Monthly Archives: October 2015

Ubuntu

USN-2777-1: Linux kernel (Utopic HWE) vulnerabilities

Ubuntu Security Notice USN-2777-1

19th October, 2015

linux-lts-utopic vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

  • linux-lts-utopic
    – Linux hardware enablement kernel from Utopic

Details

It was discovered that virtio networking in the Linux kernel did not handle
fragments correctly, leading to kernel memory corruption. A remote attacker
could use this to cause a denial of service (system crash) or possibly
execute code with administrative privileges. (CVE-2015-5156)

Benjamin Randazzo discovered an information leak in the md (multiple
device) driver when the bitmap_info.file is disabled. A local privileged
attacker could use this to obtain sensitive information from the kernel.
(CVE-2015-5697)

Marc-André Lureau discovered that the vhost driver did not properly
release the userspace provided log file descriptor. A privileged attacker
could use this to cause a denial of service (resource exhaustion).
(CVE-2015-6252)

It was discovered that the Reliable Datagram Sockets (RDS) implementation
in the Linux kernel did not verify sockets were properly bound before
attempting to send a message, which could cause a NULL pointer dereference.
An attacker could use this to cause a denial of service (system crash).
(CVE-2015-6937)

Ben Hutchings discovered that the Advanced Union Filesystem (aufs) for the
Linux kernel did not correctly handle references of memory mapped files
from an aufs mount. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code with
administrative privileges. (CVE-2015-7312)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:
linux-image-3.16.0-51-generic-lpae

3.16.0-51.69~14.04.1
linux-image-3.16.0-51-powerpc-smp

3.16.0-51.69~14.04.1
linux-image-3.16.0-51-generic

3.16.0-51.69~14.04.1
linux-image-3.16.0-51-powerpc-e500mc

3.16.0-51.69~14.04.1
linux-image-3.16.0-51-powerpc64-emb

3.16.0-51.69~14.04.1
linux-image-3.16.0-51-lowlatency

3.16.0-51.69~14.04.1
linux-image-3.16.0-51-powerpc64-smp

3.16.0-51.69~14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2015-5156,

CVE-2015-5697,

CVE-2015-6252,

CVE-2015-6937,

CVE-2015-7312

Ubuntu

USN-2778-1: Linux kernel (Vivid HWE) vulnerabilities

Ubuntu Security Notice USN-2778-1

20th October, 2015

linux-lts-vivid vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

  • linux-lts-vivid
    – Linux hardware enablement kernel from Vivid

Details

It was discovered that the Linux kernel did not check if a new IPv6 MTU set
by a user space application was valid. A remote attacker could forge a
route advertisement with an invalid MTU that a user space daemon like
NetworkManager would honor and apply to the kernel, causing a denial of
service. (CVE-2015-0272)

It was discovered that virtio networking in the Linux kernel did not handle
fragments correctly, leading to kernel memory corruption. A remote attacker
could use this to cause a denial of service (system crash) or possibly
execute code with administrative privileges. (CVE-2015-5156)

It was discovered that the Reliable Datagram Sockets (RDS) implementation
in the Linux kernel did not verify sockets were properly bound before
attempting to send a message, which could cause a NULL pointer dereference.
An attacker could use this to cause a denial of service (system crash).
(CVE-2015-6937)

Ben Hutchings discovered that the Advanced Union Filesystem (aufs) for the
Linux kernel did not correctly handle references of memory mapped files
from an aufs mount. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code with
administrative privileges. (CVE-2015-7312)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:
linux-image-3.19.0-31-generic

3.19.0-31.36~14.04.1
linux-image-3.19.0-31-powerpc-e500mc

3.19.0-31.36~14.04.1
linux-image-3.19.0-31-lowlatency

3.19.0-31.36~14.04.1
linux-image-3.19.0-31-powerpc-smp

3.19.0-31.36~14.04.1
linux-image-3.19.0-31-generic-lpae

3.19.0-31.36~14.04.1
linux-image-3.19.0-31-powerpc64-smp

3.19.0-31.36~14.04.1
linux-image-3.19.0-31-powerpc64-emb

3.19.0-31.36~14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2015-0272,

CVE-2015-5156,

CVE-2015-6937,

CVE-2015-7312

Ubuntu

USN-2779-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-2779-1

20th October, 2015

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.04

Summary

Several security issues were fixed in the kernel.

