==========================================================================
Ubuntu Security Notice USN-2597-1
May 05, 2015
linux-lts-trusty vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 12.04 LTS
Summary:
The system could be made to run programs as an administrator.
Software Description:
– linux-lts-trusty: Linux hardware enablement kernel from Trusty
Details:
A race condition between chown() and execve() was discovered in the Linux
kernel. A local attacker could exploit this race by using chown on a
setuid-user-binary to gain administrative privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
linux-image-3.13.0-52-generic 3.13.0-52.85~precise1
linux-image-3.13.0-52-generic-lpae 3.13.0-52.85~precise1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-2597-1
CVE-2015-3339
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-52.85~precise1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJVSUdlAAoJEAUvNnAY1cPYwLAP/jhjBp12fN0r2IxISavPjiCL
Oz5nOTG51cAAHgjIBtjQBjBt9LrUpS7YuP97fJePxGTuIT2usMog5lApMbxa6vwA
196atL+7odwl79X4Q0r5PJiNHLrj2EYKJMH0ODQs9eNauOtZT1OMUJ8T3kad9xjh
FPImrGgcugkOoIJOGxkcOgVV33unics3g1TdZGzv3QMfHIxaHUSR1hOhdS412oWf
+vNgEBjjaRORrzP6Q9tgw+7yLaR0oVR3UqJKIe/XitYm7UhC7h1lloidGQ0rKHq5
H7g7dG4Pr7Xpwfn7/GQBLvAu6sHpCykgTJrGPTQRt5xGIULa8NNTLnxNadibl8NX
giAxNjfhQtpnELxDr5oqNoaMAPkw4zGW7XXnyT5OrfbXs2YV7lZMDjnW66JM53Vo
WLpvIrPPFEMR6rV9r4aSVAK7eZYeuT5ZCAxmiVjspc2uNaAibtW38MEYrlJ75Ukk
7UV0bS2kAmpadsKk9XqjrtXGnI3LPdtnV91rROqqS3CPWheFauqThi540XzfYobq
VD2r5kf/O2Wmzpc3iQvo4p+TRoyOVvsXHS644AHfv1KwFTzUM5Ik8p2wFJW/fMwY
lvj4/83ZmlA/6GZXLReHymo0Tb20VyiPmPyOloyJ5TvhOOdbW/6FvBUL5dI29wNo
Vd2xcTWSQjetHFL4bpXc
=cRWF
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-2601-1
May 05, 2015
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 15.04
Summary:
The system could be made to run programs as an administrator.
Software Description:
– linux: Linux kernel
Details:
A race condition between chown() and execve() was discovered in the Linux
kernel. A local attacker could exploit this race by using chown on a
setuid-user-binary to gain administrative privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.04:
linux-image-3.19.0-16-generic 3.19.0-16.16
linux-image-3.19.0-16-generic-lpae 3.19.0-16.16
linux-image-3.19.0-16-lowlatency 3.19.0-16.16
linux-image-3.19.0-16-powerpc-e500mc 3.19.0-16.16
linux-image-3.19.0-16-powerpc-smp 3.19.0-16.16
linux-image-3.19.0-16-powerpc64-emb 3.19.0-16.16
linux-image-3.19.0-16-powerpc64-smp 3.19.0-16.16
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-2601-1
CVE-2015-3339
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.19.0-16.16
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJVSUfeAAoJEAUvNnAY1cPYwpEQAIt+EZ6sJc6HuI3/oRp4easY
vR0c7OCvf3vBJ3C76OxZmTOptpKHzgzbhlYNRnxqk3H606nl+JEE181HBVajMIVT
mBxG8BaDzxfFXj7+0MgmRv1A3uirlGKNE8f/mz3EBDsS4q634UMjzq1sRJDi99ce
ZYQ5Bi7mP+amufaAWUJD2NCCZMONAJDoNldwdlbYFz0afJDisFucpYZ+hPHZb9c3
Qhk3Bc4zouvZQALn3bqgu429bCTKIzkmc1UAHCd96Aevfgm/omBtsti+AbXewVnA
IRcMk6CYnSsgBzzZsabkff5aIefARYzTRwlG76bRaY8eT9472uivR9n8CcL16w3z
7iHLPjr9dj8jNYXmDuDZG1hbrwFsnt9kBnnGHVCa14KuqSRHv9CVoT6wWxhQZ/T6
XVSEFJRSpfJ+L0fMBhHJJqtTyYnrqFcj4fg1y4U8cOEdkRpRDJhxk91byXdCgy2m
3bvLHSVPMjE8ssPH8GH9NtBp5p2cII+8qAMevmCjC3VpgywUcK8mt7BrjD/UdScE
wHwcr3jZ8zb+BRSAErgZDLr4J4tt6LbhQPT1ouO/DWezLT2jF7BRnhEuKIHm7A0+
cfRX2OPKN/NSQvysVc+VoC8HiFgNHdAyp33Ypubb/YYmhUqMRyRvchPL0ASJ7LIM
2nLw4Vk1hWM9ee4M8CWw
=CruN
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-2600-1
May 05, 2015
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.10
Summary:
The system could be made to run programs as an administrator.
