Alter Stand
Kategorie-Datenstand: 21.04.2018 um 03:35 Uhr
Seitencache-Datum: 23.04.2018 20:16:23 Unix Server - Server
 
  1. Server >
  2. Unix Server

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese
Anzeige

Unix Server


Suchen

DSA-4177 libsdl2-image - security update

Unix Server vom 20.04.2018 um 02:00 Uhr | Quelle debian.org

Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4178 libreoffice - security update

Unix Server vom 20.04.2018 um 02:00 Uhr | Quelle debian.org

Two vulnerabilities were discovered in LibreOffice's code to parse MS Word and Structured Storage files, which could result in denial of service and potentially the execution of arbitrary code if a malformed file is opened.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4176 mysql-5.5 - security update

Unix Server vom 20.04.2018 um 02:00 Uhr | Quelle debian.org

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.60, which includes additional changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details:


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4175 freeplane - security update

Unix Server vom 18.04.2018 um 02:00 Uhr | Quelle debian.org

Wojciech Regula discovered an XML External Entity vulnerability in the XML Parser of the mindmap loader in freeplane, a Java program for working with mind maps, resulting in potential information disclosure if a malicious mind map file is opened.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

CentOS Blog: YUM4/DNF for CentOS 7 updates

Unix Server vom 17.04.2018 um 07:39 Uhr | Quelle blog.centos.org

I am pleased to announce some significant updates to our ConfigManagement Special Interest Group for YUM4.  This provides YUM4, based on DNF technology, for testing on CentOS Linux 7/x86_64.  These updates are based on feedback from our prior test release last October. It includes signed packages, core DNF plugins, and uses a version of RPM very similar to and compatible with the upcoming version of CentOS 7.5.

This initiative is based on a partnership with the upstream YUM and DNF maintainers for the future of package management.  Our testing thus far indicates no major problems, but we would love to find out how it fits into your existing YUM 3 workflows. So please consider filling out the short survey - your feedback helps us all get better.

YUM 4 provides significant improvements such as fast dependency resolution and a stable, documented API. See the references below for detailed improvements. We have made every effort to preserve the existing end-user experience that is available with YUM 3. This is the primary reason for making YUM 4 available for testing now.

“What’s with the YUM4 name?”

We recognize that we need to enable users to test YUM4 (/usr/bin/yum4) within their existing workflows in order to fully understand compatibility while retaining YUM version 3 (/usr/bin/yum) as the default.  Yes, they can both be used on the same system, switching back and forth.  We do not recommend this behavior, but it should work with the only known issue being that each version retains its own separate history.  So using the Rollback capability is not recommended as each version will not be aware of the other’s history. Note that the YUM4 name is temporary for the coexistence of versions 3 & 4.

“So, what all has changed?”

The documentation does a great job explaining the differences in great detail. In short, your existing experience using yum to install, remove, and update are identical. However, there are changes such as some of the plugins and yum utilities are now consolidated into `dnf-plugins-core`. Some of the yum CLI options changed and are either converted for you automatically or silently ignored when that behavior is automatically included. Existing custom plugins written for YUM 3 will not work with YUM 4. Please reference the DNF API Reference and Changes in DNF hook API compared to YUM 3 links for further information.

“I found a bug, what should I do?”

Please report any found bugs on Red Hat Bugzilla against Fedora/dnf component (make sure to mention versions and that you use package from CentOS).

And remember to submit feedback in the short survey to help us understand how it can be improved further.

“Three step install, get started right away”

# yum install centos-release-yum4
# yum install yum4
# yum4 install dnf-plugins-core

“I was already testing a previous version of YUM4.  How do I update?”

# yum4 update centos-release-yum4
# yum4 update yum4

 

Many thanks to the CentOS Project team for their assistance in making this happen!


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4174 corosync - security update

Unix Server vom 17.04.2018 um 02:00 Uhr | Quelle debian.org

The Citrix Security Response Team discovered that corosync, a cluster engine implementation, allowed an unauthenticated user to cause a denial-of-service by application crash.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4173 r-cran-readxl - security update

Unix Server vom 16.04.2018 um 02:00 Uhr | Quelle debian.org

Marcin Noga discovered multiple vulnerabilities in readxl, a GNU R package to read Excel files (via the integrated libxls library), which could result in the execution of arbitrary code if a malformed spreadsheet is processed.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4172 perl - security update

Unix Server vom 14.04.2018 um 02:00 Uhr | Quelle debian.org

Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems:


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4171 ruby-loofah - security update

Unix Server vom 13.04.2018 um 02:00 Uhr | Quelle debian.org

The Shopify Application Security Team reported that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments. This might allow to mount a code injection attack into a browser consuming sanitized output.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

