==========================================================================
Ubuntu Security Notice USN-2946-1
April 06, 2016
linux vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
– linux: Linux kernel
Details:
Venkatesh Pottem discovered a use-after-free vulnerability in the Linux
kernel’s CXGB3 driver. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2015-8812)
Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux
Extended Verification Module (EVM). An attacker could use this to affect
system integrity. (CVE-2016-2085)
David Herrmann discovered that the Linux kernel incorrectly accounted file
descriptors to the original opener for in-flight file descriptors sent over
a unix domain socket. A local attacker could use this to cause a denial of
service (resource exhaustion). (CVE-2016-2550)
It was discovered that the Linux kernel did not enforce limits on the
amount of data allocated to buffer pipes. A local attacker could use this
to cause a denial of service (resource exhaustion). (CVE-2016-2847)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-3.13.0-85-generic 3.13.0-85.129
linux-image-3.13.0-85-generic-lpae 3.13.0-85.129
linux-image-3.13.0-85-lowlatency 3.13.0-85.129
linux-image-3.13.0-85-powerpc-e500 3.13.0-85.129
linux-image-3.13.0-85-powerpc-e500mc 3.13.0-85.129
linux-image-3.13.0-85-powerpc-smp 3.13.0-85.129
linux-image-3.13.0-85-powerpc64-emb 3.13.0-85.129
linux-image-3.13.0-85-powerpc64-smp 3.13.0-85.129
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-2946-1
CVE-2015-8812, CVE-2016-2085, CVE-2016-2550, CVE-2016-2847
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-85.129
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJXBMIHAAoJEC8Jno0AXoH0DewP/38B8wdngB/E4EIcXQpJOa/c
CfyS5SK58YG76KC4GoDEcbOCCKFgdZ9s79V7iJZfqNt7slq3dH68LzIqnx6ZFi9S
647IoM1O9+3J9oDkTu6Vfv91domJRrygTjNC0kMB/RA/UXH3XM0pfmA7NmpfbU2N
oUm0CiXp215Oxue5jq7nVpW9oru1fS/Qa+VdjSRms+972Qv8rXgYTECpviOBLqEZ
aDpRVNjp26kw56ITMo7D3CQDtwjSpsNAeiOtxukceidNTxvST00dyQAJFEadoRHG
UDEaqdPd03pcEdLzcAMvT+weHsCaZGa++AR4btcMcV0YUOVcz84VvQ/BhSrOF4X8
IMNwCfmregidmZI7ReiIWEhCi8WVwfNkOsL5HbCVVmP5BDGPAakNbShElyB7atsP
MwJzJ/bfrMNkGe72DTOhGwy1hezwvzeIOyVXVoZLWxkoj5pmxGetod5KgQDlvp/8
yu/PhlvL+CkYku3uxKhgr9c4cSnnvsa98meg2W4rh5OEFatIvirzyMuA4ldC/cAs
HHK7oU0cU8WgW31hDBYeXwnDWr6bgW3r3gXJIYAqD83ChcWht2JV7b8uDTsNpXL5
BtXWlNnuUT2PnOhWfNomqfmXCqkuz/2FkhaQ+I81OOvuvjb/XMbYgmlUAmJdMkuC
hlrY2x0zCq9VzTbhHGAW
=rYxw
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-2946-2
April 06, 2016
linux-lts-trusty vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
– linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise
Details:
Venkatesh Pottem discovered a use-after-free vulnerability in the Linux
kernel’s CXGB3 driver. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2015-8812)
Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux
Extended Verification Module (EVM). An attacker could use this to affect
system integrity. (CVE-2016-2085)
David Herrmann discovered that the Linux kernel incorrectly accounted file
descriptors to the original opener for in-flight file descriptors sent over
a unix domain socket. A local attacker could use this to cause a denial of
service (resource exhaustion). (CVE-2016-2550)