Software Description:
– linux: Linux kernel
Details:
A race condition between chown() and execve() was discovered in the Linux
kernel. A local attacker could exploit this race by using chown on a
setuid-user-binary to gain administrative privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.10:
linux-image-3.16.0-37-generic 3.16.0-37.49
linux-image-3.16.0-37-generic-lpae 3.16.0-37.49
linux-image-3.16.0-37-lowlatency 3.16.0-37.49
linux-image-3.16.0-37-powerpc-e500mc 3.16.0-37.49
linux-image-3.16.0-37-powerpc-smp 3.16.0-37.49
linux-image-3.16.0-37-powerpc64-emb 3.16.0-37.49
linux-image-3.16.0-37-powerpc64-smp 3.16.0-37.49
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-2600-1
CVE-2015-3339
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.16.0-37.49
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJVSUe+AAoJEAUvNnAY1cPY1HMP/iauN2MtYyfmBEVWmikYpHHX
M4ijNyN54hiTfJ1/wds70xVUsOneTvgphvVZQn4QntntNiRY5aeC/idlXNgFsuvF
5np98QEjLx0PYvrYcEbNPLUnVGzjwoU1voeBTBa4G4CxMXfLazBNv6wIC2Z+KgY9
IRIAr/NcAGq7EAxTQRbCPrGXTbH5O2Mjr6il+djA/9/dzj1f/1g2q5++Z0ub1UBL
eKUlIAkpcu/ehOLjR+7ca3L1IM0vyDdpt7Cc/GBOmmx7ABJLFGihZTJz6FDqtF2c
yu+Jfoe88WjOTUEIG6/qghEMAIi0DhfBfSuMmAwBg3cH+y6pgHYSU3fejUVLdKiu
Rs2ZQptzKGaej2EAnz2m+LLQbq+OCGYtmd9/NzirZ3PHS8w42WZYXhnJZ5RnlUIu
s3j4nO28XFMqkq2c8jFHfPfup99mf5NUklnIpYUO6XzlXIK99d/XjCREP/FNE93M
V1PFLU819UlfLAWzFhbuoHCP8CILwmh7hCNlSgSGGLUSYA3LuZH/s4sEiLDdwASd
3uzQceiIjX/PNRvnRGstNt93tHSxEDJheloqujmK99LUX9GNqqwCmveMRZPvdIP6
sqBGVGYF+sF5ptZ2BAj3/71YS3uvmmytg7nOZ4wdZkN01fpHwLZt7aaEIt/lM0t8
1uoZYGz3X8moRstjzalZ
=usF5
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-2599-1
May 05, 2015
linux-lts-utopic vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
Summary:
The system could be made to run programs as an administrator.
