Monthly Archives: November 2016

Ubuntu

USN-3128-3: Linux kernel (Qualcomm Snapdragon) vulnerability

Ubuntu Security Notice USN-3128-3

11th November, 2016

linux-snapdragon vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.04 LTS

Summary

The system could be made to crash under certain conditions.

Software description

  • linux-snapdragon
    – Linux kernel for Snapdragon Processors

Details

Ondrej Kozina discovered that the keyring interface in the Linux kernel
contained a buffer overflow when displaying timeout events via the
/proc/keys interface. A local attacker could use this to cause a denial of
service (system crash).

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:
linux-image-snapdragon

4.4.0.1035.27
linux-image-4.4.0-1035-snapdragon

4.4.0-1035.39

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-7042

Ubuntu

USN-3129-1: Linux kernel vulnerability

Ubuntu Security Notice USN-3129-1

11th November, 2016

linux vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.10

Summary

The system could be made to crash under certain conditions.

Software description

  • linux
    – Linux kernel

Details

Ondrej Kozina discovered that the keyring interface in the Linux kernel
contained a buffer overflow when displaying timeout events via the
/proc/keys interface. A local attacker could use this to cause a denial of
service (system crash).

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.10:
linux-image-powerpc-smp

4.8.0.27.36
linux-image-powerpc-e500mc

4.8.0.27.36
linux-image-4.8.0-27-lowlatency

4.8.0-27.29
linux-image-generic

4.8.0.27.36
linux-image-generic-lpae

4.8.0.27.36
linux-image-4.8.0-27-generic-lpae

4.8.0-27.29
linux-image-powerpc64-emb

4.8.0.27.36
linux-image-4.8.0-27-powerpc64-emb

4.8.0-27.29
linux-image-powerpc64-smp

4.8.0.27.36
linux-image-4.8.0-27-generic

4.8.0-27.29
linux-image-4.8.0-27-powerpc-e500mc

4.8.0-27.29
linux-image-lowlatency

4.8.0.27.36
linux-image-virtual

4.8.0.27.36
linux-image-4.8.0-27-powerpc-smp

4.8.0-27.29

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-7042

Ubuntu

USN-3129-2: Linux kernel (Raspberry Pi 2) vulnerabilities

Ubuntu Security Notice USN-3129-2

11th November, 2016

linux-raspi2 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.10

Summary

The system could be made to crash under certain conditions.

Software description

  • linux-raspi2
    – Linux kernel for Raspberry Pi 2

Details

Ondrej Kozina discovered that the keyring interface in the Linux kernel
contained a buffer overflow when displaying timeout events via the
/proc/keys interface. A local attacker could use this to cause a denial of
service (system crash). (CVE-2016-7042)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.10:
linux-image-4.8.0-1018-raspi2

4.8.0-1018.21
linux-image-raspi2

4.8.0.1018.21

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-7042

Ubuntu

USN-3126-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-3126-1

11th November, 2016

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

  • linux
    – Linux kernel

Details

Ondrej Kozina discovered that the keyring interface in the Linux kernel
contained a buffer overflow when displaying timeout events via the
/proc/keys interface. A local attacker could use this to cause a denial of
service (system crash). (CVE-2016-7042)

Dmitry Vyukov discovered a use-after-free vulnerability during error
processing in the recvmmsg(2) implementation in the Linux kernel. A remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2016-7117)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:
linux-image-3.2.0-115-generic

3.2.0-115.157
linux-image-3.2.0-115-powerpc-smp

3.2.0-115.157
linux-image-powerpc

3.2.0.115.131
linux-image-3.2.0-115-virtual

3.2.0-115.157
linux-image-3.2.0-115-highbank

3.2.0-115.157
linux-image-3.2.0-115-omap

3.2.0-115.157
linux-image-highbank

3.2.0.115.131
linux-image-powerpc-smp

3.2.0.115.131
linux-image-virtual

3.2.0.115.131
linux-image-3.2.0-115-generic-pae

3.2.0-115.157
linux-image-powerpc64-smp

3.2.0.115.131
linux-image-generic-pae

3.2.0.115.131
linux-image-generic

3.2.0.115.131
linux-image-omap

3.2.0.115.131
linux-image-3.2.0-115-powerpc64-smp

3.2.0-115.157

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-7042,

CVE-2016-7117

Ubuntu

USN-3126-2: Linux kernel (OMAP4) vulnerabilities

Ubuntu Security Notice USN-3126-2

11th November, 2016

linux-ti-omap4 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

  • linux-ti-omap4
    – Linux kernel for OMAP4

Details

Ondrej Kozina discovered that the keyring interface in the Linux kernel
contained a buffer overflow when displaying timeout events via the
/proc/keys interface. A local attacker could use this to cause a denial of
service (system crash). (CVE-2016-7042)

Dmitry Vyukov discovered a use-after-free vulnerability during error
processing in the recvmmsg(2) implementation in the Linux kernel. A remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2016-7117)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:
linux-image-omap4

3.2.0.1493.88
linux-image-3.2.0-1493-omap4

3.2.0-1493.120

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-7042,

CVE-2016-7117

Hackers News

Russian Court bans LinkedIn in Russia; Facebook and Twitter Could be Next

As reported late October, the world’s largest online professional network LinkedIn is going to ban in Russia beginning Monday following a Moscow court decision this week that found Microsoft-owned LinkedIn to be in violation of the country’s data protection laws.

Here’s why LinkedIn is facing ban in Russia:

In July 2014, Russia approved amendments to the Russian Personal Data Law that came

Hackers News

Facebook Bug Declares Millions of Users Dead, Including Zuckerberg!

Last night, Facebook declared everyone dead, including the company’s CEO Mark Zuckerberg, in a massive memorial ‘remembering’ profile glitch.

Well, that’s awkward.

Despite being very much alive, Facebook users, when logged on to their accounts on Friday afternoon, found their accounts turned to a “memorialized account,” strongly suggesting that they are dead to everyone who visits their

NVD

CVE-2016-9296

A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z applications, will cause a crash and a denial of service when decoding malformed 7z files.

NVD

CVE-2016-9294

Artifex Software, Inc. MuJS before 5008105780c0b0182ea6eda83ad5598f225be3ee allows context-dependent attackers to conduct “denial of service (application crash)” attacks by using the “malformed labeled break/continue in JavaScript” approach, related to a “NULL pointer dereference” issue affecting the jscompile.c component.