==========================================================================
Ubuntu Security Notice USN-2713-1
August 18, 2015
linux vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
– linux: Linux kernel
Details:
Marcelo Ricardo Leitner discovered a race condition in the Linux kernel’s
SCTP address configuration lists when using Address Configuration Change
(ASCONF) options on a socket. An unprivileged local user could exploit this
flaw to cause a denial of service (system crash). (CVE-2015-3212)
A flaw was discovered in how the Linux kernel handles invalid UDP
checksums. A remote attacker could exploit this flaw to cause a denial of
service using a flood of UDP packets with invalid checksums.
(CVE-2015-5364)
A flaw was discovered in how the Linux kernel handles invalid UDP
checksums. A remote attacker can cause a denial of service against
applications that use epoll by injecting a single packet with an invalid
checksum. (CVE-2015-5366)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
linux-image-3.2.0-89-generic 3.2.0-89.127
linux-image-3.2.0-89-generic-pae 3.2.0-89.127
linux-image-3.2.0-89-highbank 3.2.0-89.127
linux-image-3.2.0-89-omap 3.2.0-89.127
linux-image-3.2.0-89-powerpc-smp 3.2.0-89.127
linux-image-3.2.0-89-powerpc64-smp 3.2.0-89.127
linux-image-3.2.0-89-virtual 3.2.0-89.127
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-2713-1
CVE-2015-3212, CVE-2015-5364, CVE-2015-5366
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.2.0-89.127
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJV0oTCAAoJEAUvNnAY1cPYTdcP/iCzA6FAHF2ldHn5+g7u6Z4b
05lUwBxkZ2r7MKO/4Q6KzHDoODmxOqOvMU+WLAwIbt57oH3CY3hiw0IBxNKI50gD
aoctCmVo+dy0gTO/OCiQmGW0EdDDIwxT4O6ph2gM5vyXGEWtz++FRLJFkHpfMDPG
zMyG0yj1qCaOJXbV4gW3W+WyNhJqYKD0SWo4brJkj5SEhBiip2bKoqiMas5TvY13
J1NU3qdlUJHwLL7srQiYkgD0yQcf20I/T52fyrseTnxQeuLYYW1RebTwuFhHMFaM
K+mkZpHIQkoF0uvuURzASxacUshVJyMK8MtdrVT2wl31wZdsf6iqeQsSxCRPuXLq
wKZaPb3fdFUYX486uFeGZo3Ib+QRxYeJJEKx4YIXDyDVrH3LHpWaTrV9Y2FkNsf7
5h+crKuo5dETUkWDjOhw5MwiqXZ+9StMv7VMf139j8TcvSLzJJDtnME+uO4QD54L
wVjatJNrM7re4FdVUab3ZGV5pKdfCt4mdtsDjpHINwT3DgeM5J252WOy9XDRNX/+
4PhZJyGlFw55Q5qH9J6umE5xLAnfaufRHJ0bHk37nu593qtTQtnwtwBvYZSR7CoJ
I7yjWp5g154ksLF+gwXAxoNXHmZGPWsVxfnor0vthsFUr8YTanQlg+zr+oO4oAxF
xbbYoWuj03CihQGOmSY9
=/Ph9
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-2715-1
August 18, 2015
linux-lts-trusty vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 12.04 LTS
Summary:
The system could be made to crash under certain conditions.
Software Description:
– linux-lts-trusty: Linux hardware enablement kernel from Trusty
Details:
Marcelo Ricardo Leitner discovered a race condition in the Linux kernel’s
SCTP address configuration lists when using Address Configuration Change
(ASCONF) options on a socket. An unprivileged local user could exploit this
flaw to cause a denial of service (system crash).