It was discovered that the Linux kernel did not enforce limits on the
amount of data allocated to buffer pipes. A local attacker could use this
to cause a denial of service (resource exhaustion). (CVE-2016-2847)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
linux-image-3.13.0-85-generic 3.13.0-85.129~precise1
linux-image-3.13.0-85-generic-lpae 3.13.0-85.129~precise1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-2946-2
http://www.ubuntu.com/usn/usn-2946-1
CVE-2015-8812, CVE-2016-2085, CVE-2016-2550, CVE-2016-2847
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-85.129~precise1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJXBMISAAoJEC8Jno0AXoH0wzIQAIEOj+P3ZDrajqB/WJJlBr9Z
Uc4Yar78Z89960sp1V1PLLEmuChxBy+bMQzCPxXhnnNLoPXVTtos3N41B84hOw2F
DGXJ0yoIgPd5rE/2+8uRbpyEKS8T8Qw4tjvxVZOIeQCmDrCLjLYfUfeMpE0qrUFa
IBMgibCmMrmMQW5ZOpfyFHaxV56qtJQwdnZmM+/2OETJbDtQHtGX1WmQPfK/dLlp
EsU5JvOtXYloW3bKtjC7/3bU6j++fKnwwrzQnhnePSWNQCC+VN7wwC75kzpEMhDb
k0S2+DePe6YphMaLdRgt8QGt5luYl95PdzwKaNCfC9HRyXOlGmBdJWeCEzBhWpmw
TN9shzRS6OIP9jy7LELI/Srw+Y6VzIpW0DUvuePPs9jjBSVOxVWFeTRpl3sI8fBy
XLel22GseeszwD3FFqXXJOK2wUC4s+Y9PujiqGRZ/p6djBk9yB0gKCCy0DyuQQ9L
EtGiuAYGh1XDC/fkTkNBuFpKG5fpW/qy3tq6WqY9oy6Pk8VU5qF+i72so96bQLq7
KuDwxGl4KebPgP/FH6wxCBWpZu5dh8NnE1SrPM00ONWC2IPfjggW/7L+2m/BSNQ3
r0P4gROsE2+X1EXSCKB4VpPo8z4jaPIiZDqr8cchq1OukNblU7R2jgiuGjObwwH1
VPpSycQaA5vkciOeh7YT
=Fv0s
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-2947-1
April 06, 2016
linux vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 15.10
Summary:
Several security issues were fixed in the kernel.
Software Description:
– linux: Linux kernel
Details:
Ralf Spenneberg discovered that the usbvision driver in the Linux kernel
did not properly sanity check the interfaces and endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7833)
Venkatesh Pottem discovered a use-after-free vulnerability in the Linux
kernel’s CXGB3 driver. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2015-8812)
Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux
Extended Verification Module (EVM). An attacker could use this to affect
system integrity. (CVE-2016-2085)
It was discovered that the extended Berkeley Packet Filter (eBPF)
implementation in the Linux kernel did not correctly compute branch offsets
for backward jumps after ctx expansion. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2016-2383)
David Herrmann discovered that the Linux kernel incorrectly accounted file
descriptors to the original opener for in-flight file descriptors sent over
a unix domain socket. A local attacker could use this to cause a denial of
service (resource exhaustion). (CVE-2016-2550)
It was discovered that the Linux kernel did not enforce limits on the
amount of data allocated to buffer pipes. A local attacker could use this
to cause a denial of service (resource exhaustion). (CVE-2016-2847)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
linux-image-4.2.0-35-generic 4.2.0-35.40
linux-image-4.2.0-35-generic-lpae 4.2.0-35.40
linux-image-4.2.0-35-lowlatency 4.2.0-35.40
linux-image-4.2.0-35-powerpc-e500mc 4.2.0-35.40
linux-image-4.2.0-35-powerpc-smp 4.2.0-35.40
linux-image-4.2.0-35-powerpc64-emb 4.2.0-35.40
