ubuntu-usn

USN-3312-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3312-1 6th June, 2017 linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gke – Linux kernel for Google Container Engine (GKE) systems linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon Processors Details It was discovered that the netfilter netlink implementation in the Linuxkernel did not properly validate batch messages. A local attacker with theCAP_NET_ADMIN capability could use this to expose sensitive information orcause a denial of service. (CVE-2016-7917) Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build()function in the Linux kernel. A local attacker could use to cause [ more… ]

USN-3313-1: Linux kernel vulnerability Ubuntu Security Notice USN-3313-1 6th June, 2017 linux, linux-raspi2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Summary The system could be made to run programs as an administrator. Software description linux – Linux kernel linux-raspi2 – Linux kernel for Raspberry Pi 2 Details It was discovered that a buffer overflow existed in the trace subsystem inthe Linux kernel. A privileged local attacker could use this to executearbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: linux-image-4.8.0-54-generic 4.8.0-54.57 linux-image-powerpc-e500mc 4.8.0.54.66 linux-image-4.8.0-54-powerpc-smp 4.8.0-54.57 linux-image-4.8.0-54-powerpc-e500mc 4.8.0-54.57 linux-image-powerpc-smp 4.8.0.54.66 linux-image-generic 4.8.0.54.66 linux-image-4.8.0-54-generic-lpae 4.8.0-54.57 linux-image-lowlatency 4.8.0.54.66 linux-image-powerpc64-emb 4.8.0.54.66 linux-image-4.8.0-1038-raspi2 4.8.0-1038.41 linux-image-generic-lpae 4.8.0.54.66 linux-image-4.8.0-54-powerpc64-emb 4.8.0-54.57 linux-image-4.8.0-54-lowlatency 4.8.0-54.57 linux-image-raspi2 4.8.0.1038.42 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you [ more… ]

USN-3314-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3314-1 7th June, 2017 linux, linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-raspi2 – Linux kernel for Raspberry Pi 2 Details It was discovered that the keyring implementation in the Linux kernel insome situations did not prevent special internal keyrings from being joinedby userspace keyrings. A privileged local attacker could use this to bypassmodule verification. (CVE-2016-9604) It was discovered that a buffer overflow existed in the trace subsystem inthe Linux kernel. A privileged local attacker could use this to executearbitrary code. (CVE-2017-0605) Daniel Jiang discovered that a race condition existed in the ipv4 pingsocket implementation in the Linux kernel. A local privileged attackercould use this to cause a denial [ more… ]

USN-3311-1: libnl vulnerability Ubuntu Security Notice USN-3311-1 6th June, 2017 libnl3 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary libnl could be made to crash or run programs. Software description libnl3 – library for dealing with netlink sockets Details It was discovered that libnl incorrectly handled memory when performingcertain operations. A local attacker could possibly use this issue to causelibnl to crash, resulting in a denial of service, or execute arbitrarycode. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libnl-3-200 3.2.29-0ubuntu2.1 Ubuntu 16.10: libnl-3-200 3.2.27-1ubuntu0.16.10.1 Ubuntu 16.04 LTS: libnl-3-200 3.2.27-1ubuntu0.16.04.1 Ubuntu 14.04 LTS: libnl-3-200 3.2.21-1ubuntu4.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer [ more… ]

USN-3310-1: lintian vulnerability Ubuntu Security Notice USN-3310-1 6th June, 2017 lintian vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Summary lintian could be made to run programs if it processed a specially crafted package. Software description lintian – Debian package checker Details Jakub Wilk discovered that lintian incorrectly handled deserializingcertain YAML files. If a user or automated system were tricked into runninglintian on a specially crafted package, a remote attacker could possiblyuse this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: lintian 2.5.50.1ubuntu0.1 Ubuntu 16.10: lintian 2.5.48ubuntu0.1 Ubuntu 16.04 LTS: lintian 2.5.43ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References [ more… ]