Application Server: Nginx Unit Version 1.0 ist produktionsreif

Unix Server vom 13.04.2018 um 00:00 Uhr | Quelle google.com
Kernelemente sind neben dem Application Server der Webserver Nginx beziehungsweise dessen kommerzielle Variante Nginx Plus sowie der Nginx ... Der Code kann für gängige Linux- und Unix-Systeme kompiliert werden, vorgefertigte Packages liegen beispielsweise für Ubuntu und Red Hat ...
1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4169 pcs - security update

Unix Server vom 11.04.2018 um 00:00 Uhr | Quelle debian.org

Cédric Buissart from Red Hat discovered an information disclosure bug in pcs, a pacemaker command line interface and GUI. The REST interface normally doesn't allow passing --debug parameter to prevent information leak, but the check wasn't sufficient.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

CentOS Blog: Updated CentOS Vagrant Images Available (v1803.01)

Unix Server vom 10.04.2018 um 00:00 Uhr | Quelle blog.centos.org

We are pleased to announce new official Vagrant images of CentOS Linux 6.9 and CentOS Linux 7.4.1708 for x86_64 (based on the sources of RHEL 7.4). All included packages have been updated to 3rd April 2018.

Known Issues

  1. The VirtualBox Guest Additions are not preinstalled; if you need them for shared folders, please install the vagrant-vbguest plugin and add the following line to your Vagrantfile:
    config.vm.synced_folder ".", "/vagrant", type: "virtualbox"

    We recommend using NFS instead of VirtualBox shared folders if possible; you can also use the vagrant-sshfs plugin, which, unlike NFS, works on all operating systems.

  2. Since the Guest Additions are missing, our images are preconfigured to use rsync for synced folders. Windows users can either use SMB for synced folders, or disable the sync directory by adding the line
    config.vm.synced_folder ".", "/vagrant", disabled: true

    to their Vagrantfile, to prevent errors on "vagrant up".

  3. Vagrant 1.8.5 is unable to create new CentOS Linux boxes due to Vagrant bug #7610
  4. Vagrant 1.8.7 is unable to download or update boxes due to Vagrant bug #7969.
  5. Vagrant 1.9.1 broke private networking, see Vagrant bug #8166
  6. Vagrant 1.9.3 doesn't work with SMB sync due to Vagrant bug #8404
  7. The vagrant-libvirt plugin is only compatible with Vagrant 1.5 to 1.8
  8. Installing open-vm-tools is not enough for enabling shared folders with Vagrant’s VMware provider. Please follow the detailed instructions in https://github.com/mvermaes/centos-vmware-tools (updated for this release).
  9. Some people reported "could not resolve host" errors when running the centos/7 image for VirtualBox on Windows hosts. Try adding the following line to your Vagrantfile:
    vb.customize ["modifyvm", :id, "--natdnshostresolver1", "off"]

Recommended Setup on the Host

Our automatic testing is running on a CentOS Linux 7 host, using Vagrant 1.9.4 with vagrant-libvirt and VirtualBox 5.1.20 (without the Guest Additions) as providers. We strongly recommend using the libvirt provider when stability is required.

Downloads

The official images can be downloaded from Vagrant Cloud. We provide images for HyperV, libvirt-kvm, VirtualBox and VMware.

If you never used our images before:

vagrant box add centos/6 # for CentOS Linux 6, or...
vagrant box add centos/7 # for CentOS Linux 7

Existing users can upgrade their images:

vagrant box update --box centos/6
vagrant box update --box centos/7

Verifying the integrity of the images

The SHA256 checksums of the images are signed with the CentOS 7 Official Signing Key. First, download and verify the checksum file:

$ curl http://cloud.centos.org/centos/7/vagrant/x86_64/images/sha256sum.txt.asc -o sha256sum.txt.asc
$ gpg --verify sha256sum.txt.asc

If the check passed, you can use the corresponding checksum when downloading the image with Vagrant:

$ export box_checksum="4440a10744855ec2819d726074958ad6cff56bb5a616f6a45b0a42d602aa1154"
$ vagrant box add --checksum-type sha256 --checksum $box_checksum --provider libvirt --box-version 1803.01 centos/7

Feedback

If you encounter any unexpected issues with the Vagrant images, feel free to ask on the centos-devel mailing list, or via IRC, in #centos on Freenode.

Ackowledgements

We would like to warmly thank Fabian Arrotin and Thomas Oulevey for their work on the build infrastructure, as well as Patrick Lang from Microsoft for testing and feedback on the Hyper-V images.

