Ubuntu Security Notice 2691-1 – Andy Lutomirski discovered a flaw in the Linux kernel’s handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. Colin King discovered a flaw in the add_key function of the Linux kernel’s keyring subsystem. A local user could exploit this flaw to cause a denial of service (memory exhaustion). Various other issues were also addressed.
Monthly Archives: July 2015
Ubuntu Security Notice USN-2690-1
Ubuntu Security Notice 2690-1 – Andy Lutomirski discovered a flaw in the Linux kernel’s handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. Colin King discovered a flaw in the add_key function of the Linux kernel’s keyring subsystem. A local user could exploit this flaw to cause a denial of service (memory exhaustion). Various other issues were also addressed.
Ubuntu Security Notice USN-2693-1
Ubuntu Security Notice 2693-1 – Jonathan Foote discovered that Bind incorrectly handled certain TKEY queries. A remote attacker could use this issue with a specially crafted packet to cause Bind to crash, resulting in a denial of service. Pories Ediansyah discovered that Bind incorrectly handled certain configurations involving DNS64. A remote attacker could use this issue with a specially crafted query to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.
Ubuntu Security Notice USN-2692-1
Ubuntu Security Notice 2692-1 – Matt Tait discovered that QEMU incorrectly handled PIT emulation. In a non-default configuration, a malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Kevin Wolf discovered that QEMU incorrectly handled processing ATAPI commands. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.
Debian Security Advisory 3319-1
Debian Linux Security Advisory 3319-1 – Jonathan Foote discovered that the BIND DNS server does not properly handle TKEY queries. A remote attacker can take advantage of this flaw to mount a denial of service via a specially crafted query triggering an assertion failure and causing BIND to exit.
Vuln: Novius OS 'tab' parameter Local File Include Vulnerability
Novius OS ‘tab’ parameter Local File Include Vulnerability
Fedora 22 Security Update: uwsgi-2.0.11.1-1.fc22
New emergency security release http://lists.unbit.it/pipermail/uwsgi/2015-July/008100.html
Fedora 21 Security Update: drupal6-cck-2.10-1.fc21
Resolved Bugs
1232973 – drupal7-feeds-2.0-alpha9 is available<br
https://www.drupal.org/project/cck
Fedora 22 Security Update: elasticsearch-1.6.1-0.fc22
updated to securty update of 1.6.1 – https://www.elastic.co/blog/elasticsearch-1-7-0-and-1-6-1-released
updated to 1.6.0
Fedora 21 Security Update: uwsgi-2.0.11.1-1.fc21
New emergency security release http://lists.unbit.it/pipermail/uwsgi/2015-July/008100.html