Ubuntu Security Notice 2619-1 – A flaw was discovered in the Linux kernel’s IPv4 networking when using TCP fast open to initiate a connection. An unprivileged local user could exploit this flaw to cause a denial of service (system crash).

Ubuntu Security Notice 2620-1 – A flaw was discovered in the Linux kernel’s IPv4 networking when using TCP fast open to initiate a connection. An unprivileged local user could exploit this flaw to cause a denial of service (system crash).

Fuse (fusermount) suffers from a local privilege escalation vulnerability. This is a proof of concept for Ubuntu.

The named pipe, SUPipeServer, can be accessed by normal users to interact with the System update service. The service provides the possibility to execute arbitrary commands as SYSTEM if a valid security token is provided. This token can be generated by calling the GetSystemInfoData function in the DLL tvsutil.dll. Please, note that the System Update is stopped by default but can be started/stopped calling the Executable ConfigService.exe.

Original release date: May 22, 2015

The Internet Crime Complaint Center (IC3) has released its Internet Crime Report for 2014, indicating that scams relating to social media — including doxing, click-jacking, and pharming — have increased substantially over the past five years.

US-CERT encourages users to review the IC3 Alert for details and refer to the US-CERT Tip ST04-014 for information on social engineering and phishing attacks.

This product is provided subject to this Notification and this Privacy & Use policy.