NetBSD-SA2016-005 Potential remote code execution in the bozohttpd CGI handlers

November 13, 2016 007admin

NetBSD-SA2016-006 Race condition in mail.local(8)

November 13, 2016 007admin

OpenSSL ChaCha20_Poly1305 Cipher Suites (CVE-2016-7054)

November 13, 2016 007admin

A denial-of-service vulnerability exists in OpenSSL. A remote, unauthenticated attacker can send *-CHACHA20-POLY1305 ciphersuites with corrupted larger payloads and create a denial of service condition. This vulnerability is not considered to be exploitable beyond a denial of service.

Checkpoint

Microsoft Windows LSASS Denial of Service (MS16-137: CVE-2016-7237; CVE-2016-7237)

November 13, 2016 007admin

A denial-of-service vulnerability exists in Microsoft Windows. The vulnerability is due to a failure to properly process crafted requests.A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target system and cause the lsass.exe process to terminate, resulting in a non-responsive system.

Checkpoint

OpenSSL SSL3_AL_WARNING Denial of Service (CVE-2016-8610)

November 13, 2016 007admin

A denial-of-service vulnerability exists in OpenSSL. The vulnerability, AKA SSL Death Alert, is due to improper handling of warning packets by the function ssl3_read_bytes(). A remote, unauthenticated attacker can exploit this vulnerability by repeatedly sending SSL Alert Warning records during the handshake. Successful exploitation will cause the excessive resource consumption on the server.

Debian

DSA-3712 terminology – security update

November 12, 2016 007admin

Nicolas Braud-Santoni discovered that incorrect sanitising of character
escape sequences in the Terminology terminal emulator may result in the
execution of arbitrary commands.

Ubuntu

USN-3127-1: Linux kernel vulnerabilities

November 12, 2016 007admin

Ubuntu Security Notice USN-3127-1

11th November, 2016

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

linux
– Linux kernel

Details

It was discovered that the compression handling code in the Advanced Linux
Sound Architecture (ALSA) subsystem in the Linux kernel did not properly
check for an integer overflow. A local attacker could use this to cause a
denial of service (system crash). (CVE-2014-9904)

Kirill A. Shutemov discovered that memory manager in the Linux kernel did
not properly handle anonymous pages. A local attacker could use this to
cause a denial of service or possibly gain administrative privileges.
(CVE-2015-3288)

Vitaly Kuznetsov discovered that the Linux kernel did not properly suppress
hugetlbfs support in X86 paravirtualized guests. An attacker in the guest
OS could cause a denial of service (guest system crash). (CVE-2016-3961)

Ondrej Kozina discovered that the keyring interface in the Linux kernel
contained a buffer overflow when displaying timeout events via the
/proc/keys interface. A local attacker could use this to cause a denial of
service (system crash). (CVE-2016-7042)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:: linux-image-powerpc-smp

3.13.0.101.109; linux-image-3.13.0-101-powerpc-e500

3.13.0-101.148; linux-image-3.13.0-101-powerpc64-smp

3.13.0-101.148; linux-image-generic

3.13.0.101.109; linux-image-3.13.0-101-lowlatency

3.13.0-101.148; linux-image-3.13.0-101-powerpc-e500mc

3.13.0-101.148; linux-image-powerpc-e500mc

3.13.0.101.109; linux-image-powerpc64-emb

3.13.0.101.109; linux-image-3.13.0-101-generic-lpae

3.13.0-101.148; linux-image-powerpc-e500

3.13.0.101.109; linux-image-powerpc64-smp

3.13.0.101.109; linux-image-3.13.0-101-powerpc-smp

3.13.0-101.148; linux-image-generic-lpae

3.13.0.101.109; linux-image-3.13.0-101-powerpc64-emb

3.13.0-101.148; linux-image-lowlatency

3.13.0.101.109; linux-image-virtual

3.13.0.101.109; linux-image-3.13.0-101-generic

3.13.0-101.148

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

Ubuntu

USN-3127-2: Linux kernel (Trusty HWE) vulnerabilities

November 12, 2016 007admin

Ubuntu Security Notice USN-3127-2

11th November, 2016

linux-lts-trusty vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 12.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

linux-lts-trusty
– Linux hardware enablement kernel from Trusty for Precise

Details

USN-3127-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 LTS.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:: linux-image-generic-lpae-lts-trusty

3.13.0.101.92; linux-image-3.13.0-101-generic-lpae

3.13.0-101.148~precise1; linux-image-generic-lts-trusty

3.13.0.101.92; linux-image-3.13.0-101-generic

3.13.0-101.148~precise1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

Ubuntu

USN-3128-1: Linux kernel vulnerability

November 12, 2016 007admin

Ubuntu Security Notice USN-3128-1

11th November, 2016

linux vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS

Summary

The system could be made to crash under certain conditions.

Software description

linux
– Linux kernel

Details

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: linux-image-4.4.0-47-powerpc64-emb

4.4.0-47.68; linux-image-powerpc-e500mc

4.4.0.47.50; linux-image-4.4.0-47-lowlatency

4.4.0-47.68; linux-image-4.4.0-47-powerpc64-smp

4.4.0-47.68; linux-image-4.4.0-47-generic

4.4.0-47.68; linux-image-4.4.0-47-powerpc-smp

4.4.0-47.68; linux-image-powerpc-smp

4.4.0.47.50; linux-image-generic-lpae

4.4.0.47.50; linux-image-powerpc64-emb

4.4.0.47.50; linux-image-virtual

4.4.0.47.50; linux-image-4.4.0-47-generic-lpae

4.4.0-47.68; linux-image-generic

4.4.0.47.50; linux-image-lowlatency

4.4.0.47.50; linux-image-4.4.0-47-powerpc-e500mc

4.4.0-47.68; linux-image-powerpc64-smp

4.4.0.47.50

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2016-7042

Ubuntu

USN-3128-2: Linux kernel (Xenial HWE) vulnerability

November 12, 2016 007admin

Ubuntu Security Notice USN-3128-2

11th November, 2016

linux-lts-xenial vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS

Summary

The system could be made to crash under certain conditions.

Software description

linux-lts-xenial
– Linux hardware enablement kernel from Xenial for Trusty

Details

USN-3128-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:: linux-image-powerpc-smp-lts-xenial

4.4.0.47.34; linux-image-4.4.0-47-powerpc64-emb

4.4.0-47.68~14.04.1; linux-image-4.4.0-47-lowlatency

4.4.0-47.68~14.04.1; linux-image-4.4.0-47-powerpc64-smp

4.4.0-47.68~14.04.1; linux-image-4.4.0-47-generic

4.4.0-47.68~14.04.1; linux-image-generic-lpae-lts-xenial

4.4.0.47.34; linux-image-4.4.0-47-powerpc-smp

4.4.0-47.68~14.04.1; linux-image-lowlatency-lts-xenial

4.4.0.47.34; linux-image-generic-lts-xenial

4.4.0.47.34; linux-image-4.4.0-47-generic-lpae

4.4.0-47.68~14.04.1; linux-image-powerpc64-smp-lts-xenial

4.4.0.47.34; linux-image-powerpc64-emb-lts-xenial

4.4.0.47.34; linux-image-powerpc-e500mc-lts-xenial

4.4.0.47.34; linux-image-4.4.0-47-powerpc-e500mc

4.4.0-47.68~14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2016-7042

Ubuntu Security Notice USN-3127-1

linux vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-3127-2

linux-lts-trusty vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-3128-1

linux vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-3128-2

linux-lts-xenial vulnerability

Summary

Software description

Details

Update instructions

References

Software and Security Information