linux-image-4.2.0-35-powerpc64-smp 4.2.0-35.40
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-2947-1
CVE-2015-7833, CVE-2015-8812, CVE-2016-2085, CVE-2016-2383,
CVE-2016-2550, CVE-2016-2847
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.2.0-35.40
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJXBMIaAAoJEC8Jno0AXoH0wDQP/AxmexEwbEkhG9MYuzV/s6Jj
nB9etOojrUYrXt3WW/IxJlEPnvt/XlEbgGW8va9Q6gu69Kf+OKqMauTEw5k34Gvd
XDz3Yz3IDVYmUgxONzSlrcqhplaxs4x8A4bzJBnBnZ81LWDUhRZvq3v5bc0tnbyQ
R7I2IYWH7qjp+l6UOnzUoMQcBXfQfIn3MKpahG1vUXnUME8CgHGqJv4l4iOdqtmr
zcU2vqKa0ggrGajB9uSg1F6haEePFXANRa2Q/RzOJUImlHgbvTzWjeIV7QSSxCfl
HoEf+kYoOd9AcbGZXJ++Bd2gduDnZnbafpPifrNX9Yeod0PLoVKdc5dQD8M4niVB
WNUSFlxJH7ETdkWUYi+ODllpiT8QaK+QbWmmrbq/SctRULK5bJ/mnmxM5PqBj/RK
7xa8rPnAb7gVtrGZ/MUeIhUM/rHquzZUtX8UvXBJp7Wzh7hp1/6abkbIIsJ6WHiv
w146698aeYvYhgk/ax2LCMbw7Bpdur8mvM2dDbu9hGT9tB8W8W58J68UegZQ1lDs
eHTtazLGENGbZVLMQoiS6ktnZWOkYmsZ4sM2vRElDMstbvAv8A+64PYhFo/fFFKn
mH9CW+98/Q+7M5h4ax9XVWHbUuz+I5p4Lrw0ipFP5kwxsgy6xfcMDg3xPl1H1JQi
XKHtVbPCNv/vS0eQuTBF
=MOqz
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-2947-2
April 06, 2016
linux-lts-wily vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
– linux-lts-wily: Linux hardware enablement kernel from Wily for Trusty
Details:
Ralf Spenneberg discovered that the usbvision driver in the Linux kernel
did not properly sanity check the interfaces and endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7833)
Venkatesh Pottem discovered a use-after-free vulnerability in the Linux
kernel’s CXGB3 driver. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2015-8812)
Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux
Extended Verification Module (EVM). An attacker could use this to affect
system integrity. (CVE-2016-2085)
It was discovered that the extended Berkeley Packet Filter (eBPF)
implementation in the Linux kernel did not correctly compute branch offsets
for backward jumps after ctx expansion. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2016-2383)
David Herrmann discovered that the Linux kernel incorrectly accounted file
descriptors to the original opener for in-flight file descriptors sent over
a unix domain socket. A local attacker could use this to cause a denial of
service (resource exhaustion). (CVE-2016-2550)
It was discovered that the Linux kernel did not enforce limits on the
amount of data allocated to buffer pipes. A local attacker could use this
to cause a denial of service (resource exhaustion). (CVE-2016-2847)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-4.2.0-35-generic 4.2.0-35.40~14.04.1
linux-image-4.2.0-35-generic-lpae 4.2.0-35.40~14.04.1
linux-image-4.2.0-35-lowlatency 4.2.0-35.40~14.04.1
linux-image-4.2.0-35-powerpc-e500mc 4.2.0-35.40~14.04.1
linux-image-4.2.0-35-powerpc-smp 4.2.0-35.40~14.04.1
linux-image-4.2.0-35-powerpc64-emb 4.2.0-35.40~14.04.1
linux-image-4.2.0-35-powerpc64-smp 4.2.0-35.40~14.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-2947-2
http://www.ubuntu.com/usn/usn-2947-1
CVE-2015-7833, CVE-2015-8812, CVE-2016-2085, CVE-2016-2383,
CVE-2016-2550, CVE-2016-2847
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-wily/4.2.0-35.40~14.04.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJXBMIhAAoJEC8Jno0AXoH0tX0P/iOqEZAUXc9jbh4usQCx3PnH
