지락문화예술공작단

Ubuntu Security Notice USN-2890-2 1st February, 2016 linux-lts-wily vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-wily – Linux hardware enablement kernel from Wily Details It was discovered that a use-after-free vulnerability existed in theAF_UNIX implementation in the Linux kernel. A local attacker could usecrafted epoll_ctl calls to cause a denial of service (system crash) orexpose sensitive information. (CVE-2013-7446) It was discovered that the KVM implementation in the Linux kernel did notproperly restore the values of the Programmable Interrupt Timer (PIT). Auser-assisted attacker in a KVM guest could cause a denial of service inthe host (system crash). (CVE-2015-7513) It was discovered that the Linux kernel keyring subsystem contained a racebetween read and revoke operations. A local attacker could use this tocause a [ more… ]

Ubuntu Security Notice USN-2890-3 1st February, 2016 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Summary Several security issues were fixed in the kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details It was discovered that a use-after-free vulnerability existed in theAF_UNIX implementation in the Linux kernel. A local attacker could usecrafted epoll_ctl calls to cause a denial of service (system crash) orexpose sensitive information. (CVE-2013-7446) It was discovered that the KVM implementation in the Linux kernel did notproperly restore the values of the Programmable Interrupt Timer (PIT). Auser-assisted attacker in a KVM guest could cause a denial of service inthe host (system crash). (CVE-2015-7513) It was discovered that the Linux kernel keyring subsystem contained a racebetween read and revoke operations. A local attacker could use this tocause a denial [ more… ]

Ubuntu Security Notice USN-2884-1 1st February, 2016 openjdk-7 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Summary Several security issues were fixed in OpenJDK 7. Software description openjdk-7 – Open Source Java implementation Details Multiple vulnerabilities were discovered in the OpenJDK JRE relatedto information disclosure, data integrity, and availability. Anattacker could exploit these to cause a denial of service, exposesensitive data over the network, or possibly execute arbitrary code.(CVE-2016-0483, CVE-2016-0494) A vulnerability was discovered in the OpenJDK JRE related to dataintegrity. An attacker could exploit this to expose sensitive dataover the network or possibly execute arbitrary code. (CVE-2016-0402) It was discovered that OpenJDK 7 incorrectly allowed MD5 to be usedfor TLS connections. If a remote attacker were able to perform aman-in-the-middle attack, this flaw could be exploited to exposesensitive [ more… ]