Ubuntu Security Notice USN-2611-1

20th May, 2015

linux vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 12.04 LTS

Summary

The system could be made to crash if it received specially crafted
network traffic.

Software description

• linux
  – Linux kernel

Details

Vincent Tondellier discovered an integer overflow in the Linux kernel’s
netfilter connection tracking accounting of loaded extensions. An attacker
on the local area network (LAN) could potential exploit this flaw to cause
a denial of service (system crash of targeted system).

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:

linux-image-3.2.0-84-omap

3.2.0-84.121

linux-image-3.2.0-84-generic

3.2.0-84.121

linux-image-3.2.0-84-powerpc-smp

3.2.0-84.121

linux-image-3.2.0-84-powerpc64-smp

3.2.0-84.121

linux-image-3.2.0-84-virtual

3.2.0-84.121

linux-image-3.2.0-84-generic-pae

3.2.0-84.121

linux-image-3.2.0-84-highbank

3.2.0-84.121

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2014-9715

Ubuntu Security Notice USN-2612-1

20th May, 2015

linux-ti-omap4 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 12.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

• linux-ti-omap4
  – Linux kernel for OMAP4

Details

A race condition between chown() and execve() was discovered in the Linux
kernel. A local attacker could exploit this race by using chown on a
setuid-user-binary to gain administrative privileges. (CVE-2015-3339)

Vincent Tondellier discovered an integer overflow in the Linux kernel’s
netfilter connection tracking accounting of loaded extensions. An attacker
on the local area network (LAN) could potential exploit this flaw to cause
a denial of service (system crash of targeted system). (CVE-2014-9715)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:

linux-image-3.2.0-1464-omap4

3.2.0-1464.84

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2014-9715,

CVE-2015-3339

Ubuntu Security Notice USN-2613-1

20th May, 2015

linux-lts-trusty vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 12.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

• linux-lts-trusty
  – Linux hardware enablement kernel from Trusty

Details

Vincent Tondellier discovered an integer overflow in the Linux kernel’s
netfilter connection tracking accounting of loaded extensions. An attacker
on the local area network (LAN) could potential exploit this flaw to cause
a denial of service (system crash of targeted system). (CVE-2014-9715)

Jan Beulich discovered the Xen virtual machine subsystem of the Linux
kernel did not properly restrict access to PCI command registers. A local
guest user could exploit this flaw to cause a denial of service (host
crash). (CVE-2015-2150)

A privilege escalation was discovered in the fork syscal vi the int80 entry
on 64 bit kernels with 32 bit emulation support. An unprivileged local
attacker could exploit this flaw to increase their privileges on the
system. (CVE-2015-2830)

A memory corruption issue was discovered in AES decryption when using the
Intel AES-NI accelerated code path. A remote attacker could exploit this
flaw to cause a denial of service (system crash) or potentially escalate
privileges on Intel base machines with AEC-GCM mode IPSec security
association. (CVE-2015-3331)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:

linux-image-3.13.0-53-generic-lpae

3.13.0-53.87~precise1

linux-image-3.13.0-53-generic

3.13.0-53.87~precise1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2014-9715,

CVE-2015-2150,

CVE-2015-2830,

CVE-2015-3331

Ubuntu Security Notice USN-2614-1

20th May, 2015

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

• linux
  – Linux kernel

Details

Vincent Tondellier discovered an integer overflow in the Linux kernel’s
netfilter connection tracking accounting of loaded extensions. An attacker
on the local area network (LAN) could potential exploit this flaw to cause
a denial of service (system crash of targeted system). (CVE-2014-9715)

Jan Beulich discovered the Xen virtual machine subsystem of the Linux
kernel did not properly restrict access to PCI command registers. A local
guest user could exploit this flaw to cause a denial of service (host
crash). (CVE-2015-2150)

A privilege escalation was discovered in the fork syscal vi the int80 entry
on 64 bit kernels with 32 bit emulation support. An unprivileged local
attacker could exploit this flaw to increase their privileges on the
system. (CVE-2015-2830)