tJtn9XA1opIc+aHK2aP0j7RYyX7mHSyTxO5IipEfLt/FNSvc+wi+vmO0QemVuxtk
MPbz92X9Ek9/5vtChF0sAxd9LV5I9Xti4Yox83kaKhSuDEWuNZDCBUsH7uqCRq6g
7krD7HIgQQ2+8AB2AP8Icfv91qkvt2TP9xI45K4t3saRB9BqclnAi7EMSY1MVgMf
wJI6veyf0bb2oxaPd4vskXjLt0J96J+0qSj6y0MFr7oiNzMyLzSSi36sJTzdbhHc
n/1iN+fgKJkq9xjiT189Qui/u1xl4vO4vksabIy5b8A87jsWYD/X1b3H9B1QkM/N
imScLhZDB83mhxqyU7XAmHvvCkf6uQm+ESotj5lbqfXwFhSo/5tOxFQSEkA6lf34
IwYB1iyac3ST+1xxsB4M+1sCm3kIMF6wwt4TJmhtXDqe4e1UFxU555c7taSil93d
T/WP0WDGrGydzZa5A+3CGM2Feqte3kSACSyEg25Kr0MRzU5IzLSckMvZTpLuEb5k
bV8nG/7G0pxX06teVj4qJtjwPx8QNRk10zfLaUbUrxIfX3CDQy+KCff/f6pYgCYj
1l10QuSr9Vm1QwdI+ikGVMsDWqEpmJUFHEI/eM7wxNRbhYK/OF6A67byekisuSTT
bvUhJA6rs1VjDhhLCBKc
=D5BA
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-2948-1
April 06, 2016
linux-lts-utopic vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
– linux-lts-utopic: Linux hardware enablement kernel from Utopic for Trusty
Details:
Ralf Spenneberg discovered that the USB driver for Clie devices in the
Linux kernel did not properly sanity check the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7566)
Ralf Spenneberg discovered that the usbvision driver in the Linux kernel
did not properly sanity check the interfaces and endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7833)
Venkatesh Pottem discovered a use-after-free vulnerability in the Linux
kernel’s CXGB3 driver. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2015-8812)
It was discovered that a race condition existed in the ioctl handler for
the TTY driver in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or expose sensitive information.
(CVE-2016-0723)
Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux
Extended Verification Module (EVM). An attacker could use this to affect
system integrity. (CVE-2016-2085)
David Herrmann discovered that the Linux kernel incorrectly accounted file
descriptors to the original opener for in-flight file descriptors sent over
a unix domain socket. A local attacker could use this to cause a denial of
service (resource exhaustion). (CVE-2016-2550)
Ralf Spenneberg discovered that the USB driver for Treo devices in the
Linux kernel did not properly sanity check the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2016-2782)
It was discovered that the Linux kernel did not enforce limits on the
amount of data allocated to buffer pipes. A local attacker could use this
to cause a denial of service (resource exhaustion). (CVE-2016-2847)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-3.16.0-69-generic 3.16.0-69.89~14.04.1
linux-image-3.16.0-69-generic-lpae 3.16.0-69.89~14.04.1
linux-image-3.16.0-69-lowlatency 3.16.0-69.89~14.04.1
linux-image-3.16.0-69-powerpc-e500mc 3.16.0-69.89~14.04.1
linux-image-3.16.0-69-powerpc-smp 3.16.0-69.89~14.04.1
linux-image-3.16.0-69-powerpc64-emb 3.16.0-69.89~14.04.1
linux-image-3.16.0-69-powerpc64-smp 3.16.0-69.89~14.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-2948-1
CVE-2015-7566, CVE-2015-7833, CVE-2015-8812, CVE-2016-0723,
CVE-2016-2085, CVE-2016-2550, CVE-2016-2782, CVE-2016-2847
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-utopic/3.16.0-69.89~14.04.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJXBMIvAAoJEC8Jno0AXoH0nxAQAKhdCInjNPyjY39xCy/dRNwR
