Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
172
security advisorydenial of servicekernelUbuntu 16.04 LTS, USN-4419-1 Critical: Linux Kernel Denial of Service Risks
Several security issues were fixed in the Linux kernel.. =========================================================================Ubuntu Security Notice USN-4419-1 July 06, 2020 linux, linux-lts-xenial, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 ESM Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi (V7) systems - linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Details: It was discovered that a race condition existed in the Precision Time Protocol (PTP) implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-10690) Matthew Sheets discovered that the SELinux network label handling implementation in the Linux kernel could be coerced into de-referencing a NULL pointer. A remote attacker could use this to cause a denial of service (system crash). (CVE-2020-10711) It was discovered that the SCSI generic (sg) driver in the Linux kernel did not properly handle certain error conditions correctly. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2020-12770) It was discovered that the USB Gadget device driver in the Linux kernel did not validate arguments passed from configfs in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-13143) Shijie Luo discovered that the ext4 file system implementation in theLinux kernel did not properly check for a too-large journal size. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (soft lockup). (CVE-2020-8992) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: linux-image-4.4.0-1076-kvm 4.4.0-1076.83 linux-image-4.4.0-1110-aws 4.4.0-1110.121 linux-image-4.4.0-1135-raspi2 4.4.0-1135.144 linux-image-4.4.0-1139-snapdragon 4.4.0-1139.147 linux-image-4.4.0-185-generic 4.4.0-185.215 linux-image-4.4.0-185-generic-lpae 4.4.0-185.215 linux-image-4.4.0-185-lowlatency 4.4.0-185.215 linux-image-4.4.0-185-powerpc-e500mc 4.4.0-185.215 linux-image-4.4.0-185-powerpc-smp 4.4.0-185.215 linux-image-4.4.0-185-powerpc64-emb 4.4.0-185.215 linux-image-4.4.0-185-powerpc64-smp 4.4.0-185.215 linux-image-aws 4.4.0.1110.114 linux-image-generic 4.4.0.185.191 linux-image-generic-lpae 4.4.0.185.191 linux-image-kvm 4.4.0.1076.74 linux-image-lowlatency 4.4.0.185.191 linux-image-powerpc-e500mc 4.4.0.185.191 linux-image-powerpc-smp 4.4.0.185.191 linux-image-powerpc64-emb 4.4.0.185.191 linux-image-powerpc64-smp 4.4.0.185.191 linux-image-raspi2 4.4.0.1135.135 linux-image-snapdragon 4.4.0.1139.131 linux-image-virtual 4.4.0.185.191 Ubuntu 14.04 ESM: linux-image-4.4.0-1074-aws 4.4.0-1074.78 linux-image-4.4.0-185-generic 4.4.0-185.215~14.04.1 linux-image-4.4.0-185-generic-lpae 4.4.0-185.215~14.04.1 linux-image-4.4.0-185-lowlatency 4.4.0-185.215~14.04.1 linux-image-4.4.0-185-powerpc-e500mc 4.4.0-185.215~14.04.1 linux-image-4.4.0-185-powerpc-smp 4.4.0-185.215~14.04.1 linux-image-4.4.0-185-powerpc64-emb 4.4.0-185.215~14.04.1 linux-image-4.4.0-185-powerpc64-smp 4.4.0-185.215~14.04.1 linux-image-aws 4.4.0.1074.71 linux-image-generic-lpae-lts-xenial 4.4.0.185.162 linux-image-generic-lts-xenial 4.4.0.185.162 linux-image-lowlatency-lts-xenial 4.4.0.185.162 linux-image-powerpc-e500mc-lts-xenial 4.4.0.185.162 linux-image-powerpc-smp-lts-xenial 4.4.0.185.162 linux-image-powerpc64-emb-lts-xenial 4.4.0.185.162 linux-image-powerpc64-smp-lts-xenial 4.4.0.185.162 linux-image-virtual-lts-xenial 4.4.0.185.162 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-4419-1 CVE-2020-10690, CVE-2020-10711, CVE-2020-12770, CVE-2020-13143, CVE-2020-8992 Package Information: https://launchpad.net/ubuntu/+source/linux/4.4.0-185.215 https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1110.121 https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1076.83 https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1135.144 https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1139.147 . Critical vulnerabilities have been resolved in the Linux kernel that influence various Ubuntu versions. Stay updated on these patches and their consequences.. Linux Kernel Issues, Ubuntu Security Updates, System Crash Risks, Security Enhancements, Denial of Service Risks. . Severity: Critical. LinuxSecurity.com Team
Jul 06, 2020
•Critical
Ubuntu
172
security advisorydenial of servicecriticalUbuntu 10.10 USN-1243-1 Critical: Kernel Denial of Service Threats
Several security issues were fixed in the kernel.. =========================================================================Ubuntu Security Notice USN-1243-1 October 25, 2011 linux vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.10 Summary: Several security issues were fixed in the kernel. Software Description: - linux: Linux kernel Details: It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1479) Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494) Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495) It was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695) Christian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges. (CVE-2011-2905) Vasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-2909) Dan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188) Yogesh Sharma discovered that CIFS did not correctly handle UNCsthat had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-3363) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.10: linux-image-2.6.35-30-generic 2.6.35-30.61 linux-image-2.6.35-30-generic-pae 2.6.35-30.61 linux-image-2.6.35-30-omap 2.6.35-30.61 linux-image-2.6.35-30-powerpc 2.6.35-30.61 linux-image-2.6.35-30-powerpc-smp 2.6.35-30.61 linux-image-2.6.35-30-powerpc64-smp 2.6.35-30.61 linux-image-2.6.35-30-server 2.6.35-30.61 linux-image-2.6.35-30-versatile 2.6.35-30.61 linux-image-2.6.35-30-virtual 2.6.35-30.61 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1243-1 CVE-2011-1479, CVE-2011-2494, CVE-2011-2495, CVE-2011-2695, CVE-2011-2905, CVE-2011-2909, CVE-2011-3188, CVE-2011-3363 Package Information: https://launchpad.net/ubuntu/+source/linux/2.6.35-30.61 . Serious security flaws have been patched in the kernel affecting Ubuntu 10.10. Ensure you update your system to safeguard against potential threats.. Kernel Security, Ubuntu Exploit, System Update. . Severity: Critical. LinuxSecurity.com Team
Oct 25, 2011
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!