No Image

USN-2888-1: Linux kernel (Utopic HWE) vulnerabilities

2016-02-02 KENNETH 0

Ubuntu Security Notice USN-2888-1 1st February, 2016 linux-lts-utopic vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-utopic – Linux hardware enablement kernel from Utopic Details It was discovered that a use-after-free vulnerability existed in theAF_UNIX implementation in the Linux kernel. A local attacker could usecrafted epoll_ctl calls to cause a denial of service (system crash) orexpose sensitive information. (CVE-2013-7446) It was discovered that the KVM implementation in the Linux kernel did notproperly restore the values of the Programmable Interrupt Timer (PIT). Auser-assisted attacker in a KVM guest could cause a denial of service inthe host (system crash). (CVE-2015-7513) It was discovered that the Linux kernel keyring subsystem contained a racebetween read and revoke operations. A local attacker could use this tocause a [ more… ]

No Image

USN-2887-2: Linux kernel (Trusty HWE) vulnerabilities

2016-02-02 KENNETH 0

Ubuntu Security Notice USN-2887-2 1st February, 2016 linux-lts-trusty vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty Details It was discovered that a use-after-free vulnerability existed in theAF_UNIX implementation in the Linux kernel. A local attacker could usecrafted epoll_ctl calls to cause a denial of service (system crash) orexpose sensitive information. (CVE-2013-7446) It was discovered that the KVM implementation in the Linux kernel did notproperly restore the values of the Programmable Interrupt Timer (PIT). Auser-assisted attacker in a KVM guest could cause a denial of service inthe host (system crash). (CVE-2015-7513) Sasha Levin discovered that the Reliable Datagram Sockets (RDS)implementation in the Linux kernel had a race condition when checkingwhether a socket was bound or [ more… ]

No Image

USN-2887-1: Linux kernel vulnerabilities

2016-02-02 KENNETH 0

Ubuntu Security Notice USN-2887-1 1st February, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details It was discovered that a use-after-free vulnerability existed in theAF_UNIX implementation in the Linux kernel. A local attacker could usecrafted epoll_ctl calls to cause a denial of service (system crash) orexpose sensitive information. (CVE-2013-7446) It was discovered that the KVM implementation in the Linux kernel did notproperly restore the values of the Programmable Interrupt Timer (PIT). Auser-assisted attacker in a KVM guest could cause a denial of service inthe host (system crash). (CVE-2015-7513) Sasha Levin discovered that the Reliable Datagram Sockets (RDS)implementation in the Linux kernel had a race condition when checkingwhether a socket was bound or not. A local attacker [ more… ]

No Image

USN-2886-2: Linux kernel (OMAP4) vulnerabilities

2016-02-02 KENNETH 0

Ubuntu Security Notice USN-2886-2 1st February, 2016 linux-ti-omap4 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-ti-omap4 – Linux kernel for OMAP4 Details It was discovered that a use-after-free vulnerability existed in theAF_UNIX implementation in the Linux kernel. A local attacker could usecrafted epoll_ctl calls to cause a denial of service (system crash) orexpose sensitive information. (CVE-2013-7446) It was discovered that the KVM implementation in the Linux kernel did notproperly restore the values of the Programmable Interrupt Timer (PIT). Auser-assisted attacker in a KVM guest could cause a denial of service inthe host (system crash). (CVE-2015-7513) 郭永刚 discovered that the ppp implementation in the Linux kernel didnot ensure that certain slot numbers are valid. A local attacker with theprivilege to call ioctl() [ more… ]

No Image

USN-2886-1: Linux kernel vulnerabilities

2016-02-02 KENNETH 0

Ubuntu Security Notice USN-2886-1 1st February, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details It was discovered that a use-after-free vulnerability existed in theAF_UNIX implementation in the Linux kernel. A local attacker could usecrafted epoll_ctl calls to cause a denial of service (system crash) orexpose sensitive information. (CVE-2013-7446) It was discovered that the KVM implementation in the Linux kernel did notproperly restore the values of the Programmable Interrupt Timer (PIT). Auser-assisted attacker in a KVM guest could cause a denial of service inthe host (system crash). (CVE-2015-7513) 郭永刚 discovered that the ppp implementation in the Linux kernel didnot ensure that certain slot numbers are valid. A local attacker with theprivilege to call ioctl() on /dev/ppp [ more… ]