Ubuntu

USN-2908-3: Linux kernel (Raspberry Pi 2) vulnerabilities

February 23, 2016 007admin Leave a comment

Ubuntu Security Notice USN-2908-3

22nd February, 2016

linux-raspi2 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 15.10

Summary

Several security issues were fixed in the kernel.

Software description

linux-raspi2
– Linux kernel for Raspberry Pi 2

Details

halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,
incorrectly propagated file attributes, including setuid. A local
unprivileged attacker could use this to gain privileges. (CVE-2016-1576)

halfdog discovered that OverlayFS in the Linux kernel incorrectly
propagated security sensitive extended attributes, such as POSIX ACLs. A
local unprivileged attacker could use this to gain privileges.
(CVE-2016-1575)

It was discovered that the Linux kernel did not properly enforce rlimits
for file descriptors sent over UNIX domain sockets. A local attacker could
use this to cause a denial of service. (CVE-2013-4312)

It was discovered that the Linux kernel’s Filesystem in Userspace (FUSE)
implementation did not handle initial zero length segments properly. A
local attacker could use this to cause a denial of service (unkillable
task). (CVE-2015-8785)

Andy Lutomirski discovered a race condition in the Linux kernel’s
translation lookaside buffer (TLB) handling of flush events. A local
attacker could use this to cause a denial of service or possibly leak
sensitive information. (CVE-2016-2069)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:: linux-image-4.2.0-1025-raspi2

4.2.0-1025.32

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

Ubuntu

USN-2908-2: Linux kernel (Wily HWE) vulnerabilities

February 23, 2016 007admin Leave a comment

Ubuntu Security Notice USN-2908-2

22nd February, 2016

linux-lts-wily vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

linux-lts-wily
– Linux hardware enablement kernel from Wily

Details

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:: linux-image-4.2.0-30-powerpc-smp

4.2.0-30.35~14.04.1; linux-image-4.2.0-30-powerpc64-smp

4.2.0-30.35~14.04.1; linux-image-4.2.0-30-lowlatency

4.2.0-30.35~14.04.1; linux-image-4.2.0-30-powerpc-e500mc

4.2.0-30.35~14.04.1; linux-image-4.2.0-30-generic

4.2.0-30.35~14.04.1; linux-image-4.2.0-30-generic-lpae

4.2.0-30.35~14.04.1; linux-image-4.2.0-30-powerpc64-emb

4.2.0-30.35~14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

Ubuntu

USN-2908-1: Linux kernel vulnerabilities

February 23, 2016 007admin Leave a comment

Ubuntu Security Notice USN-2908-1

22nd February, 2016

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 15.10

Summary

Several security issues were fixed in the kernel.

Software description

linux
– Linux kernel

Details

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:: linux-image-4.2.0-30-powerpc-smp

4.2.0-30.35; linux-image-4.2.0-30-powerpc64-smp

4.2.0-30.35; linux-image-4.2.0-30-lowlatency

4.2.0-30.35; linux-image-4.2.0-30-powerpc-e500mc

4.2.0-30.35; linux-image-4.2.0-30-powerpc64-emb

4.2.0-30.35; linux-image-4.2.0-30-generic-lpae

4.2.0-30.35; linux-image-4.2.0-30-generic

4.2.0-30.35

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

Ubuntu

USN-2909-1: Linux kernel (Utopic HWE) vulnerabilities

February 23, 2016 007admin Leave a comment

Ubuntu Security Notice USN-2909-1

22nd February, 2016

linux-lts-utopic vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

linux-lts-utopic
– Linux hardware enablement kernel from Utopic

Details

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:: linux-image-3.16.0-62-generic-lpae

3.16.0-62.82~14.04.1; linux-image-3.16.0-62-lowlatency

3.16.0-62.82~14.04.1; linux-image-3.16.0-62-powerpc-e500mc

3.16.0-62.82~14.04.1; linux-image-3.16.0-62-powerpc-smp

3.16.0-62.82~14.04.1; linux-image-3.16.0-62-powerpc64-smp

3.16.0-62.82~14.04.1; linux-image-3.16.0-62-generic

3.16.0-62.82~14.04.1; linux-image-3.16.0-62-powerpc64-emb

3.16.0-62.82~14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2015-8785,

CVE-2016-1575,

CVE-2016-1576

Ubuntu

USN-2910-1: Linux kernel (Vivid HWE) vulnerabilities

February 23, 2016 007admin Leave a comment

Ubuntu Security Notice USN-2910-1

22nd February, 2016

linux-lts-vivid vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

linux-lts-vivid
– Linux hardware enablement kernel from Vivid

Details

It was discovered that the Linux kernel keyring subsystem contained a race
between read and revoke operations. A local attacker could use this to
cause a denial of service (system crash). (CVE-2015-7550)

