Monthly Archives: November 2015

Ubuntu

USN-2792-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-2792-1

4th November, 2015

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

  • linux
    – Linux kernel

Details

Dmitry Vyukov discovered that the Linux kernel did not properly initialize
IPC object state in certain situations. A local attacker could use this to
escalate their privileges, expose confidential information, or cause a
denial of service (system crash). (CVE-2015-7613)

It was discovered that the Linux kernel did not check if a new IPv6 MTU set
by a user space application was valid. A remote attacker could forge a
route advertisement with an invalid MTU that a user space daemon like
NetworkManager would honor and apply to the kernel, causing a denial of
service. (CVE-2015-0272)

It was discovered that in certain situations, a directory could be renamed
outside of a bind mounted location. An attacker could use this to escape
bind mount containment and gain access to sensitive information.
(CVE-2015-2925)

Moein Ghasemzadeh discovered that the USB WhiteHEAT serial driver contained
hardcoded attributes about the USB devices. An attacker could construct a
fake WhiteHEAT USB device that, when inserted, causes a denial of service
(system crash). (CVE-2015-5257)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:
linux-image-3.2.0-93-omap

3.2.0-93.133
linux-image-3.2.0-93-generic

3.2.0-93.133
linux-image-3.2.0-93-powerpc-smp

3.2.0-93.133
linux-image-3.2.0-93-powerpc64-smp

3.2.0-93.133
linux-image-3.2.0-93-virtual

3.2.0-93.133
linux-image-3.2.0-93-generic-pae

3.2.0-93.133
linux-image-3.2.0-93-highbank

3.2.0-93.133

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2015-0272,

CVE-2015-2925,

CVE-2015-5257,

CVE-2015-7613

Ubuntu

USN-2793-1: LibreOffice vulnerabilities

Ubuntu Security Notice USN-2793-1

5th November, 2015

libreoffice vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in LibreOffice.

Software description

  • libreoffice
    – Office productivity suite

Details

Federico Scrinzi discovered that LibreOffice incorrectly handled documents
inserted into Writer or Calc via links. If a user were tricked into opening
a specially crafted document, a remote attacker could possibly obtain the
contents of arbitrary files. (CVE-2015-4551)

It was discovered that LibreOffice incorrectly handled PrinterSetup data
stored in ODF files. If a user were tricked into opening a specially
crafted ODF document, a remote attacker could cause LibreOffice to crash,
and possibly execute arbitrary code. (CVE-2015-5212)

It was discovered that LibreOffice incorrectly handled the number of pieces
in DOC files. If a user were tricked into opening a specially crafted DOC
document, a remote attacker could cause LibreOffice to crash, and possibly
execute arbitrary code. (CVE-2015-5213)

It was discovered that LibreOffice incorrectly handled bookmarks in DOC
files. If a user were tricked into opening a specially crafted DOC
document, a remote attacker could cause LibreOffice to crash, and possibly
execute arbitrary code. (CVE-2015-5214)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:
libreoffice-core

1:4.4.6~rc3-0ubuntu1
Ubuntu 14.04 LTS:
libreoffice-core

1:4.2.8-0ubuntu3
Ubuntu 12.04 LTS:
libreoffice-core

1:3.5.7-0ubuntu9

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart LibreOffice to make all
the necessary changes.

References

CVE-2015-4551,

CVE-2015-5212,

CVE-2015-5213,

CVE-2015-5214

Ubuntu

USN-2794-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-2794-1

5th November, 2015

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

  • linux
    – Linux kernel

Details

It was discovered that in certain situations, a directory could be renamed
outside of a bind mounted location. An attacker could use this to escape
bind mount containment and gain access to sensitive information.
(CVE-2015-2925)

Moein Ghasemzadeh discovered that the USB WhiteHEAT serial driver contained
hardcoded attributes about the USB devices. An attacker could construct a
fake WhiteHEAT USB device that, when inserted, causes a denial of service
(system crash). (CVE-2015-5257)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:
linux-image-3.13.0-67-generic-lpae

