No Image

USN-4236-3: Libgcrypt vulnerability

2020-01-29 KENNETH 0

USN-4236-3: Libgcrypt vulnerability libgcrypt11 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Libgcrypt could be made to expose sensitive information. Software Description libgcrypt11 – LGPL Crypto library Details USN-4236-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM libgcrypt11 – 1.5.3-2ubuntu4.6+esm1 Ubuntu 12.04 ESM libgcrypt11 – 1.5.0-3ubuntu0.9 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References USN-4236-1 CVE-2019-13627 Source: USN-4236-3: Libgcrypt [ more… ]

No Image

USN-4256-1: Cyrus SASL vulnerability

2020-01-28 KENNETH 0

USN-4256-1: Cyrus SASL vulnerability cyrus-sasl2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Cyrus SASL could be made to crash or execute arbitrary code if it received a specially crafted LDAP packet. Software Description cyrus-sasl2 – Cyrus Simple Authentication and Security Layer Details It was discovered that Cyrus SASL incorrectly handled certain LDAP packets. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libsasl2-2 – 2.1.27+dfsg-1ubuntu0.1 Ubuntu 18.04 LTS libsasl2-2 – 2.1.27~101-g0780600+dfsg-3ubuntu2.1 Ubuntu 16.04 LTS libsasl2-2 – 2.1.26.dfsg1-14ubuntu0.2 Ubuntu 14.04 ESM libsasl2-2 – 2.1.25.dfsg1-17ubuntu0.1~esm1 Ubuntu 12.04 ESM libsasl2-2 – 2.1.25.dfsg1-3ubuntu0.2 To update your system, please [ more… ]

No Image

USN-4255-1: Linux kernel vulnerabilities

2020-01-28 KENNETH 0

USN-4255-1: Linux kernel vulnerabilities linux, linux-aws, linux-oem vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-oem – Linux kernel for OEM processors Details It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that a race condition can lead to a use-after-free while destroying GEM contexts in the i915 driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-7053) Update instructions The problem can be corrected by [ more… ]

No Image

USN-4254-1: Linux kernel vulnerabilities

2020-01-28 KENNETH 0

USN-4254-1: Linux kernel vulnerabilities linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors Details It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write access to /dev/video0 on a system with the vivid module loaded could possibly [ more… ]

No Image

USN-4253-1: Linux kernel vulnerability

2020-01-28 KENNETH 0

USN-4253-1: Linux kernel vulnerability linux, linux-aws vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Summary The Linux kernel could be made to expose sensitive information. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems Details It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 linux-image-5.3.0-1010-aws – 5.3.0-1010.11 linux-image-5.3.0-29-generic – 5.3.0-29.31 linux-image-5.3.0-29-generic-lpae – 5.3.0-29.31 linux-image-5.3.0-29-lowlatency – 5.3.0-29.31 linux-image-5.3.0-29-snapdragon – 5.3.0-29.31 linux-image-aws – 5.3.0.1010.12 linux-image-generic – 5.3.0.29.33 linux-image-generic-lpae – 5.3.0.29.33 linux-image-lowlatency – 5.3.0.29.33 linux-image-virtual – 5.3.0.29.33 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system [ more… ]