ubuntu-usn

USN-3163-1: NSS vulnerabilities Ubuntu Security Notice USN-3163-1 4th January, 2017 nss vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in NSS. Software description nss – Network Security Service library Details It was discovered that NSS incorrectly handled certain invalidDiffie-Hellman keys. A remote attacker could possibly use this flaw tocause NSS to crash, resulting in a denial of service. This issue onlyapplied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.(CVE-2016-5285) Hubert Kario discovered that NSS incorrectly handled Diffie Hellman clientkey exchanges. A remote attacker could possibly use this flaw to perform asmall subgroup confinement attack and recover private keys. This issue onlyapplied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.(CVE-2016-8635) Franziskus Kiefer discovered that [ more… ]

USN-3161-4: Linux kernel (Qualcomm Snapdragon) vulnerabilities Ubuntu Security Notice USN-3161-4 20th December, 2016 linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-snapdragon – Linux kernel for Snapdragon Processors Details Tilman Schmidt and Sasha Levin discovered a use-after-free condition in theTTY implementation in the Linux kernel. A local attacker could use this toexpose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two (v4l2) implementation in theLinux kernel did not properly handle multiple planes when processing aVIDIOC_DQBUF ioctl(). A local attacker could use this to cause a denial ofservice (system crash) or possibly execute arbitrary code. (CVE-2016-4568) CAI Qian discovered that shared bind mounts in a mount namespaceexponentially added entries without restriction to the Linux kernel's mounttable. A [ more… ]

USN-3161-3: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-3161-3 20th December, 2016 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Tilman Schmidt and Sasha Levin discovered a use-after-free condition in theTTY implementation in the Linux kernel. A local attacker could use this toexpose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two (v4l2) implementation in theLinux kernel did not properly handle multiple planes when processing aVIDIOC_DQBUF ioctl(). A local attacker could use this to cause a denial ofservice (system crash) or possibly execute arbitrary code. (CVE-2016-4568) CAI Qian discovered that shared bind mounts in a mount namespaceexponentially added entries without restriction to the Linux kernel's [ more… ]

USN-3161-2: Linux kernel (Xenial HWE) vulnerabilities Ubuntu Security Notice USN-3161-2 20th December, 2016 linux-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3161-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu14.04 LTS. Tilman Schmidt and Sasha Levin discovered a use-after-free condition in theTTY implementation in the Linux kernel. A local attacker could use this toexpose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two (v4l2) implementation in theLinux kernel did not properly handle multiple planes when processing aVIDIOC_DQBUF ioctl(). A local attacker could use this to cause [ more… ]

USN-3161-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3161-1 20th December, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Tilman Schmidt and Sasha Levin discovered a use-after-free condition in theTTY implementation in the Linux kernel. A local attacker could use this toexpose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two (v4l2) implementation in theLinux kernel did not properly handle multiple planes when processing aVIDIOC_DQBUF ioctl(). A local attacker could use this to cause a denial ofservice (system crash) or possibly execute arbitrary code. (CVE-2016-4568) CAI Qian discovered that shared bind mounts in a mount namespaceexponentially added entries without restriction to the Linux kernel's mounttable. A local attacker could use this [ more… ]