3.13.0-67.110
linux-image-3.13.0-67-powerpc-smp

3.13.0-67.110
linux-image-3.13.0-67-generic

3.13.0-67.110
linux-image-3.13.0-67-powerpc-e500mc

3.13.0-67.110
linux-image-3.13.0-67-powerpc64-emb

3.13.0-67.110
linux-image-3.13.0-67-lowlatency

3.13.0-67.110
linux-image-3.13.0-67-powerpc-e500

3.13.0-67.110
linux-image-3.13.0-67-powerpc64-smp

3.13.0-67.110

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2015-2925,

CVE-2015-5257

Ubuntu

USN-2795-1: Linux kernel (Trusty HWE) vulnerabilities

Ubuntu Security Notice USN-2795-1

5th November, 2015

linux-lts-trusty vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

  • linux-lts-trusty
    – Linux hardware enablement kernel from Trusty

Details

It was discovered that in certain situations, a directory could be renamed
outside of a bind mounted location. An attacker could use this to escape
bind mount containment and gain access to sensitive information.
(CVE-2015-2925)

Moein Ghasemzadeh discovered that the USB WhiteHEAT serial driver contained
hardcoded attributes about the USB devices. An attacker could construct a
fake WhiteHEAT USB device that, when inserted, causes a denial of service
(system crash). (CVE-2015-5257)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:
linux-image-3.13.0-67-generic-lpae

3.13.0-67.110~precise1
linux-image-3.13.0-67-generic

3.13.0-67.110~precise1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2015-2925,

CVE-2015-5257

Ubuntu

USN-2796-1: Linux kernel (OMAP4) vulnerabilities

Ubuntu Security Notice USN-2796-1

5th November, 2015

linux-ti-omap4 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

  • linux-ti-omap4
    – Linux kernel for OMAP4

Details

Dmitry Vyukov discovered that the Linux kernel did not properly initialize
IPC object state in certain situations. A local attacker could use this to
escalate their privileges, expose confidential information, or cause a
denial of service (system crash). (CVE-2015-7613)

It was discovered that the Linux kernel did not check if a new IPv6 MTU set
by a user space application was valid. A remote attacker could forge a
route advertisement with an invalid MTU that a user space daemon like
NetworkManager would honor and apply to the kernel, causing a denial of
service. (CVE-2015-0272)

It was discovered that in certain situations, a directory could be renamed
outside of a bind mounted location. An attacker could use this to escape
bind mount containment and gain access to sensitive information.
(CVE-2015-2925)

Moein Ghasemzadeh discovered that the USB WhiteHEAT serial driver contained
hardcoded attributes about the USB devices. An attacker could construct a
fake WhiteHEAT USB device that, when inserted, causes a denial of service
(system crash). (CVE-2015-5257)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:
linux-image-3.2.0-1473-omap4

3.2.0-1473.95

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2015-0272,

CVE-2015-2925,

CVE-2015-5257,

CVE-2015-7613

Ubuntu

USN-2797-1: Linux kernel (Utopic HWE) vulnerabilities

Ubuntu Security Notice USN-2797-1

5th November, 2015

linux-lts-utopic vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

  • linux-lts-utopic
    – Linux hardware enablement kernel from Utopic

Details

It was discovered that the Linux kernel did not check if a new IPv6 MTU set
by a user space application was valid. A remote attacker could forge a
route advertisement with an invalid MTU that a user space daemon like
NetworkManager would honor and apply to the kernel, causing a denial of
service. (CVE-2015-0272)

It was discovered that in certain situations, a directory could be renamed
outside of a bind mounted location. An attacker could use this to escape
bind mount containment and gain access to sensitive information.
(CVE-2015-2925)

Moein Ghasemzadeh discovered that the USB WhiteHEAT serial driver contained
hardcoded attributes about the USB devices. An attacker could construct a
fake WhiteHEAT USB device that, when inserted, causes a denial of service
(system crash). (CVE-2015-5257)

It was discovered that the SCTP protocol implementation in the Linux kernel
performed an incorrect sequence of protocol-initialization steps. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2015-5283)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:
linux-image-3.16.0-52-powerpc-smp

