Ubuntu

USN-2634-1: Linux kernel vulnerabilities

June 11, 2015 007admin

Ubuntu Security Notice USN-2634-1

10th June, 2015

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

linux
– Linux kernel

Details

Wen Xu discovered a use-after-free flaw in the Linux kernel’s ipv4 ping
support. A local user could exploit this flaw to cause a denial of service
(system crash) or gain administrative privileges on the system.
(CVE-2015-3636)

A memory corruption flaw was discovered in the Linux kernel’s scsi
subsystem. A local attacker could potentially exploit this flaw to cause a
denial of service (system crash). (CVE-2015-4036)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:: linux-image-3.13.0-54-generic-lpae

3.13.0-54.91; linux-image-3.13.0-54-powerpc-e500mc

3.13.0-54.91; linux-image-3.13.0-54-lowlatency

3.13.0-54.91; linux-image-3.13.0-54-powerpc-smp

3.13.0-54.91; linux-image-3.13.0-54-powerpc64-emb

3.13.0-54.91; linux-image-3.13.0-54-generic

3.13.0-54.91; linux-image-3.13.0-54-powerpc64-smp

3.13.0-54.91; linux-image-3.13.0-54-powerpc-e500

3.13.0-54.91

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2015-3636,

CVE-2015-4036

Ubuntu

USN-2635-1: Linux kernel (Utopic HWE) vulnerabilities

June 11, 2015 007admin

Ubuntu Security Notice USN-2635-1

10th June, 2015

linux-lts-utopic vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

linux-lts-utopic
– Linux hardware enablement kernel from Utopic

Details

Xiong Zhou discovered a bug in the way the EXT4 filesystem handles
fallocate zero range functionality when the page size is greater than the
block size. A local attacker could exploit this flaw to cause a denial of
service (system crash). (CVE-2015-0275)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:: linux-image-3.16.0-39-generic

3.16.0-39.53~14.04.1; linux-image-3.16.0-39-powerpc64-smp

3.16.0-39.53~14.04.1; linux-image-3.16.0-39-lowlatency

3.16.0-39.53~14.04.1; linux-image-3.16.0-39-powerpc-smp

3.16.0-39.53~14.04.1; linux-image-3.16.0-39-powerpc-e500mc

3.16.0-39.53~14.04.1; linux-image-3.16.0-39-generic-lpae

3.16.0-39.53~14.04.1; linux-image-3.16.0-39-powerpc64-emb

3.16.0-39.53~14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2015-0275,

CVE-2015-3636

Ubuntu

USN-2636-1: Linux kernel (Vivid HWE) vulnerabilities

June 11, 2015 007admin

Ubuntu Security Notice USN-2636-1

10th June, 2015

linux-lts-vivid vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

linux-lts-vivid
– Linux hardware enablement kernel from Vivid

Details

A memory corruption flaw was discovered in the Linux kernel’s scsi
subsystem. A local attacker could potentially exploit this flaw to cause a
denial of service (system crash). (CVE-2015-4036)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:: linux-image-3.19.0-20-powerpc-smp

3.19.0-20.20~14.04.1; linux-image-3.19.0-20-powerpc-e500mc

3.19.0-20.20~14.04.1; linux-image-3.19.0-20-generic-lpae

3.19.0-20.20~14.04.1; linux-image-3.19.0-20-generic

3.19.0-20.20~14.04.1; linux-image-3.19.0-20-powerpc64-smp

3.19.0-20.20~14.04.1; linux-image-3.19.0-20-lowlatency

3.19.0-20.20~14.04.1; linux-image-3.19.0-20-powerpc64-emb

3.19.0-20.20~14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2015-0275,

CVE-2015-3636,

CVE-2015-4036

Ubuntu

USN-2637-1: Linux kernel vulnerabilities

June 11, 2015 007admin

Ubuntu Security Notice USN-2637-1

10th June, 2015

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.10

Summary

Several security issues were fixed in the kernel.

Software description

linux
– Linux kernel

Details

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:: linux-image-3.16.0-39-generic

3.16.0-39.53; linux-image-3.16.0-39-powerpc64-smp

3.16.0-39.53; linux-image-3.16.0-39-lowlatency

3.16.0-39.53; linux-image-3.16.0-39-powerpc-smp

3.16.0-39.53; linux-image-3.16.0-39-powerpc-e500mc

3.16.0-39.53; linux-image-3.16.0-39-generic-lpae

3.16.0-39.53; linux-image-3.16.0-39-powerpc64-emb

3.16.0-39.53

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2015-0275,

CVE-2015-3636

Ubuntu

USN-2638-1: Linux kernel vulnerabilities

June 11, 2015 007admin

Ubuntu Security Notice USN-2638-1

10th June, 2015

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 15.04

Summary

Several security issues were fixed in the kernel.

Software description

linux
– Linux kernel

Details

A memory corruption flaw was discovered in the Linux kernel’s scsi
subsystem. A local attacker could potentially exploit this flaw to cause a
denial of service (system crash). (CVE-2015-4036)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:: linux-image-3.19.0-20-powerpc-smp

3.19.0-20.20; linux-image-3.19.0-20-powerpc-e500mc

3.19.0-20.20; linux-image-3.19.0-20-generic-lpae

3.19.0-20.20; linux-image-3.19.0-20-generic

3.19.0-20.20; linux-image-3.19.0-20-powerpc64-smp

3.19.0-20.20; linux-image-3.19.0-20-lowlatency

3.19.0-20.20; linux-image-3.19.0-20-powerpc64-emb

3.19.0-20.20

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2015-0275,

CVE-2015-3636,

CVE-2015-4036

Security

Projectsend r572 Cross Site Scripting

June 10, 2015 007admin

Projectsend r572 suffers from a cross site scripting vulnerability.

Security

Libmimedir VCF Memory Corruption Proof Of Concept

June 10, 2015 007admin

Libmimedir suffers from a memory corruption vulnerability. Adding two NULL bytes to the end of a VCF file allows a user to manipulate free() calls which occur during it’s lexer’s memory clean-up procedure. This could lead to exploitable conditions such as crafting a specific memory chunk to allow for arbitrary code execution.

Security

Heroku Session Validation Issue

June 10, 2015 007admin

An application-side re-auth session bypass vulnerability has been discovered in the official Heroku API and web-application service. The vulnerability allows an attacker to request unauthorized information without the second forced re-authentication module.

Security

WordPress Aviary Image Editor Add On For Gravity Forms 3.0 Beta Shell Upload

June 10, 2015 007admin

WordPress Aviary Image Editor Add On For Gravity Forms plugin version 3.0 beta suffers from a remote shell upload vulnerability.

Security

Pandora FMS 5.0 / 5.1 Authentication Bypass

June 10, 2015 007admin

Pandora FMS versions 5.0 and 5.1 suffer from an authentication bypass vulnerability.

Ubuntu Security Notice USN-2634-1

linux vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2635-1

linux-lts-utopic vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2636-1

linux-lts-vivid vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2637-1

linux vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2638-1

linux vulnerabilities

Summary

Software description

Details

Update instructions

References

Software and Security Information