly execute arbitrary code. (CVE-2015-8812) Xiaofei Rex Guo discovered a timing side channel vulnerability in the LinuxExtended Verification Module (EVM). An attacker could use this to affectsystem integrity. (CVE-2016-2085) [ more… ]

USN-2947-3: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-2947-3 6th April, 2016 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Summary Several security issues were fixed in the kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Ralf Spenneberg discovered that the usbvision driver in the Linux kerneldid not properly sanity check the interfaces and endpoints reported by thedevice. An attacker with physical access could cause a denial of service(system crash). (CVE-2015-7833) Venkatesh Pottem discovered a use-after-free vulnerability in the Linuxkernel's CXGB3 driver. A local attacker could use this to cause a denial ofservice (system crash) or possibly execute arbitrary code. (CVE-2015-8812) Xiaofei Rex Guo discovered a timing side channel vulnerability in the LinuxExtended Verification Module (EVM). An attacker could use this to affectsystem integrity. (CVE-2016-2085) It was [ more… ]

USN-2948-1: Linux kernel (Utopic HWE) vulnerabilities Ubuntu Security Notice USN-2948-1 6th April, 2016 linux-lts-utopic vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-utopic – Linux hardware enablement kernel from Utopic for Trusty Details Ralf Spenneberg discovered that the USB driver for Clie devices in theLinux kernel did not properly sanity check the endpoints reported by thedevice. An attacker with physical access could cause a denial of service(system crash). (CVE-2015-7566) Ralf Spenneberg discovered that the usbvision driver in the Linux kerneldid not properly sanity check the interfaces and endpoints reported by thedevice. An attacker with physical access could cause a denial of service(system crash). (CVE-2015-7833) Venkatesh Pottem discovered a use-after-free vulnerability in the Linuxkernel's CXGB3 driver. A local attacker could use this to [ more… ]

USN-2949-1: Linux kernel (Vivid HWE) vulnerabilities Ubuntu Security Notice USN-2949-1 6th April, 2016 linux-lts-vivid vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-vivid – Linux hardware enablement kernel from Vivid for Trusty Details Venkatesh Pottem discovered a use-after-free vulnerability in the Linuxkernel's CXGB3 driver. A local attacker could use this to cause a denial ofservice (system crash) or possibly execute arbitrary code. (CVE-2015-8812) Xiaofei Rex Guo discovered a timing side channel vulnerability in the LinuxExtended Verification Module (EVM). An attacker could use this to affectsystem integrity. (CVE-2016-2085) David Herrmann discovered that the Linux kernel incorrectly accounted filedescriptors to the original opener for in-flight file descriptors sent overa unix domain socket. A local attacker could use this to cause a denial ofservice (resource [ more… ]