Software Description:
– linux-lts-utopic: Linux hardware enablement kernel from Utopic
Details:
A race condition between chown() and execve() was discovered in the Linux
kernel. A local attacker could exploit this race by using chown on a
setuid-user-binary to gain administrative privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-3.16.0-37-generic 3.16.0-37.49~14.04.1
linux-image-3.16.0-37-generic-lpae 3.16.0-37.49~14.04.1
linux-image-3.16.0-37-lowlatency 3.16.0-37.49~14.04.1
linux-image-3.16.0-37-powerpc-e500mc 3.16.0-37.49~14.04.1
linux-image-3.16.0-37-powerpc-smp 3.16.0-37.49~14.04.1
linux-image-3.16.0-37-powerpc64-emb 3.16.0-37.49~14.04.1
linux-image-3.16.0-37-powerpc64-smp 3.16.0-37.49~14.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-2599-1
CVE-2015-3339
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-utopic/3.16.0-37.49~14.04.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJVSUehAAoJEAUvNnAY1cPYYHoP/09NYcH6iz3fTvIDXzvx5I8K
GT+4ym9YKHY6XE/rX/qs9WNrpZHacCpEKnY8B9ibbNtHIlSKQwKVUzb1ToHHCMR1
tjcNplPzd589FIGbjClMNBwYhogSIfR/t9eIbuUviCivljcAhBK7we8qfH5wDboD
rhNM5iZUxVEyMao0DwYGeCQudTAgWRUQ1HqgIrjfndobuU8kQQFEPd9bgI7+qV6m
QPs7EVpUYmLE8oJn+B2V963HPYfcHXw70y/2X8G4reqcxLSeJAyWtODTjI19ZM/t
yMc6pFkr2ogQzz3dzL8iqIr0VfRZzj7ztkoVevvV7u4/c6NqRwJ37rOutb+RHnAR
dXEwPBP7IiFEoAmdSK/yXt0Z5J3bVFqJPsQR5hO0rjJVsbbS2gR4udeCTyKingva
OzZrkI0QF25EuHm6S83hf/h6Kso/7yhrccZhLzYjRKbxZizAmt1lX11H6ei1hmUt
DWHuwTMxvLDT7KWbl6WxP/jxSaZfwpWCWDUKVoSqoNwJpGGyIorKCZ+mqwtWqIDF
c+4fiVbRL9sXb1dXqefOMkzZN58yGjfxRdP1F5vi9iuqr/AVK85wSIcGcqckn65J
ikcMPTCILOmqkybBMdQG8/tH6NYKtNQfYGFQqjdTJE/nafJwc/fYrXnXDfygiO9U
A4vB8Dd0+yI7zWdudTov
=lIOA
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-2596-1
May 05, 2015
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 12.04 LTS
Summary:
The system could be made to run programs as an administrator.
Software Description:
– linux: Linux kernel
Details:
A race condition between chown() and execve() was discovered in the Linux
kernel. A local attacker could exploit this race by using chown on a
setuid-user-binary to gain administrative privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
linux-image-3.2.0-83-generic 3.2.0-83.120
linux-image-3.2.0-83-generic-pae 3.2.0-83.120
linux-image-3.2.0-83-highbank 3.2.0-83.120
linux-image-3.2.0-83-omap 3.2.0-83.120
linux-image-3.2.0-83-powerpc-smp 3.2.0-83.120
linux-image-3.2.0-83-powerpc64-smp 3.2.0-83.120
linux-image-3.2.0-83-virtual 3.2.0-83.120
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-2596-1
CVE-2015-3339
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.2.0-83.120
