Category Archives: Ubuntu

Ubuntu Security Notices

Ubuntu

USN-2516-2: Linux kernel vulnerability regression

March 1, 2015 007admin

Ubuntu Security Notice USN-2516-2

28th February, 2015

linux vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS

Summary

USN-2516-1 introduced a regression in the Linux kernel.

Software description

linux
– Linux kernel

Details

USN-2516-1 fixed vulnerabilities in the Linux kernel. There was an unrelated
regression in the use of the virtual counter (CNTVCT) on arm64 architectures.
This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

A flaw was discovered in the Kernel Virtual Machine’s (KVM) emulation of
the SYSTENTER instruction when the guest OS does not initialize the
SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of
service of the guest OS (crash) or potentially gain privileges on the guest
OS. (CVE-2015-0239)

Andy Lutomirski discovered an information leak in the Linux kernel’s Thread
Local Storage (TLS) implementation allowing users to bypass the espfix to
obtain information that could be used to bypass the Address Space Layout
Randomization (ASLR) protection mechanism. A local user could exploit this
flaw to obtain potentially sensitive information from kernel memory.
(CVE-2014-8133)

A restriction bypass was discovered in iptables when conntrack rules are
specified and the conntrack protocol handler module is not loaded into the
Linux kernel. This flaw can cause the firewall rules on the system to be
bypassed when conntrack rules are used. (CVE-2014-8160)

A flaw was discovered with file renaming in the linux kernel. A local user
could exploit this flaw to cause a denial of service (deadlock and system
hang). (CVE-2014-8559)

A flaw was discovered in how supplemental group memberships are handled in
certain namespace scenarios. A local user could exploit this flaw to bypass
file permission restrictions. (CVE-2014-8989)

A flaw was discovered in how Thread Local Storage (TLS) is handled by the
task switching function in the Linux kernel for x86_64 based machines. A
local user could exploit this flaw to bypass the Address Space Layout
Radomization (ASLR) protection mechanism. (CVE-2014-9419)

Prasad J Pandit reported a flaw in the rock_continue function of the Linux
kernel’s ISO 9660 CDROM file system. A local user could exploit this flaw
to cause a denial of service (system crash or hang). (CVE-2014-9420)

A flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced
Meshing Protocol in the Linux kernel. A remote attacker could exploit this
flaw to cause a denial of service (mesh-node system crash) via fragmented
packets. (CVE-2014-9428)

A race condition was discovered in the Linux kernel’s key ring. A local
user could cause a denial of service (memory corruption or panic) or
possibly have unspecified impact via the keyctl commands. (CVE-2014-9529)

A memory leak was discovered in the ISO 9660 CDROM file system when parsing
rock ridge ER records. A local user could exploit this flaw to obtain
sensitive information from kernel memory via a crafted iso9660 image.
(CVE-2014-9584)

A flaw was discovered in the Address Space Layout Randomization (ASLR) of
the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw
makes it easier for a local user to bypass the ASLR protection mechanism.
(CVE-2014-9585)

Dmitry Chernenkov discovered a buffer overflow in eCryptfs’ encrypted file
name decoding. A local unprivileged user could exploit this flaw to cause a
denial of service (system crash) or potentially gain administrative
privileges. (CVE-2014-9683)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:: mouse-modules-3.13.0-46-generic-di

3.13.0-46.76; md-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; squashfs-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; nfs-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; fat-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; mouse-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; multipath-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; ipmi-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; message-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; storage-core-modules-3.13.0-46-generic-lpae-di

3.13.0-46.76; usb-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; linux-headers-3.13.0-46-powerpc64-emb

3.13.0-46.76; linux-tools-3.13.0-46

3.13.0-46.76; input-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; linux-cloud-tools-3.13.0-46-generic-lpae

3.13.0-46.76; linux-image-extra-3.13.0-46-generic-lpae

3.13.0-46.76; kernel-image-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; plip-modules-3.13.0-46-generic-di

3.13.0-46.76; storage-core-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; block-modules-3.13.0-46-generic-lpae-di

3.13.0-46.76; linux-udebs-generic-lpae

3.13.0-46.76; fs-core-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; input-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; sata-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; floppy-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; linux-tools-common

3.13.0-46.76; linux-tools-3.13.0-46-powerpc64-emb

3.13.0-46.76; fs-secondary-modules-3.13.0-46-generic-di

3.13.0-46.76; linux-cloud-tools-3.13.0-46-powerpc-e500mc

3.13.0-46.76; sata-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; linux-doc