Software description

  • linux
    – Linux kernel

Details

It was discovered that the Linux kernel did not check if a new IPv6 MTU set
by a user space application was valid. A remote attacker could forge a
route advertisement with an invalid MTU that a user space daemon like
NetworkManager would honor and apply to the kernel, causing a denial of
service. (CVE-2015-0272)

It was discovered that virtio networking in the Linux kernel did not handle
fragments correctly, leading to kernel memory corruption. A remote attacker
could use this to cause a denial of service (system crash) or possibly
execute code with administrative privileges. (CVE-2015-5156)

It was discovered that the Reliable Datagram Sockets (RDS) implementation
in the Linux kernel did not verify sockets were properly bound before
attempting to send a message, which could cause a NULL pointer dereference.
An attacker could use this to cause a denial of service (system crash).
(CVE-2015-6937)

Ben Hutchings discovered that the Advanced Union Filesystem (aufs) for the
Linux kernel did not correctly handle references of memory mapped files
from an aufs mount. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code with
administrative privileges. (CVE-2015-7312)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:
linux-image-3.19.0-31-generic

3.19.0-31.36
linux-image-3.19.0-31-powerpc-e500mc

3.19.0-31.36
linux-image-3.19.0-31-lowlatency

3.19.0-31.36
linux-image-3.19.0-31-powerpc-smp

3.19.0-31.36
linux-image-3.19.0-31-generic-lpae

3.19.0-31.36
linux-image-3.19.0-31-powerpc64-emb

3.19.0-31.36
linux-image-3.19.0-31-powerpc64-smp

3.19.0-31.36

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2015-0272,

CVE-2015-5156,

CVE-2015-6937,

CVE-2015-7312

Ubuntu

USN-2770-1: Oxide vulnerabilities

Ubuntu Security Notice USN-2770-1

20th October, 2015

oxide-qt vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in Oxide.

Software description

  • oxide-qt
    – Web browser engine library for Qt (QML plugin)

Details

It was discovered that ContainerNode::parserInsertBefore in Blink would
incorrectly proceed with a DOM tree insertion in some circumstances. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to bypass same origin restrictions.
(CVE-2015-6755)

A use-after-free was discovered in the service worker implementation in
Chromium. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-6757)

It was discovered that Blink did not ensure that the origin of
LocalStorage resources are considered unique. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to obtain sensitive information. (CVE-2015-6759)

A race condition and memory corruption was discovered in FFmpeg. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via renderer crash,
or execute arbitrary code with the privileges of the sandboxed render
process. (CVE-2015-6761)

It was discovered that CSSFontFaceSrcValue::fetch in Blink did not use
CORS in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
bypass same origin restrictions. (CVE-2015-6762)

Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-6763)

Multiple security issues were discovered in V8. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit these to read uninitialized memory, cause a denial of service via
renderer crash or execute arbitrary code with the privileges of the
sandboxed render process. (CVE-2015-7834)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:
liboxideqtcore0

1.10.3-0ubuntu0.15.04.1
Ubuntu 14.04 LTS:
liboxideqtcore0

1.10.3-0ubuntu0.14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-6755,

CVE-2015-6757,

CVE-2015-6759,

CVE-2015-6761,

CVE-2015-6762,

CVE-2015-6763,

CVE-2015-7834

Ubuntu

USN-2780-1: MiniUPnP vulnerability

Ubuntu Security Notice USN-2780-1

20th October, 2015

miniupnpc vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

An application using the MiniUPnP library could be made to crash or
run programs as your login if it received specially crafted network
traffic.

Software description

  • miniupnpc
    – UPnP IGD client lightweight library

Details

Aleksandar Nikolic discovered a buffer overflow vulnerability in the
XML parser functionality of the MiniUPnP library. A remote attacker
could use this to cause a denial of service (application crash) or
possibly execute arbitrary code with privileges of the user running
an application that uses the MiniUPnP library.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:
libminiupnpc10

1.9.20140610-2ubuntu1.1
Ubuntu 14.04 LTS:
libminiupnpc8

1.6-3ubuntu2.14.04.2
Ubuntu 12.04 LTS:
libminiupnpc8

1.6-3ubuntu1.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart applications using
the MiniUPnP library to make all the necessary changes.

References

CVE-2015-6031

Security

Zpanel 10.1.0 Remote Unauthenticated Code Execution

This Metasploit module exploits an information disclosure vulnerability found in Zpanel versions 10.1.0 and below. The vulnerability is due to a vulnerable version of pChart allowing remote, unauthenticated, users to read arbitrary files found on the filesystem. This particular module utilizes this vulnerability to identify the username/password combination of the MySQL instance. With the credentials the attackers can login to PHPMyAdmin and execute SQL commands to drop a malicious payload on the filesystem and call it leading to remote code execution.

US-CERT

Oracle Releases Security Bulletin

Original release date: October 20, 2015

Oracle has released its Critical Patch Update for October 2015 to address 154 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Oracle October 2015 Critical Patch Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Security

Ubuntu Security Notice USN-2775-1

Ubuntu Security Notice 2775-1 – It was discovered that the Linux kernel did not check if a new IPv6 MTU set by a user space application was valid. A remote attacker could forge a route advertisement with an invalid MTU that a user space daemon like NetworkManager would honor and apply to the kernel, causing a denial of service. It was discovered that virtio networking in the Linux kernel did not handle fragments correctly, leading to kernel memory corruption. A remote attacker could use this to cause a denial of service (system crash) or possibly execute code with administrative privileges. Various other issues were also addressed.

Security

Ubuntu Security Notice USN-2780-1

Ubuntu Security Notice 2780-1 – Aleksandar Nikolic discovered a buffer overflow vulnerability in the XML parser functionality of the MiniUPnP library. A remote attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code with privileges of the user running an application that uses the MiniUPnP library.