==========================================================================
Ubuntu Security Notice USN-2975-2
May 16, 2016
linux-lts-trusty vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 12.04 LTS
Summary:
The system could be made to crash or run programs as an administrator.
Software Description:
– linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise
Details:
USN-2975-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 LTS.
Philip Pettersson discovered that the Linux kernel’s ASN.1 DER decoder did
not properly process certificate files with tags of indefinite length. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
linux-image-3.13.0-86-generic 3.13.0-86.131~precise1
linux-image-3.13.0-86-generic-lpae 3.13.0-86.131~precise1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-trusty, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-2975-2
http://www.ubuntu.com/usn/usn-2975-1
CVE-2016-0758
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-86.131~precise1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJXOhrQAAoJEC8Jno0AXoH0J5YQAJbhxtd0hmpySc/6F9pxOyP4
xBgMJePT5wjuIsYeO75qvm/FoRPFS/kH710OgsSMvMUhLIJfp1z0n9hgydEugIVd
LkBeBBmIPGSDBui53zv5LkHr9MhaniFrurna3wZFZZ+hpgpY7jB9SvFhyEdui16S
m2j/mP1Nv2JydMqtU7By+51MUDbDM4alV/EMvH7d2BeLe8uUyFedl3o6nGwPXEkW
qIMnPIHii33RiEOLFOvgXhh3L+Y03hmYPg8/bZMk28irbF397Skvc3fQXr7iqjEZ
I45laRi5ufqrwZCyJ7Ox1ZM2yvSTSuJydbScJZgRC+IS+02PZRR8aJXUCEzYYbyt
coVe9UU2Uz4g+8Ii9bAMDjb39kXWCU0m9g46aItzuCLUO7F4GxR+ZEGolyCqGNnF
H37xCwGcZaIVOgVjK1RquLWII3H0VpQXsPkiqUKdaY9RoxCfXvItcz2iYEaciK37
f5K70TYPJqNJG5/3+meHQiSw197o7kAoUpVqeDKJrjGYIu84lQdLtMkLfDQmtGvs
OyA+7P4i5qSkuWJjjP5wxB9aQZyJDCGMBBX5yndDKV/Wom1gN+7ikAj5xGTeSsnJ
RdTMxVmbzUcuu8eejnevf04/hXqA3+9j+8TuC3sv9YW2CR15GfGQmJw1RQkxlYhS
X5OTNxCYHKYI5LInlXVn
=Eqf+
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-2975-1
May 16, 2016
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
Summary:
The system could be made to crash or run programs as an administrator.
Software Description:
– linux: Linux kernel
Details:
Philip Pettersson discovered that the Linux kernel’s ASN.1 DER decoder did
not properly process certificate files with tags of indefinite length. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges. (CVE-2016-0758)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-3.13.0-86-generic 3.13.0-86.131
linux-image-3.13.0-86-generic-lpae 3.13.0-86.131
linux-image-3.13.0-86-lowlatency 3.13.0-86.131
linux-image-3.13.0-86-powerpc-e500 3.13.0-86.131
linux-image-3.13.0-86-powerpc-e500mc 3.13.0-86.131
linux-image-3.13.0-86-powerpc-smp 3.13.0-86.131
linux-image-3.13.0-86-powerpc64-emb 3.13.0-86.131
linux-image-3.13.0-86-powerpc64-smp 3.13.0-86.131
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-2975-1
CVE-2016-0758
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-86.131
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJXOhq2AAoJEC8Jno0AXoH0+VMQAJeUChkuchBfLi8VVdprlyKD
EBWRqDaSPOYpVMgXu3Ax9d2U0hJfSCUlQuHz4j4T+TE83H0Xf+NatjSxMFGvhPea
OxJFp38WId1elR9ZwH+LHI4jB48Ip3mSueECJ5D+08EVMLtuWgOKUwSs6Kucswuv
pZRwRs+RoyX8Yjr9S7MQZ4YzLICZClR1Jb922ldZaD7uG4cjwZDZGlnDlQCCe0HE
dZqDukDAcrleekteVMymFlzydL2+XzPidz/VqRCr7GWwiVBMPrGha/SBpR9bUnot
zMrHE8ktg44Qti4yvwotBVzbDAl67JwhbxVe+Mrn52Bd/Ug+NolJ4fCfV2RY3SIW
G+2z/CNpNbPgCyDwyJl7BTBiTMtrKilrWOWI9Lj+ywOf8SJ44QeUm9Fqxecylb22
h5tQoPc1Hz876C2Z9shsySAY/NtQl5dbcPYFO3YYUebmV6BxjR2PrQI9E6HmRGDB
NMDK5vawXWMz5I+2qHGIMswMzpPQ2qXovBAJ+TuvZWr2JpPFlfLgjgh1l3o9+ard
0wlk24c4UJkl/Ic90qCIoKKOuOmH3Q9U8gaBptuGS0tGI/348wCIB/uZdKR+bqqD
7/nWxQ+qRBaFI0XUP7RRbufakagvwKXTbjCWhcSzHUEPVxvjelw1/veDqqB3rlw7
qLF5t4vDzkCvj2gJEi5e
=vF9S
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-2976-1
May 16, 2016
linux-lts-utopic vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
Summary:
The system could be made to crash or run programs as an administrator.
