Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
172
security advisorydenial of servicekernelUbuntu 14.04 LTS USN-2848-1 Critical: Kernel Double Fetch Issues
Several security issues were fixed in the kernel.. =========================================================================Ubuntu Security Notice USN-2848-1 December 19, 2015 linux vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Several security issues were fixed in the kernel. Software Description: - linux: Linux kernel Details: Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. (CVE-2015-8550) Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device's state. An attacker could exploit this flaw to cause a denial of service (NULL dereference) on the host. (CVE-2015-8551) Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device's state. An attacker could exploit this flaw to cause a denial of service by flooding the logging system with WARN() messages causing the initial domain to exhaust disk space. (CVE-2015-8552) Jann Horn discovered a ptrace issue with user namespaces in the Linux kernel. The namespace owner could potentially exploit this flaw by ptracing a root owned process entering the user namespace to elevate its privileges and potentially gain access outside of the namespace. (https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1527374) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: linux-image-3.13.0-74-generic 3.13.0-74.118 linux-image-3.13.0-74-generic-lpae 3.13.0-74.118 linux-image-3.13.0-74-lowlatency 3.13.0-74.118 linux-image-3.13.0-74-powerpc-e500 3.13.0-74.118 linux-image-3.13.0-74-powerpc-e500mc 3.13.0-74.118 linux-image-3.13.0-74-powerpc-smp 3.13.0-74.118 linux-image-3.13.0-74-powerpc64-emb 3.13.0-74.118 linux-image-3.13.0-74-powerpc64-smp 3.13.0-74.118 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-2848-1 CVE-2015-8550, CVE-2015-8551, CVE-2015-8552, https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1527374 Package Information: https://launchpad.net/ubuntu/+source/linux/3.13.0-74.118 . Explore essential enhancements for Ubuntu 14.04 LTS focusing on vital kernel vulnerabilities and possible security threats.. Linux Kernel Security, Ubuntu 14.04, Kernel Exploits. . Severity: Critical. LinuxSecurity.com Team
Dec 20, 2015
•Critical
Ubuntu
172
security advisorydenial of servicecritical issueUbuntu 14.04 LTS USN-2664-1 Critical: Multiple Kernel Threats
Several security issues were fixed in the kernel.. =========================================================================Ubuntu Security Notice USN-2664-1 July 07, 2015 linux-lts-utopic vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Several security issues were fixed in the kernel. Software Description: - linux-lts-utopic: Linux hardware enablement kernel from Utopic Details: A race condition was discovered in the Linux kernel's file_handle size verification. A local user could exploit this flaw to read potentially sensative memory locations. (CVE-2015-1420) A underflow error was discovered in the Linux kernel's Ozmo Devices USB over WiFi host controller driver. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially execute arbitrary code via a specially crafted packet. (CVE-2015-4001) A bounds check error was discovered in the Linux kernel's Ozmo Devices USB over WiFi host controller driver. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially execute arbitrary code via a specially crafted packet. (CVE-2015-4002) A division by zero error was discovered in the Linux kernel's Ozmo Devices USB over WiFi host controller driver. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4003) Carl H Lunde discovered missing sanity checks in the the Linux kernel's UDF file system (CONFIG_UDF_FS). A local attacker could exploit this flaw to cause a denial of service (system crash) by using a corrupted file system image. (CVE-2015-4167) Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filter JIT optimization. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4700) Update instructions: The problem can be corrected byupdating your system to the following package versions: Ubuntu 14.04 LTS: linux-image-3.16.0-43-generic 3.16.0-43.58~14.04.1 linux-image-3.16.0-43-generic-lpae 3.16.0-43.58~14.04.1 linux-image-3.16.0-43-lowlatency 3.16.0-43.58~14.04.1 linux-image-3.16.0-43-powerpc-e500mc 3.16.0-43.58~14.04.1 linux-image-3.16.0-43-powerpc-smp 3.16.0-43.58~14.04.1 linux-image-3.16.0-43-powerpc64-emb 3.16.0-43.58~14.04.1 linux-image-3.16.0-43-powerpc64-smp 3.16.0-43.58~14.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-2664-1 CVE-2015-1420, CVE-2015-4001, CVE-2015-4002, CVE-2015-4003, CVE-2015-4167, CVE-2015-4700 Package Information: https://launchpad.net/ubuntu/+source/linux-lts-utopic/3.16.0-43.58~14.04.1 . Investigate Ubuntu 14.04 LTS patches addressing kernel vulnerabilities that impact both system integrity and security protocols. Prioritize safety!. Ubuntu Kernel Security, Denial of Service Exploits, System Stability, Kernel Issues. . Severity: Critical. LinuxSecurity.com Team
Jul 07, 2015
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!