3.16.0-52.71~14.04.1
linux-image-3.16.0-52-powerpc64-smp

3.16.0-52.71~14.04.1
linux-image-3.16.0-52-powerpc64-emb

3.16.0-52.71~14.04.1
linux-image-3.16.0-52-powerpc-e500mc

3.16.0-52.71~14.04.1
linux-image-3.16.0-52-generic-lpae

3.16.0-52.71~14.04.1
linux-image-3.16.0-52-lowlatency

3.16.0-52.71~14.04.1
linux-image-3.16.0-52-generic

3.16.0-52.71~14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2015-0272,

CVE-2015-2925,

CVE-2015-5257,

CVE-2015-5283

Ubuntu

USN-2798-1: Linux kernel (Vivid HWE) vulnerabilities

Ubuntu Security Notice USN-2798-1

5th November, 2015

linux-lts-vivid vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

  • linux-lts-vivid
    – Linux hardware enablement kernel from Vivid

Details

It was discovered that in certain situations, a directory could be renamed
outside of a bind mounted location. An attacker could use this to escape
bind mount containment and gain access to sensitive information.
(CVE-2015-2925)

Moein Ghasemzadeh discovered that the USB WhiteHEAT serial driver contained
hardcoded attributes about the USB devices. An attacker could construct a
fake WhiteHEAT USB device that, when inserted, causes a denial of service
(system crash). (CVE-2015-5257)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:
linux-image-3.19.0-32-powerpc-e500mc

3.19.0-32.37~14.04.1
linux-image-3.19.0-32-powerpc-smp

3.19.0-32.37~14.04.1
linux-image-3.19.0-32-powerpc64-emb

3.19.0-32.37~14.04.1
linux-image-3.19.0-32-lowlatency

3.19.0-32.37~14.04.1
linux-image-3.19.0-32-generic

3.19.0-32.37~14.04.1
linux-image-3.19.0-32-powerpc64-smp

3.19.0-32.37~14.04.1
linux-image-3.19.0-32-generic-lpae

3.19.0-32.37~14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2015-2925,

CVE-2015-5257

Ubuntu

USN-2799-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-2799-1

5th November, 2015

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.04

Summary

Several security issues were fixed in the kernel.

Software description

  • linux
    – Linux kernel

Details

It was discovered that in certain situations, a directory could be renamed
outside of a bind mounted location. An attacker could use this to escape
bind mount containment and gain access to sensitive information.
(CVE-2015-2925)

Moein Ghasemzadeh discovered that the USB WhiteHEAT serial driver contained
hardcoded attributes about the USB devices. An attacker could construct a
fake WhiteHEAT USB device that, when inserted, causes a denial of service
(system crash). (CVE-2015-5257)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:
linux-image-3.19.0-32-powerpc-e500mc

3.19.0-32.37
linux-image-3.19.0-32-powerpc-smp

3.19.0-32.37
linux-image-3.19.0-32-powerpc64-emb

3.19.0-32.37
linux-image-3.19.0-32-lowlatency

3.19.0-32.37
linux-image-3.19.0-32-generic

3.19.0-32.37
linux-image-3.19.0-32-powerpc64-smp

3.19.0-32.37
linux-image-3.19.0-32-generic-lpae

3.19.0-32.37

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2015-2925,

CVE-2015-5257

Panda Security

The goal of early cyber threat detection

malware

The early detection of cyber threats has long been one of the biggest goals for the IT security sector. The rapid evolution of the different types of cyber-attacks has rendered the traditional detection systems helpless to differentiate between, and detect, attack such as advanced persistent threats (APT), which are digital attacks directed at certain systems over a large period of time.

APTs as an example of a problem

Network intrusion detection systems (NIDS) try to discover unauthorized access to certain resources on the network by analyzing the data traffic to detect signs of malicious activity. Until now they have been effective in their defense against traditional cyber threats such as DoS attacks (Denial of Service), Trojans, buffer overflow, etc.

