A security issue affects these releases of Ubuntu and its
derivatives:
Ubuntu 14.04 LTS
Summary
The system could be made to crash or run programs as an administrator.
Software description
linux
– Linux kernel
Details
It was discovered that the Linux kernel’s Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service (system crash) or to potentially gain administrative privileges.
Update instructions
The problem can be corrected by updating your system to the following
package version:
A security issue affects these releases of Ubuntu and its
derivatives:
Ubuntu 14.04 LTS
Summary
The system could be made to crash or run programs as an administrator.
Software description
linux-lts-utopic
– Linux hardware enablement kernel from Utopic
Details
It was discovered that the Linux kernel’s Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service (system crash) or to potentially gain administrative privileges.
Update instructions
The problem can be corrected by updating your system to the following
package version:
A security issue affects these releases of Ubuntu and its
derivatives:
Ubuntu 14.10
Summary
The system could be made to crash or run programs as an administrator.
Software description
linux
– Linux kernel
Details
It was discovered that the Linux kernel’s Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service (system crash) or to potentially gain administrative privileges.
Update instructions
The problem can be corrected by updating your system to the following
package version:
Apple fans keen to get their hands on the Apple Watch are advised to think before they click, after hackers exploited a wave of enthusiasm around the launch with a phishing scam linked to a fake giveaway.
Security researchers have managed to launch an attack on Linux computers by targeting a physical weakness in some types of DDR memory chips, Ars Technica reports.
Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the CMP shared secret parameter.
Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote attackers to inject arbitrary web script or HTML via vectors related to the email address parameter.
EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allow remote attackers to cause an Administration Server denial of service via an invalid MIME e-mail message with a multipart/* Content-Type header.
SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