3.13.0-46.76; linux-image-3.13.0-46-powerpc64-smp

3.13.0-46.76; nic-modules-3.13.0-46-generic-lpae-di

3.13.0-46.76; parport-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; nfs-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; nic-shared-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; block-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; linux-image-extra-3.13.0-46-powerpc64-emb

3.13.0-46.76; message-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; nic-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; pcmcia-storage-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; storage-core-modules-3.13.0-46-generic-di

3.13.0-46.76; linux-headers-3.13.0-46-powerpc-e500mc

3.13.0-46.76; fb-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; input-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; linux-image-3.13.0-46-powerpc-e500

3.13.0-46.76; parport-modules-3.13.0-46-generic-lpae-di

3.13.0-46.76; firewire-core-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; vlan-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; multipath-modules-3.13.0-46-generic-lpae-di

3.13.0-46.76; storage-core-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; floppy-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; squashfs-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; linux-tools-3.13.0-46-generic-lpae

3.13.0-46.76; ipmi-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; floppy-modules-3.13.0-46-generic-di

3.13.0-46.76; linux-headers-3.13.0-46-powerpc-e500

3.13.0-46.76; pata-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; irda-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; scsi-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; linux-cloud-tools-3.13.0-46-powerpc-e500

3.13.0-46.76; vlan-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; parport-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; pcmcia-storage-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; vlan-modules-3.13.0-46-generic-lpae-di

3.13.0-46.76; fs-core-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; pcmcia-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; serial-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; nic-usb-modules-3.13.0-46-generic-lpae-di

3.13.0-46.76; nic-pcmcia-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; fs-core-modules-3.13.0-46-generic-di

3.13.0-46.76; speakup-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; kernel-image-3.13.0-46-powerpc-e500-di

3.13.0-46.76; linux-image-3.13.0-46-powerpc64-emb

3.13.0-46.76; ppp-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; serial-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; linux-libc-dev

3.13.0-46.76; linux-headers-3.13.0-46-generic-lpae

3.13.0-46.76; virtio-modules-3.13.0-46-generic-di

3.13.0-46.76; linux-udebs-lowlatency

3.13.0-46.76; linux-udebs-powerpc-e500

3.13.0-46.76; sata-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; md-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; fs-secondary-modules-3.13.0-46-generic-lpae-di

3.13.0-46.76; ppp-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; crypto-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; nfs-modules-3.13.0-46-generic-lpae-di

3.13.0-46.76; kernel-image-3.13.0-46-generic-di

3.13.0-46.76; linux-tools-3.13.0-46-generic

3.13.0-46.76; scsi-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; nic-usb-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; pata-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; fb-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; pata-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; nic-usb-modules-3.13.0-46-generic-di

3.13.0-46.76; fb-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; speakup-modules-3.13.0-46-generic-lpae-di

3.13.0-46.76; md-modules-3.13.0-46-generic-lpae-di

3.13.0-46.76; linux-source-3.13.0

3.13.0-46.76; speakup-modules-3.13.0-46-generic-di

3.13.0-46.76; linux-tools-3.13.0-46-powerpc-e500mc

3.13.0-46.76; fs-secondary-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; pcmcia-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; ipmi-modules-3.13.0-46-generic-lpae-di

3.13.0-46.76; fat-modules-3.13.0-46-generic-lpae-di

3.13.0-46.76; pcmcia-storage-modules-3.13.0-46-generic-di

3.13.0-46.76; irda-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; virtio-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; linux-tools-3.13.0-46-powerpc-smp

3.13.0-46.76; ppp-modules-3.13.0-46-generic-lpae-di

3.13.0-46.76; linux-image-extra-3.13.0-46-powerpc-smp

3.13.0-46.76; crypto-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; floppy-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; fs-secondary-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; sata-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; nic-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; ipmi-modules-3.13.0-46-generic-di

3.13.0-46.76; message-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; kernel-image-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; mouse-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; squashfs-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; linux-image-extra-3.13.0-46-powerpc64-smp

3.13.0-46.76; pcmcia-modules-3.13.0-46-generic-di

3.13.0-46.76; crypto-modules-3.13.0-46-generic-lpae-di

3.13.0-46.76; pcmcia-storage-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; crypto-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; nic-shared-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; ppp-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; linux-cloud-tools-3.13.0-46-powerpc64-emb

