ubuntu-usn

USN-3336-1: NSS vulnerability Ubuntu Security Notice USN-3336-1 21st June, 2017 nss vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary NSS could be made to crash if it received specially crafted network traffic. Software description nss – Network Security Service library Details It was discovered that NSS incorrectly handled certain empty SSLv2messages. A remote attacker could possibly use this issue to cause NSS tocrash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libnss3 2:3.28.4-0ubuntu0.17.04.2 Ubuntu 16.10: libnss3 2:3.28.4-0ubuntu0.16.10.2 Ubuntu 16.04 LTS: libnss3 2:3.28.4-0ubuntu0.16.04.2 Ubuntu 14.04 LTS: libnss3 2:3.28.4-0ubuntu0.14.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart any applicationsthat use NSS, [ more… ]

USN-3335-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3335-1 19th June, 2017 linux, linux-meta vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel Details It was discovered that the stack guard page for processes in the Linuxkernel was not sufficiently large enough to prevent overlapping with theheap. An attacker could leverage this with another vulnerability to executearbitrary code and gain administrative privileges (CVE-2017-1000364) It was discovered that a use-after-free vulnerability in the core voltageregulator driver of the Linux kernel. A local attacker could use this tocause a denial of service or possibly execute arbitrary code.(CVE-2014-9940) It was discovered that a buffer overflow existed in the trace subsystem inthe Linux kernel. A privileged local attacker could use this to executearbitrary [ more… ]

USN-3334-1: Linux kernel (Xenial HWE) vulnerabilities Ubuntu Security Notice USN-3334-1 19th June, 2017 linux-lts-xenial, linux-meta-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details It was discovered that the stack guard page for processes in the Linuxkernel was not sufficiently large enough to prevent overlapping with theheap. An attacker could leverage this with another vulnerability to executearbitrary code and gain administrative privileges (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in the Linuxkernel did not properly bounds check passed arguments. A local attackerwith write access to the kernel command line arguments could use this toexecute arbitrary code. (CVE-2017-1000363) A reference count bug was discovered in the Linux kernel ipx [ more… ]

USN-3326-1: Linux kernel Ubuntu Security Notice USN-3326-1 19th June, 2017 linux, linux-meta vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel Details It was discovered that a use-after-free flaw existed in the filesystemencryption subsystem in the Linux kernel. A local attacker could use thisto cause a denial of service (system crash). (CVE-2017-7374) It was discovered that the stack guard page for processes in the Linuxkernel was not sufficiently large enough to prevent overlapping with theheap. An attacker could leverage this with another vulnerability to executearbitrary code and gain administrative privileges (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in the Linuxkernel did not properly bounds check passed arguments. A local attackerwith write access to the kernel command [ more… ]

USN-3325-1: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-3325-1 19th June, 2017 linux-meta-raspi2, linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary Several security issues were fixed in the Linux kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details It was discovered that the stack guard page for processes in the Linuxkernel was not sufficiently large enough to prevent overlapping with theheap. An attacker could leverage this with another vulnerability to executearbitrary code and gain administrative privileges (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in the Linuxkernel did not properly bounds check passed arguments. A local attackerwith write access to the kernel command line arguments could use this toexecute arbitrary code. (CVE-2017-1000363) A double free bug was discovered in the IPv4 stack of the Linux [ more… ]