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
linux-image-3.13.0-62-generic 3.13.0-62.102~precise1
linux-image-3.13.0-62-generic-lpae 3.13.0-62.102~precise1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-2715-1
CVE-2015-3212
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-62.102~precise1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJV0oVNAAoJEAUvNnAY1cPYpcQP/2vjydMoQ54KM22th6LNozQK
h1dQenZVcW1TXCjLJgAbz/26/JzYF7ZwcU0oYgvJvQl+JNsD0oqAv5T0p/6w2BHX
Ddc1bRWXQlQ513mIJsDkQD5MwpUySaxcWFrAvx3frhayYahKbm86yFPEqo8xf/jO
SMZZBMZzytnfnqa+AEc8PdgzRUcILGp4APDUehGo4unN8LfBV5uv3uDmdFrqEOkQ
v118P8o3o5df1nG7ZM9zSe83mAla14sTXqxDZv75nlWHyXEfOtCrU6kP1TgHucrM
7bBWtMvQRI+INEiBpC7LYrhRRYbgAGn0SvMqU+5Z/pYwzt6h5ldccm4NG+rU4AWZ
QzBKO/HcIcN2D7v1oiWgVih1WYUGuek1Yfa+6CpVZ+yuTBpYBSjbTLfq+jm0jxRp
1KbfG7MBDboldsv1vx7+Fup3maQcP9ZlBzXGqhRd0O22foHSi5g594rZexDAx8NZ
QT0ouBE7WYtsVq1vsc24kOrC/JRLxVm7G3OsEUdpfT8AG0DvOI5S6IJtiuFQnQlZ
7BE+PiF0jtILufC3EheVESpa59xdzuYoEf6xNcDOH96esxJhjuX9NTcjex+o8BzN
aVIUJMnRCwTbvWAQ38rOCGB0VWbtDREw/LpAYF9zybA0z8aH9GMlnShkhqvYg5qE
m3155PtA1pq7Pv/4B1e7
=CzIP
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-2716-1
August 18, 2015
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
Summary:
The system could be made to crash under certain conditions.
Software Description:
– linux: Linux kernel
Details:
Marcelo Ricardo Leitner discovered a race condition in the Linux kernel’s
SCTP address configuration lists when using Address Configuration Change
(ASCONF) options on a socket. An unprivileged local user could exploit this
flaw to cause a denial of service (system crash).
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-3.13.0-62-generic 3.13.0-62.102
linux-image-3.13.0-62-generic-lpae 3.13.0-62.102
linux-image-3.13.0-62-lowlatency 3.13.0-62.102
linux-image-3.13.0-62-powerpc-e500 3.13.0-62.102
linux-image-3.13.0-62-powerpc-e500mc 3.13.0-62.102
linux-image-3.13.0-62-powerpc-smp 3.13.0-62.102
linux-image-3.13.0-62-powerpc64-emb 3.13.0-62.102
linux-image-3.13.0-62-powerpc64-smp 3.13.0-62.102
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-2716-1
CVE-2015-3212
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-62.102
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJV0oWAAAoJEAUvNnAY1cPYHQ0P/3zakaB7VW8uf+9bjJ7CQcPa
jec40tUtt2Yd2wFPboNSmcsViM/8JGAZkHVykMlRr6SUyfU3npa1vSAqwiE6GPSF
NTkEWwbsLSWEl24tcOpMkuZg4mapuDtt6PHqd7XW9gVkHSE3GV6TtCulEHJZCqG6
+N3ZO9f5r1iD9Lqj+pMD83EqhxhdgcHTfoJTFjlMsdU9s4k2cEX4zl4Xl3YAfZFv
qeDug7flHoj78nmuBph3DvgvJ4atxpLJMFPIPunM22YY0nzzE/aPznxxNNjhtFRS
sjwtMCJpzsXjB8Z2eGzeNZN0rL84deBTZbIs8OdpMlo/jIG+XgACsoo2rxO8soxO
Ws5Qz+aOK4W0xasyg1Efq4/9EDhAepDLuPAetyhS4Oymrndm+YfgtX0Hk8Vm8pVL
IjbFEDRtJVwqyzBpO3jd/ZYYK3NXZqUlXbL4OpN23y0I4/uig3E8D7PXPbv6FMk+
DuWlqRPSBBOCID3JPq4JGj75iMAP1FXp5bSWGiO8P1EABHkaqGgywRQA2DH+nLun
ZrvKDSoARaWJHlO3ke91LEUBr7TQ6e1dV3iLOZVq39p+4FkZ9lwSvn3fId076dvg
oIZv4aFPdhq4J0PWrpJCgG4C7CN+XZ/GyVo5sgXcxtM0E/aGNfRKIdriJrzdMzob
ZpDcISoI5r2IWaaz7HmG
=7ZeU
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-2717-1
August 18, 2015
linux-lts-utopic vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
Summary:
The system could be made to crash under certain conditions.