3.13.0-46.76; sata-modules-3.13.0-46-generic-di

3.13.0-46.76; pcmcia-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; pata-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; linux-udebs-powerpc64-emb

3.13.0-46.76; linux-cloud-tools-3.13.0-46-powerpc64-smp

3.13.0-46.76; linux-headers-3.13.0-46-generic

3.13.0-46.76; plip-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; nic-shared-modules-3.13.0-46-generic-di

3.13.0-46.76; usb-modules-3.13.0-46-generic-lpae-di

3.13.0-46.76; linux-image-extra-3.13.0-46-powerpc-e500mc

3.13.0-46.76; parport-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; scsi-modules-3.13.0-46-generic-lpae-di

3.13.0-46.76; squashfs-modules-3.13.0-46-generic-lpae-di

3.13.0-46.76; multipath-modules-3.13.0-46-generic-di

3.13.0-46.76; usb-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; ppp-modules-3.13.0-46-generic-di

3.13.0-46.76; linux-headers-3.13.0-46-powerpc64-smp

3.13.0-46.76; linux-headers-3.13.0-46-lowlatency

3.13.0-46.76; usb-modules-3.13.0-46-generic-di

3.13.0-46.76; firewire-core-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; linux-image-extra-3.13.0-46-powerpc-e500

3.13.0-46.76; parport-modules-3.13.0-46-generic-di

3.13.0-46.76; fs-core-modules-3.13.0-46-generic-lpae-di

3.13.0-46.76; linux-image-3.13.0-46-powerpc-smp

3.13.0-46.76; input-modules-3.13.0-46-generic-lpae-di

3.13.0-46.76; block-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; linux-headers-3.13.0-46

3.13.0-46.76; nic-pcmcia-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; linux-tools-3.13.0-46-powerpc-e500

3.13.0-46.76; speakup-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; nic-pcmcia-modules-3.13.0-46-generic-di

3.13.0-46.76; multipath-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; linux-cloud-tools-3.13.0-46-generic

3.13.0-46.76; crypto-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; nic-pcmcia-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; pcmcia-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; crypto-modules-3.13.0-46-generic-di

3.13.0-46.76; nic-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; vlan-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; fb-modules-3.13.0-46-generic-di

3.13.0-46.76; irda-modules-3.13.0-46-generic-lpae-di

3.13.0-46.76; plip-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; nic-shared-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; irda-modules-3.13.0-46-generic-di

3.13.0-46.76; nic-shared-modules-3.13.0-46-generic-lpae-di

3.13.0-46.76; nic-modules-3.13.0-46-generic-di

3.13.0-46.76; virtio-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; storage-core-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; scsi-modules-3.13.0-46-generic-di

3.13.0-46.76; plip-modules-3.13.0-46-generic-lpae-di

3.13.0-46.76; nic-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; plip-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; linux-image-3.13.0-46-generic-lpae

3.13.0-46.76; storage-core-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; linux-tools-3.13.0-46-powerpc64-smp

3.13.0-46.76; parport-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; linux-image-3.13.0-46-lowlatency

3.13.0-46.76; linux-cloud-tools-common

3.13.0-46.76; kernel-image-3.13.0-46-powerpc-smp-di

3.13.0-46.76; nic-usb-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; scsi-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; virtio-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; speakup-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; mouse-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; nic-usb-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; input-modules-3.13.0-46-generic-di

3.13.0-46.76; virtio-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; firewire-core-modules-3.13.0-46-generic-di

3.13.0-46.76; message-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; irda-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; ppp-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; vlan-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; usb-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; pata-modules-3.13.0-46-generic-di

3.13.0-46.76; fat-modules-3.13.0-46-generic-di

3.13.0-46.76; block-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; nfs-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; fs-core-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; plip-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; fs-secondary-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; ipmi-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; multipath-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; linux-udebs-generic

3.13.0-46.76; irda-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; fs-secondary-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; fat-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; nfs-modules-3.13.0-46-generic-di

3.13.0-46.76; speakup-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; nic-usb-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; serial-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; multipath-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; vlan-modules-3.13.0-46-generic-di

3.13.0-46.76; mouse-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; linux-image-3.13.0-46-generic

3.13.0-46.76; nic-pcmcia-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; md-modules-3.13.0-46-generic-di

3.13.0-46.76; md-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; pcmcia-storage-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; linux-cloud-tools-3.13.0-46-lowlatency