rwnOgNFBjLLNMZ3z6SzQqE19Ed0zdDJNFTnsQCEx0ZO7DGzdKtdGly3M/a15Uy9c
fR1cd/YjHLQD43s7Y5s0VX0iT7W+gM3jJ4Ps8/E//65Aka3fuJY4jDoJY/Th+dvd
koLlNpA6otTYvPogiTgULLGKlaLF7UQAHsXKI4pVQij/DCN6/Rxqf0sR9eSaNzF9
2xKD78PEBNBiODeaWZEKMqfHfKY+xcVf9CDoHsJjXH9aWZRLwo3sBybZ6GbBnhFu
cV4RQP3RR36EPYE6I3uEf0GANv85F0wV9wUD+YpXRbNi0aHbZMup2nRSGYmNgwFM
ekN/lm8XJMoWqYO0IQIoflGakME595ujYthq5vaDOIRasF/pQigL4DUhEIkgkhCT
Cg2WjDM+/AgQldDfa6bSVbnsdV181IS7rGlIHWUhhrIWZuFyQHs0ZLjKQXuNhAQA
D7F2Lqp2cJOsBZATbct93QhjrQSCFdlRnXvosUUqKiwXyVx+OSOsUfHn84gxsisQ
KSqQTVqoivzatIV8znDQJJGeZZH1WCeM7nXNl4tDevyxg+UD0hFqRF9uH2zOMHV5
ujNQXVKKfGArCrBBBoKmjamrm7qzEoldqu6QCucl7o44ZjFdxr2gF5lNeDtXUdFA
rttZgOTCdWD2VT8ZqRNc
=4JMv
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-2949-1
April 06, 2016
linux-lts-vivid vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
– linux-lts-vivid: Linux hardware enablement kernel from Vivid for Trusty
Details:
Venkatesh Pottem discovered a use-after-free vulnerability in the Linux
kernel’s CXGB3 driver. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2015-8812)
Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux
Extended Verification Module (EVM). An attacker could use this to affect
system integrity. (CVE-2016-2085)
David Herrmann discovered that the Linux kernel incorrectly accounted file
descriptors to the original opener for in-flight file descriptors sent over
a unix domain socket. A local attacker could use this to cause a denial of
service (resource exhaustion). (CVE-2016-2550)
It was discovered that the Linux kernel did not enforce limits on the
amount of data allocated to buffer pipes. A local attacker could use this
to cause a denial of service (resource exhaustion). (CVE-2016-2847)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-3.19.0-58-generic 3.19.0-58.64~14.04.1
linux-image-3.19.0-58-generic-lpae 3.19.0-58.64~14.04.1
linux-image-3.19.0-58-lowlatency 3.19.0-58.64~14.04.1
linux-image-3.19.0-58-powerpc-e500mc 3.19.0-58.64~14.04.1
linux-image-3.19.0-58-powerpc-smp 3.19.0-58.64~14.04.1
linux-image-3.19.0-58-powerpc64-emb 3.19.0-58.64~14.04.1
linux-image-3.19.0-58-powerpc64-smp 3.19.0-58.64~14.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-2949-1
CVE-2015-8812, CVE-2016-2085, CVE-2016-2550, CVE-2016-2847
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-vivid/3.19.0-58.64~14.04.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJXBMI2AAoJEC8Jno0AXoH0np0QAIU6BzW2N45OmyiVKeSrvezM
IuV9+4hbZ3Bx8GRfnM3hSqLk9yoKas4I4DgBMOXHjIkqsgoCvDloUe5K3f5vDThq
MDEyH2rpCMSfJmCeLbiL3XBsWqUTg08I5kdTPIXUc0o6dcuXrcRdiAXO3mme4cFw
AzBkxN0KuHr/KBdAT2nH9JHbHberGZF9RgNQ1QIvt504B8tYv0xf7b5Le8tdDHLv
ndr4tqLbBVFTaeeuf20AThi1yXPG9vamQELe+aHm09sxlcf1lzQgqE/ojjcmIq4y
2vjWLRF8ZDu/IuWYKvCVqt2Uy0dLLKPtJhdhdFiu7xSHZfOjW0EUQgoUlXxMNnIA
uy+HcDY264vmZkbcvGJbzLjIrk2rvK17ao128/sW97YgUo/oZIWcCSNI0bQiNEyH
w1tQ0TTKjMNOYDVk8g3hdt27KMWRW60meTzRVSGOoZQjOAk28UIXghVSZK3Kx0zm
g/HyjBcjp5AvGQsGamu8eyxsldZZs7s/CDJb3eaWrZeYdSb6yvr29NNfj+EY2bz+
XBV1zctzyYH6KbL677LoE5DxLTTuhAdbVh2zUOg0XYit31tbqzzeGuzNaHO9MxWk
o++ceVkRBkslDArrsAqhk7g7RYtrKK380xPc2BZwjpd6nf7HMbfK3hfT0oZi8j7y
ztPfBYn5ZP0Fycd7SY9t
=mGp6
—–END PGP SIGNATURE—–
—