Software Description:
– linux-lts-utopic: Linux hardware enablement kernel from Utopic for Trusty
Details:
Philip Pettersson discovered that the Linux kernel’s ASN.1 DER decoder did
not properly process certificate files with tags of indefinite length. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-3.16.0-71-generic 3.16.0-71.92~14.04.1
linux-image-3.16.0-71-generic-lpae 3.16.0-71.92~14.04.1
linux-image-3.16.0-71-lowlatency 3.16.0-71.92~14.04.1
linux-image-3.16.0-71-powerpc-e500mc 3.16.0-71.92~14.04.1
linux-image-3.16.0-71-powerpc-smp 3.16.0-71.92~14.04.1
linux-image-3.16.0-71-powerpc64-emb 3.16.0-71.92~14.04.1
linux-image-3.16.0-71-powerpc64-smp 3.16.0-71.92~14.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-2976-1
CVE-2016-0758
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-utopic/3.16.0-71.92~14.04.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJXOhx1AAoJEC8Jno0AXoH0fesP/2Db7ymyrd5tQBnCmjep9DKr
dktVDQHWAZAyH6SrhIkTIbY2rUP22acOXLJjuk/5J3Dnsmy2oD5p1t4MMTTwyNag
UazBrd4k0K0ShWsvcpB2mjKZS36DpyinHuemX+yUR6cQ4qcIjSW+ZAb24XwXzQ0p
96q5qfSsL7yHoTf2vEwQxtNGdKtlVbujmF9Iy1Fmg9smkbXgVoHrz4eGRTjIdPHL
Tu3LmKYTWT+IcdsIpXTI9mKF8LyMrAmR66FX1tLk9G8noMoJtgcPiTRt7AldPdeW
ZoqOzZHFeOv21jYyKh52lb981gaWMhvEbaC+y2FF3xNBwtONSquisOsF7GyR+n56
JURm9Pav8cE4gTBilYSZKoxRPGZg5BLWKAbYrb5o7EYXfrVWahomVIDJbMqvEOf4
clTcgTb67LDH4oQ0KTXnkrSQRhVwUoeaJEGTJt0QpuWMYOmtmkMn79oFLFWGGox4
HfQxxNpZbFgO3ofEti83ZnXTCfP+djcO+4jMKPgHjWqC7LsR7+KtqqOvVFFu22fj
8qV57FDRPzwz6eEW69INRByO5LC7haHD+kSHzSyl0A4DbBC0MNedCFTdqlrnk618
41W6u4j4nHRiitY4g5njlOVNm2yw7niPQW4jQX/k2of1MlmMnY1FLw+V35zzxlLl
mWPAvv//HeJL0W5HKU4v
=EihE
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-2977-1
May 16, 2016
linux-lts-vivid vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
Summary:
The system could be made to crash or run programs as an administrator.
Software Description:
– linux-lts-vivid: Linux hardware enablement kernel from Vivid for Trusty
Details:
Philip Pettersson discovered that the Linux kernel’s ASN.1 DER decoder did
not properly process certificate files with tags of indefinite length. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-3.19.0-59-generic 3.19.0-59.66~14.04.1
linux-image-3.19.0-59-generic-lpae 3.19.0-59.66~14.04.1
linux-image-3.19.0-59-lowlatency 3.19.0-59.66~14.04.1
linux-image-3.19.0-59-powerpc-e500mc 3.19.0-59.66~14.04.1
linux-image-3.19.0-59-powerpc-smp 3.19.0-59.66~14.04.1
linux-image-3.19.0-59-powerpc64-emb 3.19.0-59.66~14.04.1
linux-image-3.19.0-59-powerpc64-smp 3.19.0-59.66~14.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-vivid, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-2977-1
CVE-2016-0758
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-vivid/3.19.0-59.66~14.04.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJXOhrzAAoJEC8Jno0AXoH0K9AP/A65egObWXiV0hhZ3Oe/lpda
tbQu4ulhfYNZT3aj3/3IAuCNgBnmCIz+o0Z/iLPvP+NMaOQjuBGH7cLG1R2o1HV6
hPKwBhBI0Yq0GauQYUmxZGw7R+C1VvFb/LIEIS/5UZ3r18JdW+Z3+ol+jjQ0WR0V
2hDAXbnFl0m3/+ltJDSVngwUaoetIRQkdq13lZjZ/IAe0uVwSin/Fyhe3iBywP4P
jIMNrdE9AiHa4ANn/IUMjhEZ4XtF8C0Ovn4620CwOZKFXb/SLQNkq/5cTLimarnh
x2uCVIWVk6BtZKAkcWKbSRuTnAtG/UWAQd8AzQk9FSUkg5NYAJ+rS334c6DG55ne
bfmi3ywbBEXrzb/Dpolxdc7e62X9n0xCG4+iJmIPHqFt80V/+CNitCREjs1M3hER
s9hsYulvKCpHuSg/vBJJ2qaw+7yRBqm3ZMolh+IvQZHHKSbyDZyaej314rRnR23r
FZwM+hNHJ5bqW/UEht8zuYRJDn0qPvvWrWf5N7rzHlb9lzXsQVb03v3E7cu+674p
it8WIlXdHki0c5JC4fMZReuubqKfuaPxsN4bDQ0KaeM6LTlJai32Sa+8YCUxUqXB
VAvuw4dKddlDkJHU3horwPVMN+j8+Uhur6uuoNymidEpOcXIKk0HH8/begXkd2Fy
oYY+rjlJiDxOCvYmlA9F
=CN8a
—–END PGP SIGNATURE—–
—