3.13.0-46.76; linux-udebs-powerpc-smp

3.13.0-46.76; linux-udebs-powerpc-e500mc

3.13.0-46.76; linux-udebs-powerpc64-smp

3.13.0-46.76; scsi-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; linux-image-extra-3.13.0-46-lowlatency

3.13.0-46.76; mouse-modules-3.13.0-46-generic-lpae-di

3.13.0-46.76; fs-core-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; fat-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; ipmi-modules-3.13.0-46-powerpc64-smp-di

3.13.0-46.76; fat-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; linux-headers-3.13.0-46-powerpc-smp

3.13.0-46.76; fb-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; nfs-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; firewire-core-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; squashfs-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; block-modules-3.13.0-46-generic-di

3.13.0-46.76; linux-image-3.13.0-46-powerpc-e500mc

3.13.0-46.76; usb-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; md-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; serial-modules-3.13.0-46-generic-di

3.13.0-46.76; linux-image-extra-3.13.0-46-generic

3.13.0-46.76; floppy-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; nic-shared-modules-3.13.0-46-powerpc-e500-di

3.13.0-46.76; squashfs-modules-3.13.0-46-generic-di

3.13.0-46.76; serial-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; linux-cloud-tools-3.13.0-46-powerpc-smp

3.13.0-46.76; sata-modules-3.13.0-46-generic-lpae-di

3.13.0-46.76; kernel-image-3.13.0-46-generic-lpae-di

3.13.0-46.76; firewire-core-modules-3.13.0-46-powerpc-e500mc-di

3.13.0-46.76; input-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76; linux-cloud-tools-3.13.0-46

3.13.0-46.76; message-modules-3.13.0-46-generic-di

3.13.0-46.76; linux-tools-3.13.0-46-lowlatency

3.13.0-46.76; block-modules-3.13.0-46-powerpc-smp-di

3.13.0-46.76

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

LP: 1426043

Ubuntu

USN-2519-1: GNU C Library vulnerabilities

February 27, 2015 007admin

Ubuntu Security Notice USN-2519-1

26th February, 2015

eglibc, glibc vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS
Ubuntu 10.04 LTS

Summary

Several security issues were fixed in the GNU C Library.

Software description

eglibc
– GNU C Library
glibc
– GNU C Library

Details

Arnaud Le Blanc discovered that the GNU C Library incorrectly handled file
descriptors when resolving DNS queries under high load. This may cause a
denial of service in other applications, or an information leak. This issue
only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2013-7423)

It was discovered that the GNU C Library incorrectly handled receiving a
positive answer while processing the network name when performing DNS
resolution. A remote attacker could use this issue to cause the GNU C
Library to hang, resulting in a denial of service. (CVE-2014-9402)

Joseph Myers discovered that the GNU C Library wscanf function incorrectly
handled memory. A remote attacker could possibly use this issue to cause
the GNU C Library to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu
14.04 LTS and Ubuntu 14.10. (CVE-2015-1472, CVE-2015-1473)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:: libc6

2.19-10ubuntu2.3
Ubuntu 14.04 LTS:: libc6

2.19-0ubuntu6.6
Ubuntu 12.04 LTS:: libc6

2.15-0ubuntu10.11
Ubuntu 10.04 LTS:: libc6

2.11.1-0ubuntu7.21

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

Ubuntu

USN-2520-1: CUPS vulnerability

February 27, 2015 007admin

Ubuntu Security Notice USN-2520-1

26th February, 2015

cups vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS
Ubuntu 10.04 LTS

Summary

CUPS could be made to crash or run programs if it processed a specially
crafted file.

Software description

cups
– Common UNIX Printing System(tm)

Details

Peter De Wachter discovered that CUPS incorrectly handled certain malformed
compressed raster files. A remote attacker could use this issue to cause
CUPS to crash, resulting in a denial of service, or possibly execute
arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:: cups

1.7.5-3ubuntu3.1
Ubuntu 14.04 LTS:: cups

1.7.2-0ubuntu1.5
Ubuntu 12.04 LTS:: cups

1.5.3-0ubuntu8.6
Ubuntu 10.04 LTS:: cups

1.4.3-1ubuntu1.14

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-9679

Ubuntu

USN-2512-1: Linux kernel (EC2) vulnerabilities

February 26, 2015 007admin

Ubuntu Security Notice USN-2512-1

26th February, 2015

linux-ec2 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 10.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

linux-ec2
– Linux kernel for EC2

Details

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 10.04 LTS:: linux-image-2.6.32-376-ec2

