DSA-3656 tryton-server – security update

August 29, 2016 007admin

Two vulnerabilities have been discovered in the server for the Tryton
application platform, which may result in information disclosure of
password hashes or file contents.

Debian

DSA-3657 libarchive – security update

August 29, 2016 007admin

Hanno Boeck and Marcin Noga discovered multiple vulnerabilities in
libarchive; processing malformed archives may result in denial of
service or the execution of arbitrary code.

Security Focus

Vuln: Mozilla Firefox Multiple Security Vulnerabilities

August 29, 2016 007admin

Mozilla Firefox Multiple Security Vulnerabilities

Security Focus

Vuln: Linux Kernel CVE-2016-2117 Remote Buffer Overflow Vulnerability

August 29, 2016 007admin

Linux Kernel CVE-2016-2117 Remote Buffer Overflow Vulnerability

Security Focus

Vuln: Oracle Java SE CVE-2016-3550 Remote Security Vulnerability

August 29, 2016 007admin

Oracle Java SE CVE-2016-3550 Remote Security Vulnerability

Security Focus

Vuln: Linux kernel 'key_reject_and_link()' Function Local Use After Free Denial of Service Vulnerability

August 29, 2016 007admin

Linux kernel ‘key_reject_and_link()’ Function Local Use After Free Denial of Service Vulnerability

AVG

A generation of connected kids

August 29, 2016 007admin

As many of our kids have returned, or are in the process of returning back to school, we should expect to see different behavior patterns in their usage of devices.

Hopefully one of those changes will be to use them for studying.

As parents we want our kids to have a balanced life of being online while still appreciating the need to have life skills, such as actually speaking. Our concerns are not new, back when the wireless (radio) was invented I am sure parents told their kids to stop listening to that box, in the same way my parents told me I would get square eyes if I watch too much TV.

Controlling the balance can be tricky, especially when our kids only know a life that’s online and the normal way to communicate. It’s important that device time is understood as a privilege and not a right. Some parents have contracts with their kids stating what is expected of them when using a device, while others do nothing and some block or monitor access.

When thinking about screen time one of the first things to do is walk around the house and count the numbers of devices that are connected. Many of us forget that games consoles and some toys are now connected devices, so asking your child to put down their phone just to see them pick up another connected device might not be achieving the goal of having a balance.

In my house we strike the balance through communication and education, this has worked well for us. One of the first things we implemented was ‘the basket’, a place where phones live during meals times and overnight. This drives conversation at the meal table and texting, posting or gaming late at night has never been an issue. The biggest challenge here is can you as an adult commit to putting your phone in the basket!

Understanding what your kids do online is important. Effective monitoring through parental control software or using software on an internet router, such as the Ally System, supported by AVG, from Amped Wireless will give you oversight that will allow you to have conversations about inappropriate use and behavior. The insight of knowing that your child is spending 3 hours a day on social media should encourage you to have a conversation about time well spent.

Many of these technologies also offer the ability to block, while blocking inappropriate content is a good idea limiting your kids access through blocking will push them underground to connect in other locations such as public libraries, coffee shops or their friends house. And remember their smart phone probably has it’s own access. My point here is that you cannot control their access everywhere, so it is better to educate them having the knowledge of what is being accessed so that they behave well wherever they are and they have the principals to stay safe.

Another important element to limiting both screen time and keeping them safe is understanding the functionality of the apps they run. Listen to your kids talking to their friends about what they use, talk to them to find out and then go off and download the same apps.

Redhat

RHEA-2016:1780-1: new packages: kmod-megaraid_sas

August 29, 2016 007admin

Red Hat Enterprise Linux: The kmod-megaraid_sas packages contain the Avago MegaRAID SAS Driver.

Ubuntu

USN-3070-1: Linux kernel vulnerabilities

August 29, 2016 007admin

Ubuntu Security Notice USN-3070-1

29th August, 2016

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

linux
– Linux kernel

Details

A missing permission check when settings ACLs was discovered in nfsd. A
local user could exploit this flaw to gain access to any file by setting an
ACL. (CVE-2016-1237)

Kangjie Lu discovered an information leak in the Reliable Datagram Sockets
(RDS) implementation in the Linux kernel. A local attacker could use this
to obtain potentially sensitive information from kernel memory.
(CVE-2016-5244)

James Patrick-Evans discovered that the airspy USB device driver in the
Linux kernel did not properly handle certain error conditions. An attacker
with physical access could use this to cause a denial of service (memory
consumption). (CVE-2016-5400)

Yue Cao et al discovered a flaw in the TCP implementation’s handling of
challenge acks in the Linux kernel. A remote attacker could use this to
cause a denial of service (reset connection) or inject content into an TCP
stream. (CVE-2016-5696)

Pengfei Wang discovered a race condition in the MIC VOP driver in the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash) or obtain potentially sensitive information from kernel
memory. (CVE-2016-5728)

Cyril Bur discovered that on PowerPC platforms, the Linux kernel mishandled
transactional memory state on exec(). A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2016-5828)

It was discovered that a heap based buffer overflow existed in the USB HID
driver in the Linux kernel. A local attacker could use this cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2016-5829)

It was discovered that the OverlayFS implementation in the Linux kernel did
not properly verify dentry state before proceeding with unlink and rename
operations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2016-6197)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: linux-image-4.4.0-36-generic-lpae

4.4.0-36.55; linux-image-4.4.0-36-powerpc64-smp

4.4.0-36.55; linux-image-4.4.0-36-powerpc-e500mc

4.4.0-36.55; linux-image-4.4.0-36-powerpc64-emb

4.4.0-36.55; linux-image-4.4.0-36-lowlatency

4.4.0-36.55; linux-image-4.4.0-36-generic

4.4.0-36.55; linux-image-4.4.0-36-powerpc-smp

4.4.0-36.55

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.