We would also like to thank the following people (listed alphabetically):

  • Graham Mainwaring, for helping with tests and validations;
  • Michael Vermaes, for testing our official images, as well as for writing the detailed guide to using them with VMware Fusion Pro and VMware Workstation Pro;
  • Kirill Kalachev, for reporting and debugging the host name errors with VirtualBox on Windows hosts.

1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

CentOS Seven blog: Seven.centos.org is dead .. long life to blog.centos.org !

Unix Server vom 09.04.2018 um 00:00 Uhr | Quelle blog.centos.org

When we initially launched seven.centos.org, the idea was just to have a single blog instance that CentOS Dev and QA team members could use to give feedback and also report status update about the rebuild and testing of CentOS 7 : that was an easy entry point for people wanting to know how far we were in the process, what to expect, etc (and so give more transparency that during the CentOS 6 rebuild era) ... That was in 2014.

Then it continued to be used by some contributors who wanted to give hints or talk about CentOS 7 new features, but without having a personal blog (or if their personal blog wasn't aggregated through our http://planet.centos.org instance). As more and more people joined the CentOS SIGs , seven.centos.org was more and more used a central blogging platform around the CentOS ecosystem, and so not really anymore about the status of CentOS 7 itself (which was released in July 2014). We even linked authentication against our (deployed in the mean time) https://accounts.centos.org (through OpenID).

So we thought it was time to rename it to blog.centos.org, to reflect the reality. All previous links/permalinks are still working, but default URL is now blog.centos.org.

Happy blogging !


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4170 pjproject - security update

Unix Server vom 09.04.2018 um 00:00 Uhr | Quelle debian.org

Multiple vulnerabilities have been discovered in the PJSIP/PJProject multimedia communication which may result in denial of service during the processing of SIP and SDP messages and ioqueue keys.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

Tipp: Was ist das Usenet?

Unix Server vom 08.04.2018 um 00:00 Uhr | Quelle google.com
Es ist ein Protokoll zur Übertragung von Daten zwischen verschiedenen Unix-Computer. Der Inhaber des Newsservers bestimmt dabei, wie lange die Nachrichten auf dem Server verbleiben. Dies nennt man Vorhaltezeit. Diese ist bei den meisten angebotenen Newsservern der Usenet-Provider ...
1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4168 squirrelmail - security update

Unix Server vom 08.04.2018 um 00:00 Uhr | Quelle debian.org

Florian Grunow und Birk Kauer of ERNW discovered a path traversal vulnerability in SquirrelMail, a webmail application, allowing an authenticated remote attacker to retrieve or delete arbitrary files via mail attachment.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

Ubuntu 18.04 LTS: Finale Beta veröffentlicht

Unix Server vom 06.04.2018 um 00:00 Uhr | Quelle google.com
An der Basisausstattung gibt es ebenfalls eine wichtige Änderung – und diese ist genau genommen ein technischer Rückschritt – zumindest wenn es um die langfristigen Pläne beim Linux Desktop geht. So kommt nun wieder der klassische X-Server statt Wayland zum Einsatz, da es mit letzterem noch ...
1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

CentOS Seven blog: CentOS Atomic Host 7.1803 Available for Download

Unix Server vom 06.04.2018 um 00:00 Uhr | Quelle seven.centos.org

The CentOS Atomic SIG has released an updated version of CentOS Atomic Host (7.1803), a lean operating system designed to run Linux containers, built from standard CentOS 7 RPMs, and tracking the component versions included in Red Hat Enterprise Linux Atomic Host.

This release rolls up all package minor updates that shipped through the month of March, including, most significantly, a move to docker version 1.13.

CentOS Atomic Host includes these core component versions:

  • atomic-1.22.1-1.gitd36c015.el7.centos.x86_64
  • cloud-init-0.7.9-9.el7.centos.6.x86_64
  • docker-1.13.1-53.git774336d.el7.centos.x86_64
  • etcd-3.2.15-1.el7.x86_64
  • flannel-0.7.1-2.el7.x86_64
  • kernel-3.10.0-693.21.1.el7.x86_64
  • kubernetes-node-1.5.2-0.7.git269f928.el7.x86_64
  • ostree-2017.14-2.el7.x86_64
  • rpm-ostree-client-2017.11-1.atomic.el7.x86_64

Download CentOS Atomic Host

CentOS Atomic Host is available as a VirtualBox or libvirt-formatted Vagrant box, or as an installable ISO, qcow2 or Amazon Machine image. For links to media, see the CentOS wiki.

Upgrading

If you're running a previous version of CentOS Atomic Host, you can upgrade to the current image by running the following command:

# atomic host upgrade

Release Cycle

The CentOS Atomic Host image follows the upstream Red Hat Enterprise Linux Atomic Host cadence. After sources are released, they're rebuilt and included in new images. After the images are tested by the SIG and deemed ready, we announce them.