A memory corruption issue was discovered in AES decryption when using the
Intel AES-NI accelerated code path. A remote attacker could exploit this
flaw to cause a denial of service (system crash) or potentially escalate
privileges on Intel base machines with AEC-GCM mode IPSec security
association. (CVE-2015-3331)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:

linux-image-3.13.0-53-generic-lpae

3.13.0-53.88

linux-image-3.13.0-53-powerpc64-emb

3.13.0-53.88

linux-image-3.13.0-53-powerpc-smp

3.13.0-53.88

linux-image-3.13.0-53-lowlatency

3.13.0-53.88

linux-image-3.13.0-53-powerpc-e500

3.13.0-53.88

linux-image-3.13.0-53-generic

3.13.0-53.88

linux-image-3.13.0-53-powerpc-e500mc

3.13.0-53.88

linux-image-3.13.0-53-powerpc64-smp

3.13.0-53.88

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2014-9715,

CVE-2015-2150,

CVE-2015-2830,

CVE-2015-3331

Ubuntu Security Notice USN-2615-1

20th May, 2015

linux-lts-utopic vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

• linux-lts-utopic
  – Linux hardware enablement kernel from Utopic

Details

Alexandre Oliva reported a race condition flaw in the btrfs file system’s
handling of extended attributes (xattrs). A local attacker could exploit
this flaw to bypass ACLs and potentially escalate privileges.
(CVE-2014-9710)

A memory corruption issue was discovered in AES decryption when using the
Intel AES-NI accelerated code path. A remote attacker could exploit this
flaw to cause a denial of service (system crash) or potentially escalate
privileges on Intel base machines with AEC-GCM mode IPSec security
association. (CVE-2015-3331)

A flaw was discovered in the Linux kernel’s IPv4 networking when using TCP
fast open to initiate a connection. An unprivileged local user could
exploit this flaw to cause a denial of service (system crash).
(CVE-2015-3332)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:

linux-image-3.16.0-38-powerpc64-emb

3.16.0-38.52~14.04.1

linux-image-3.16.0-38-powerpc64-smp

3.16.0-38.52~14.04.1

linux-image-3.16.0-38-generic

3.16.0-38.52~14.04.1

linux-image-3.16.0-38-powerpc-smp

3.16.0-38.52~14.04.1

linux-image-3.16.0-38-generic-lpae

3.16.0-38.52~14.04.1

linux-image-3.16.0-38-powerpc-e500mc

3.16.0-38.52~14.04.1

linux-image-3.16.0-38-lowlatency

3.16.0-38.52~14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2014-9710,

CVE-2015-3331,

CVE-2015-3332

Ubuntu Security Notice USN-2616-1

20th May, 2015

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 14.10

Summary

Several security issues were fixed in the kernel.

Software description

• linux
  – Linux kernel

Details

Alexandre Oliva reported a race condition flaw in the btrfs file system’s
handling of extended attributes (xattrs). A local attacker could exploit
this flaw to bypass ACLs and potentially escalate privileges.
(CVE-2014-9710)

A memory corruption issue was discovered in AES decryption when using the
Intel AES-NI accelerated code path. A remote attacker could exploit this
flaw to cause a denial of service (system crash) or potentially escalate
privileges on Intel base machines with AEC-GCM mode IPSec security
association. (CVE-2015-3331)

A flaw was discovered in the Linux kernel’s IPv4 networking when using TCP
fast open to initiate a connection. An unprivileged local user could
exploit this flaw to cause a denial of service (system crash).
(CVE-2015-3332)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:

linux-image-3.16.0-38-powerpc64-emb

3.16.0-38.52

linux-image-3.16.0-38-powerpc64-smp

3.16.0-38.52

linux-image-3.16.0-38-generic

3.16.0-38.52

linux-image-3.16.0-38-powerpc-smp

3.16.0-38.52

linux-image-3.16.0-38-generic-lpae

3.16.0-38.52

linux-image-3.16.0-38-powerpc-e500mc

3.16.0-38.52

linux-image-3.16.0-38-lowlatency

3.16.0-38.52

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2014-9710,

CVE-2015-3331,

CVE-2015-3332