2.6.32-376.93

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2014-9529,

CVE-2014-9584

Ubuntu

USN-2511-1: Linux kernel vulnerabilities

February 26, 2015 007admin

Ubuntu Security Notice USN-2511-1

26th February, 2015

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 10.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

linux
– Linux kernel

Details

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 10.04 LTS:: linux-image-2.6.32-73-lpia

2.6.32-73.140; linux-image-2.6.32-73-powerpc64-smp

2.6.32-73.140; linux-image-2.6.32-73-generic-pae

2.6.32-73.140; linux-image-2.6.32-73-sparc64

2.6.32-73.140; linux-image-2.6.32-73-generic

2.6.32-73.140; linux-image-2.6.32-73-virtual

2.6.32-73.140; linux-image-2.6.32-73-ia64

2.6.32-73.140; linux-image-2.6.32-73-powerpc-smp

2.6.32-73.140; linux-image-2.6.32-73-versatile

2.6.32-73.140; linux-image-2.6.32-73-386

2.6.32-73.140; linux-image-2.6.32-73-powerpc

2.6.32-73.140; linux-image-2.6.32-73-server

2.6.32-73.140; linux-image-2.6.32-73-sparc64-smp

2.6.32-73.140; linux-image-2.6.32-73-preempt

2.6.32-73.140

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2014-9529,

CVE-2014-9584

Ubuntu

USN-2505-1: Firefox vulnerabilities

February 26, 2015 007admin

Ubuntu Security Notice USN-2505-1

25th February, 2015

firefox vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

Firefox could be made to crash or run programs as your login if it
opened a malicious website.

Software description

firefox
– Mozilla Open Source web browser

Details

Matthew Noorenberghe discovered that whitelisted Mozilla domains could
make UITour API calls from background tabs. If one of these domains were
compromised and open in a background tab, an attacker could potentially
exploit this to conduct clickjacking attacks. (CVE-2015-0819)

Jan de Mooij discovered an issue that affects content using the Caja
Compiler. If web content loads specially crafted code, this could be used
to bypass sandboxing security measures provided by Caja. (CVE-2015-0820)

Armin Razmdjou discovered that opening hyperlinks with specific mouse
and key combinations could allow a Chrome privileged URL to be opened
without context restrictions being preserved. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to bypass security restrictions. (CVE-2015-0821)

Armin Razmdjou discovered that contents of locally readable files could
be made available via manipulation of form autocomplete in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to obtain sensitive
information. (CVE-2015-0822)

Atte Kettunen discovered a use-after-free in the OpenType Sanitiser (OTS)
in some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash. (CVE-2015-0823)

Atte Kettunen discovered a crash when drawing images using Cairo in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service. (CVE-2015-0824)

Atte Kettunen discovered a buffer underflow during playback of MP3 files
in some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to obtain
sensitive information. (CVE-2015-0825)

Atte Kettunen discovered a buffer overflow during CSS restyling in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2015-0826)

Abhishek Arya discovered an out-of-bounds read and write when rendering
SVG content in some circumstances. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit this
to obtain sensitive information. (CVE-2015-0827)

A buffer overflow was discovered in libstagefright during video playback
in some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking Firefox. (CVE-2015-0829)

Daniele Di Proietto discovered that WebGL could cause a crash in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service. (CVE-2015-0830)

Paul Bandha discovered a use-after-free in IndexedDB. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-0831)

Muneaki Nishimura discovered that a period appended to a hostname could
bypass key pinning and HSTS in some circumstances. A remote attacker could
potentially exloit this to conduct a Man-in-the-middle (MITM) attack.
(CVE-2015-0832)

Alexander Kolesnik discovered that Firefox would attempt plaintext
connections to servers when handling turns: and stuns: URIs. A remote
attacker could potentially exploit this by conducting a Man-in-the-middle
(MITM) attack in order to obtain credentials. (CVE-2015-0834)

Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Liz Henry, Byron
Campen, Tom Schuster, Ryan VanderMeulen, Christian Holler, Jesse Ruderman,
Randell Jesup, Robin Whittleton, Jon Coppeard, and Nikhil Marathe
discovered multiple memory safety issues in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-0835, CVE-2015-0836)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:: firefox