Software Description:
– linux-lts-utopic: Linux hardware enablement kernel from Utopic
Details:
Marcelo Ricardo Leitner discovered a race condition in the Linux kernel’s
SCTP address configuration lists when using Address Configuration Change
(ASCONF) options on a socket. An unprivileged local user could exploit this
flaw to cause a denial of service (system crash).
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-3.16.0-46-generic 3.16.0-46.62~14.04.1
linux-image-3.16.0-46-generic-lpae 3.16.0-46.62~14.04.1
linux-image-3.16.0-46-lowlatency 3.16.0-46.62~14.04.1
linux-image-3.16.0-46-powerpc-e500mc 3.16.0-46.62~14.04.1
linux-image-3.16.0-46-powerpc-smp 3.16.0-46.62~14.04.1
linux-image-3.16.0-46-powerpc64-emb 3.16.0-46.62~14.04.1
linux-image-3.16.0-46-powerpc64-smp 3.16.0-46.62~14.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-2717-1
CVE-2015-3212
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-utopic/3.16.0-46.62~14.04.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJV0oWdAAoJEAUvNnAY1cPYj78QALm27CSGI4MNmnb+rBS4J1Zg
AAMH6GYyjoTyX89rsaye/ErTcB7Pt86yWTy1tchezq4dYFjvr5lJVx78/UBKMAPd
2YC8vZ6jcjeYADFHeSadaMZ9jSrOUQJCEmiz1/do2ZEIw97+89rJnb3kHVqX2229
R5Ryn+0XhQgkxI28+0RFzK6mKeYW8X0NGoAYdy7GEl3DFqVimppz9X11Q0yO6Wvx
2kvqvccJhXXp8fbKLtFYIuk/fsQd6UWzYRnGUGA5QibqKXqhunwu73LVu7INmSFS
eFJJbxU4ai66ApW/OCCTMmkspyw/LWVO5wxFsquNOO6xCB7Rvit+vvaqZbfvMEzJ
dH+KlaB7VpwM5fsWQR4zzzpimsWKI/sWo/Eydkroy6u8DZylMvV5sDPgC7dTaKCQ
crTW5Y8rBTqZHd0rYXblsS4WVpEG6jmhrNmGDaTBhTS07nUzrDNe0WBLNwNNNle+
w9XZBlNQ4eMBnOhnn2O27eMkbdZiF2M4wAHQhVSQC6iDEmPC9f/yuLCqwGKBa10E
JFA/laFGl3XeHcFNt5jk/B8gEHFlYsj4atfuEs2rU6SuQgBx43hIUricGItjb9ED
hT43xJE0t3kzx/6q/h524Te79XQ2VHKlNIq64bVdZk7hGFEMorONKUtHg5mzAd28
Wvego7uGS72mG+/k0aQ8
=Wp34
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-2718-1
August 18, 2015
linux-lts-vivid vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
Summary:
The system could be made to crash under certain conditions.
Software Description:
– linux-lts-vivid: Linux hardware enablement kernel from Vivid
Details:
Marcelo Ricardo Leitner discovered a race condition in the Linux kernel’s
SCTP address configuration lists when using Address Configuration Change
(ASCONF) options on a socket. An unprivileged local user could exploit this
flaw to cause a denial of service (system crash).