However, the rapid advancement that these new types of threats are generating calls for ever more advanced defense mechanisms. Among these attack are the APTs – large scale attacks that are easily detected during the final stages of attack by observing sudden changes in traffic on the network. That said, the first stages of the attack generate changes in traffic that aren’t so easy to detect.

NIDS have proven to be ineffective in stopping this type of threat, owing to their inability to evaluate planned cyberattacks that encompass coordinated acts, yet appear isolated and innocuous.

Early detection based on productivity

According to the consultancy firm Gartner, “there is a general consensus that advanced attacks are able to evade traditional security controls that are in place in many firms at the moment, and remain undetected on our systems for a long period of time. The threat is real. We are in danger; we’re just not aware of it yet.”

virus

To put an end to these types of complex intrusions there is a need to implement new security policies based on proactive prevention mechanisms that will reduce the waiting time in detecting unknown malware to zero (for example, by using machine learning techniques that monitor the system looking for unusual behavior and blocking it). It isn’t always possible to maximize the detection of said malware without generating false positives, however.

This delay should be a fundamental worry for the cybersecurity sector, and closing the enormous window of opportunity should be its main task – managing to improve real-time detection of digital threats means simplifying the alter filter and improving answer time in order to contain attacks.

Adaptive Defense 360, Panda’s solution

Panda Security has a product specifically designed to close the window of opportunity ion malware, which can open Zero-Day attacks and APTs on your corporate systems. This product is called Adaptive Defense 360.

The technology integrated in it allow for the detection and blocking of malicious software due to real-time monitoring of its behavior. The customer will receive an immediate alert once malware has been detected, and can rest assured that the combination of machine learning algorithms and our expert analysis will rule out false positives.

The post The goal of early cyber threat detection appeared first on MediaCenter Panda Security.

AVG

Brazil faces unique cybersecurity challenges

Futurecom is Brazil’s major conference and exhibition for the mobile industry to come together and look at the specific requirements that this unique country and culture need.

I was fortunate enough to be asked to be on a panel of industry experts, which included companies such as Tefonica, TIM, Telebras, Deloitte IBM, KPMG and of course AVG. The discussion was promised to be about cybersecurity with the following questions asked by the moderator through the 1.5 hours to get the discussion going.

  1. How does the advancement of mobile applications and the use of new devices (and any connected “thing”) make even greater challenges for cybersecurity?
  2. What are the most critical aspects which users need to worry about?
  3. How can suppliers, operators and providers contribute to increase the level of protection in these environments?
  4. What are the main trends in cybersecurity compared to mobile and the internet of things which just tend to grow?

Each participant gave a view point, and what interested me was how the entire conversation, regardless of the question, seemed to revolve around two topics: data breaches and consumer privacy. This dominated the answers, yet if the same questions had been asked 3 years ago this would have been about malware and protecting devices, but now the conversation is about us, the consumer.

Brazil has some unique challenges in this area as there is no legislation requiring companies to disclose any data breach, and therefore the consumer never knows if their data has been compromised. The consensus of the panel was that governments need to legislate. While I agree with the need for ‘some’ legislation there is also an opportunity for industry to self-regulate and show a responsible path. Self-regulation in any industry allows companies involved to find innovative ways to provide solutions and allows new business practices that may not have been permitted by the strictness of specific legislation.

The fact that data breaches and consumer privacy topped the agenda is not surprising. If we look at the trend of security stories in the US and Europe you’ll notice that the news coverage is all around these topics and the many data breaches that have taken place.

We, whether knowingly or not, disclose and share more information with companies than any generation has ever done before us: our preferences for food, where we shop, our location — the list of data is endless. It is only when this data falls into the wrong hands do we take time to think about the consequences of having shared it, and then maybe regretting it a little. As consumers we need greater choice and control on what is being collected about us and ultimately how it may be used.

It’s not surprising that in one of the world’s major populations, in which a large number of people moved straight to mobile skipping the PC generation, that mobile applications are used in slightly different ways to the rest of the world.  I recommend watching to see how Brazil handles the challenges of data breaches and consumer privacy, whether legislated or self-regulated.