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJVSUdEAAoJEAUvNnAY1cPYL8UQAJceZKQ5E7slvUXLVvIKrj2I
H/4r4xbJ/MH7y7hF67iRBMdR+lhpJWilJWDC1sZ/hOse05og32wSgsniV7Gfmyn1
r+yrKj9IPQ9MVG8g67vBFewcs1LruyFcajJOxbhYLAvUcDvLlaxjHBz/ASW/6vPy
8MDCeUZOJT5wpFfG/EeDJC9nqUwC9vA5sz0bwW4vV59oP1FZxbFHMGYWmM5v/yoM
o7seNSW9bARhoqWZkk/GYpVeRlIz73nvOu7jtG+qfuegn6blS010R5c3VIsDNXAQ
0UMfjlHIqvJWWxY9P6uZV6YVh+bWY+YFTcInVz3V4H0nBl8IaFiSmjiLUHudV3yD
CT5eDmvAgiCz2W8o1mxIgdGTHhSb9vXERqvxUukNki6j0N2IUsOJpPEAkTIumQ/J
IB1X3j4gu1jRsj8qaUI6lDiVjDYOGYk06p1YUVokwssYC9wtWiUW+PI8a986jxYG
fD8e0orBeDTMpCaoaNcEVeZ5Q7rk8adOrXuLPRHH17WrN1PT3gQhRVvQzmHiiSvl
rHNODVEb99+12FY7+QjF6dNaCSKJPKxD7EcBWQbeo+E0D39kIzYitEKzd89WCNwt
4lhUvQ82wU94YiDvd+CGX+5tvuFv37IsosRMNHtn+2e4b5Pe5ce2cj8iUSSigFtc
E/vzG9UA72d+cKwg2XV1
=at4x
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-2598-1
May 05, 2015
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
Summary:
The system could be made to run programs as an administrator.
Software Description:
– linux: Linux kernel
Details:
A race condition between chown() and execve() was discovered in the Linux
kernel. A local attacker could exploit this race by using chown on a
setuid-user-binary to gain administrative privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-3.13.0-52-generic 3.13.0-52.85
linux-image-3.13.0-52-generic-lpae 3.13.0-52.85
linux-image-3.13.0-52-lowlatency 3.13.0-52.85
linux-image-3.13.0-52-powerpc-e500 3.13.0-52.85
linux-image-3.13.0-52-powerpc-e500mc 3.13.0-52.85
linux-image-3.13.0-52-powerpc-smp 3.13.0-52.85
linux-image-3.13.0-52-powerpc64-emb 3.13.0-52.85
linux-image-3.13.0-52-powerpc64-smp 3.13.0-52.85
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-2598-1
CVE-2015-3339
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-52.85
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJVSUeEAAoJEAUvNnAY1cPYxKgQAL7TMq9QeExw+ScNbrhWL19f
WWBCr86GMxjH/PwfRocwbdKj4zcDRTSZ233jikREJKQEgMMUYuow5sobhzA8a2+M
LAPoCnZ/nw8U4PBn5OTRYurbhmh4FxVtSLn9Fgs4CCdkUkwOue7isCbU3uLBDSCK
dbVv5pDX+7giolvM3+y5a/zBni1hXDfUj4gAQkVNvTbN0WTayu5Nt6Kh4hSHQneo
zIEmhdzV4Fl/XFBKHdWEcDgC3bT0KynnwtuhmDvGtbOqy0KkDzTfKWyG5BwsEzNz
minIB7lgyjcLJUD14bJByi5ZeySTir0BATSwz2wKhnXaXlmNzxyRfGwCgaa05D2H
H2FMA6heSu3CkZvUOc1+ilwo8+uI3JtOgAv02w0KsyqzmN8nVPQOls/9faolX/fJ
Ml5j39ACz0I5deyxAPTlcZsUiMPnmAtzUf2F7mmo7sE2HJ/CFa0wJS6p8idyluAV
MrMyry3Vrs/iGxzpZIZQVVRUu6SLf4cZW/4QU84lcUfraDOxmrgCTFxRiNg7qA0+
iIzk5+j6NsytIsYzPb95MV6F/tFkqRhe7GoqT23rAiVK62gf+83ZpUOeldFysYBA
0uOkqzQ6CyYMz47/ha3e9kBEgd2Vx1y+qzBFBJaRHaOublCbDX1WonSIxWxMzf4d
+xb6tIp10lBGeiTWozLX
=GONH
—–END PGP SIGNATURE—–
—
7e