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-3.19.0-26-generic 3.19.0-26.28~14.04.1
linux-image-3.19.0-26-generic-lpae 3.19.0-26.28~14.04.1
linux-image-3.19.0-26-lowlatency 3.19.0-26.28~14.04.1
linux-image-3.19.0-26-powerpc-e500mc 3.19.0-26.28~14.04.1
linux-image-3.19.0-26-powerpc-smp 3.19.0-26.28~14.04.1
linux-image-3.19.0-26-powerpc64-emb 3.19.0-26.28~14.04.1
linux-image-3.19.0-26-powerpc64-smp 3.19.0-26.28~14.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-2718-1
CVE-2015-3212
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-vivid/3.19.0-26.28~14.04.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJV0oW3AAoJEAUvNnAY1cPYCrAP/ilzRcMzwM6d6xYpX3jlG9/B
Ags3JPVDL1SN7V3Snw/5QfeZXLEyIqYKrQfwnJP15gIBCcS+qokNF4rW2YpngJFf
m9Ln8m8lSWp1gH0Um3vlgG+fejHV7IUhBMRWQgQW7ZnkDklRg7aJoSisHyj3ljk4
4p5SSL2Vy4QG48wc41It6oTBYS//t8gwKWHSZK1jGW3ZOSewbKNvDx3JFtqmwIiE
WrEdk7z7Y1jBRROaRCWiFrYh4/eBdMYxIsJshVkIoH9yTetUd1CiM2K7R/vARHN+
wJ07blf1XeUyqzAsm9dkuH3OqDWI6wAyp2lIRNePhp7hGw7Xd7TOeEy3kwH5QHdx
ciusEOzT+O/Wm2ZLX1s11E8UERrof6QGCoeXKQiXyCPEi7vdTs0AYW0bDly8Tsgw
/mU/3uW8vmCxUidw5OmYy6cEbagUh7ArcpuSPlDO8QDs0iLDQzpr63Oycf1kqWS5
ZPBEfkPhQqew/q9c8yx38HmB9Sd2rEUFjdzqL5oUXJs2Frikklb8FJssPJu3b5Cm
fPk5MJmoE5rKMa3ZosWkBBNLBDED2F4IGt4T+N+ziiTIflGKPnguqWLbF6QFwTwG
2A13HUXxvHcOQWGwRaDo5a74EL5W+xmT/sWDk52UmEJrQHVUAxnvz65eB1ShaIcH
yxBwfEKq6wzCYifyX7WM
=TnLC
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-2719-1
August 18, 2015
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 15.04
Summary:
The system could be made to crash under certain conditions.
Software Description:
– linux: Linux kernel
Details:
Marcelo Ricardo Leitner discovered a race condition in the Linux kernel’s
SCTP address configuration lists when using Address Configuration Change
(ASCONF) options on a socket. An unprivileged local user could exploit this
flaw to cause a denial of service (system crash).
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.04:
linux-image-3.19.0-26-generic 3.19.0-26.28
linux-image-3.19.0-26-generic-lpae 3.19.0-26.28
linux-image-3.19.0-26-lowlatency 3.19.0-26.28
linux-image-3.19.0-26-powerpc-e500mc 3.19.0-26.28
linux-image-3.19.0-26-powerpc-smp 3.19.0-26.28
linux-image-3.19.0-26-powerpc64-emb 3.19.0-26.28
linux-image-3.19.0-26-powerpc64-smp 3.19.0-26.28
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-2719-1
CVE-2015-3212
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.19.0-26.28
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJV0oXSAAoJEAUvNnAY1cPYRPgQAJQ+SPaDFgeKYHOtZ5oy7KeQ
6Q2bGDCpzA/olU/gisdn2HDUH4ea7dn92PvrcJlVczFHtF3QKmcVzW+khgAPA/e8
U42rnYpZeFO/fyncuS/ZW/hayO+c1hlB+jS+6Zs1VDwaXCxmuHgYi61KVKj/NONv
cpJL0E08kqLtDkI0d1odskrdN7qHpCAAXd3uypOBBOcv3LG2eTZ8FMuJBlWVpHTF
kWF3j/SEwENG0B7dSE8QPGaExIJO5rw3gEbay29eI39mNNQea0Hiyi2PR7MqVTxV
P+5fTpo6TQgubuJvJdDZNlrtqZOQn4CeMfkQldiyp9qnilUPppPpyr3nKTB2p5xX
7cIVrqM4BNzUxZRD9UjmxQyiijbep3abEiX3BgsH5LsuKU6E7O5NNRi1vEiGa1CP
fWwMqT4SzurVlm7UtETxJ8CXofkr6qpBXky/vTqJ5BkVWfGeu/dO76kFqbxdcsH4
k9tlJVJtx2oKMlwISbgHwYeIe7uQ1BSmLqBUZvCwGuEJnHVxpUxoEFCJRrnn8k3D
C3J8bbcxShUcQTuNZ18NwSmmB1sowFxw93ghNIanL1+RVMmLTgp8zfPrlG+oTl0Y
LPn+ROnA3q+0x6upiSah6RdO6Ci310LMNXEb0LAFIIaM+FnhnnjENu9HaEYZBRCU
4Z5UpRWMYN3sqWdykFBc
=GB7w
—–END PGP SIGNATURE—–
—