36.0+build2-0ubuntu0.14.10.4
Ubuntu 14.04 LTS:: firefox

36.0+build2-0ubuntu0.14.04.4
Ubuntu 12.04 LTS:: firefox

36.0+build2-0ubuntu0.12.04.5

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

Ubuntu

USN-2516-1: Linux kernel vulnerabilities

February 26, 2015 007admin

Ubuntu Security Notice USN-2516-1

26th February, 2015

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

linux
– Linux kernel

Details

A flaw was discovered with file renaming in the linux kernel. A local user
could exploit this flaw to cause a denial of service (deadlock and system
hang). (CVE-2014-8559)

A flaw was discovered in how supplemental group memberships are handled in
certain namespace scenarios. A local user could exploit this flaw to bypass
file permission restrictions. (CVE-2014-8989)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:: linux-image-3.13.0-46-generic-lpae

3.13.0-46.75; linux-image-3.13.0-46-generic

3.13.0-46.75; linux-image-3.13.0-46-powerpc-e500mc

3.13.0-46.75; linux-image-3.13.0-46-powerpc-smp

3.13.0-46.75; linux-image-3.13.0-46-powerpc64-emb

3.13.0-46.75; linux-image-3.13.0-46-powerpc-e500

3.13.0-46.75; linux-image-3.13.0-46-powerpc64-smp

3.13.0-46.75; linux-image-3.13.0-46-lowlatency

3.13.0-46.75

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

Ubuntu

USN-2515-1: Linux kernel (Trusty HWE) vulnerabilities

February 26, 2015 007admin

Ubuntu Security Notice USN-2515-1

26th February, 2015

linux-lts-trusty vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 12.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

linux-lts-trusty
– Linux hardware enablement kernel from Trusty

Details

A flaw was discovered with file renaming in the linux kernel. A local user
could exploit this flaw to cause a denial of service (deadlock and system
hang). (CVE-2014-8559)

A flaw was discovered in how supplemental group memberships are handled in
certain namespace scenarios. A local user could exploit this flaw to bypass
file permission restrictions. (CVE-2014-8989)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:: linux-image-3.13.0-46-generic-lpae

3.13.0-46.75~precise1; linux-image-3.13.0-46-generic

3.13.0-46.75~precise1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

Ubuntu

USN-2514-1: Linux kernel (OMAP4) vulnerabilities

February 26, 2015 007admin

Ubuntu Security Notice USN-2514-1

26th February, 2015

linux-ti-omap4 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 12.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

linux-ti-omap4
– Linux kernel for OMAP4

Details

A flaw was discovered in the automatic loading of modules in the crypto
subsystem of the Linux kernel. A local user could exploit this flaw to load
installed kernel modules, increasing the attack surface and potentially
using this to gain administrative privileges. (CVE-2013-7421)

Andy Lutomirski discovered a flaw in how the Linux kernel handles
pivot_root when used with a chroot directory. A local user could exploit
this flaw to cause a denial of service (mount-tree loop). (CVE-2014-7970)

A flaw was discovered in the crypto subsystem when screening module names
for automatic module loading if the name contained a valid crypto module
name, eg. vfat(aes). A local user could exploit this flaw to load installed
kernel modules, increasing the attack surface and potentially using this to
gain administrative privileges. (CVE-2014-9644)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:: linux-image-3.2.0-1460-omap4

3.2.0-1460.80

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

Ubuntu

USN-2513-1: Linux kernel vulnerabilities

February 26, 2015 007admin

Ubuntu Security Notice USN-2513-1

26th February, 2015

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 12.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

linux
– Linux kernel

Details

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:: linux-image-3.2.0-77-omap

3.2.0-77.112; linux-image-3.2.0-77-powerpc64-smp

3.2.0-77.112; linux-image-3.2.0-77-highbank

3.2.0-77.112; linux-image-3.2.0-77-powerpc-smp

3.2.0-77.112; linux-image-3.2.0-77-generic

3.2.0-77.112; linux-image-3.2.0-77-virtual

3.2.0-77.112; linux-image-3.2.0-77-generic-pae

3.2.0-77.112

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

Ubuntu Security Notice USN-2516-2

linux vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2519-1

eglibc, glibc vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2520-1

cups vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2512-1

linux-ec2 vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2511-1

linux vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2505-1

firefox vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2516-1

linux vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2515-1

linux-lts-trusty vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2514-1

linux-ti-omap4 vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2513-1

linux vulnerabilities

Summary

Software description

Details

Update instructions

References

Software and Security Information