郭永刚 discovered that the Linux kernel networking implementation did
not validate protocol identifiers for certain protocol families, A local
attacker could use this to cause a denial of service (system crash) or
possibly gain administrative privileges. (CVE-2015-8543)

Dmitry Vyukov discovered that the pptp implementation in the Linux kernel
did not verify an address length when setting up a socket. A local attacker
could use this to craft an application that exposed sensitive information
from kernel memory. (CVE-2015-8569)

David Miller discovered that the Bluetooth implementation in the Linux
kernel did not properly validate the socket address length for Synchronous
Connection-Oriented (SCO) sockets. A local attacker could use this to
expose sensitive information. (CVE-2015-8575)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:: linux-image-3.19.0-51-generic-lpae

3.19.0-51.57~14.04.1; linux-image-3.19.0-51-lowlatency

3.19.0-51.57~14.04.1; linux-image-3.19.0-51-generic

3.19.0-51.57~14.04.1; linux-image-3.19.0-51-powerpc-e500mc

3.19.0-51.57~14.04.1; linux-image-3.19.0-51-powerpc64-smp

3.19.0-51.57~14.04.1; linux-image-3.19.0-51-powerpc64-emb

3.19.0-51.57~14.04.1; linux-image-3.19.0-51-powerpc-smp

3.19.0-51.57~14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

Ubuntu

USN-2911-1: Linux kernel vulnerability

February 23, 2016 007admin Leave a comment

Ubuntu Security Notice USN-2911-1

22nd February, 2016

linux vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 12.04 LTS

Summary

The system could be made to crash under certain conditions.

Software description

linux
– Linux kernel

Details

It was discovered that the Linux kernel keyring subsystem contained a race
between read and revoke operations. A local attacker could use this to
cause a denial of service (system crash).

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:: linux-image-3.2.0-99-generic-pae

3.2.0-99.139; linux-image-3.2.0-99-powerpc64-smp

3.2.0-99.139; linux-image-3.2.0-99-generic

3.2.0-99.139; linux-image-3.2.0-99-virtual

3.2.0-99.139; linux-image-3.2.0-99-highbank

3.2.0-99.139; linux-image-3.2.0-99-powerpc-smp

3.2.0-99.139; linux-image-3.2.0-99-omap

3.2.0-99.139

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2015-7550

Ubuntu

USN-2911-2: Linux kernel (OMAP4) vulnerability

February 23, 2016 007admin Leave a comment

Ubuntu Security Notice USN-2911-2

22nd February, 2016

linux-ti-omap4 vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 12.04 LTS

Summary

The system could be made to crash under certain conditions.

Software description

linux-ti-omap4
– Linux kernel for OMAP4

Details

It was discovered that the Linux kernel keyring subsystem contained a race
between read and revoke operations. A local attacker could use this to
cause a denial of service (system crash).

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:: linux-image-3.2.0-1477-omap4

3.2.0-1477.100

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2015-7550

Security

Prezi Cross Site Scripting

February 23, 2016 007admin Leave a comment

Prezi suffers from a cross site scripting vulnerability.

ESET

4 internet-savvy countries agree: Kids go digital too early

February 23, 2016 007admin Leave a comment

Online surveys by ESET show that a majority of parents in Russia, the United Kingdom, Germany and the United States are not at all happy about their children going digital too early.

The post 4 internet-savvy countries agree: Kids go digital too early appeared first on We Live Security.

ESET

Digital childhoods: How different nations bring up their kids

February 23, 2016 007admin Leave a comment

ESET has looked deeper into what parents in the United States, Germany, the United Kingdom and Russia regard as the appropriate age for digital activities.

The post Digital childhoods: How different nations bring up their kids appeared first on We Live Security.

Ubuntu Security Notice USN-2908-3

linux-raspi2 vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2908-2

linux-lts-wily vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2908-1

linux vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2909-1

linux-lts-utopic vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2910-1

linux-lts-vivid vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2911-1

linux vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2911-2

linux-ti-omap4 vulnerability

Summary

Software description

Details

Update instructions

References

Software and Security Information