Getting Involved

CentOS Atomic Host is produced by the CentOS Atomic SIG, based on upstream work from Project Atomic. If you'd like to work on testing images, help with packaging, documentation -- join us!

You'll often find us in #atomic and/or #centos-devel if you have questions. You can also join the atomic-devel mailing list if you'd like to discuss the direction of Project Atomic, its components, or have other questions.

Getting Help

If you run into any problems with the images or components, feel free to ask on the centos-devel mailing list.

Have questions about using Atomic? See the atomic mailing list or find us in the #atomic channel on Freenode.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

CentOS Seven blog: CentOS Atomic Host 7.1803 Available for Download

Unix Server vom 06.04.2018 um 00:00 Uhr | Quelle blog.centos.org

The CentOS Atomic SIG has released an updated version of CentOS Atomic Host (7.1803), a lean operating system designed to run Linux containers, built from standard CentOS 7 RPMs, and tracking the component versions included in Red Hat Enterprise Linux Atomic Host.

This release rolls up all package minor updates that shipped through the month of March, including, most significantly, a move to docker version 1.13.

CentOS Atomic Host includes these core component versions:

  • atomic-1.22.1-1.gitd36c015.el7.centos.x86_64
  • cloud-init-0.7.9-9.el7.centos.6.x86_64
  • docker-1.13.1-53.git774336d.el7.centos.x86_64
  • etcd-3.2.15-1.el7.x86_64
  • flannel-0.7.1-2.el7.x86_64
  • kernel-3.10.0-693.21.1.el7.x86_64
  • kubernetes-node-1.5.2-0.7.git269f928.el7.x86_64
  • ostree-2017.14-2.el7.x86_64
  • rpm-ostree-client-2017.11-1.atomic.el7.x86_64

Download CentOS Atomic Host

CentOS Atomic Host is available as a VirtualBox or libvirt-formatted Vagrant box, or as an installable ISO, qcow2 or Amazon Machine image. For links to media, see the CentOS wiki.

Upgrading

If you're running a previous version of CentOS Atomic Host, you can upgrade to the current image by running the following command:

# atomic host upgrade

Release Cycle

The CentOS Atomic Host image follows the upstream Red Hat Enterprise Linux Atomic Host cadence. After sources are released, they're rebuilt and included in new images. After the images are tested by the SIG and deemed ready, we announce them.

Getting Involved

CentOS Atomic Host is produced by the CentOS Atomic SIG, based on upstream work from Project Atomic. If you'd like to work on testing images, help with packaging, documentation -- join us!

You'll often find us in #atomic and/or #centos-devel if you have questions. You can also join the atomic-devel mailing list if you'd like to discuss the direction of Project Atomic, its components, or have other questions.

Getting Help

If you run into any problems with the images or components, feel free to ask on the centos-devel mailing list.

Have questions about using Atomic? See the atomic mailing list or find us in the #atomic channel on Freenode.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4167 sharutils - security update

Unix Server vom 05.04.2018 um 00:00 Uhr | Quelle debian.org

A buffer-overflow vulnerability was discovered in Sharutils, a set of utilities handle Shell Archives. An attacker with control on the input of the unshar command, could crash the application or execute arbitrary code in the its context.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3620-2: Linux kernel (Trusty HWE) vulnerabilities

Unix Server vom 05.04.2018 um 00:00 Uhr | Quelle usn.ubuntu.com

linux-lts-trusty vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 ESM

Summary

Several security issues were fixed in the Linux kernel.

Software Description

  • linux-lts-trusty - Linux hardware enablement kernel from Trusty for Precise ESM

Details

USN-3620-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM.

Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715)

It was discovered that the netlink 802.11 configuration interface in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker with the CAP_NET_ADMIN privilege could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11089)

It was discovered that a buffer overflow existed in the ioctl handling code in the ISDN subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-12762)

It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information. (CVE-2017-17741)

It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805)

It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task’s default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)

It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026)

It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5332)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 ESM
linux-image-3.13.0-144-generic - 3.13.0-144.193~precise1
linux-image-3.13.0-144-generic-lpae - 3.13.0-144.193~precise1
linux-image-generic-lpae-lts-trusty - 3.13.0.144.135
linux-image-generic-lts-trusty - 3.13.0.144.135

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3618-1: LibVNCServer vulnerability

Unix Server vom 04.04.2018 um 00:00 Uhr | Quelle usn.ubuntu.com

libvncserver vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

LibVNCServer could be made to crash, expose sensitive information, or run programs if it received specially crafted network traffic.

Software Description

  • libvncserver - vnc server library

Details

It was discovered that LibVNCServer incorrectly handled certain packet lengths. A remote attacker able to connect to a LibVNCServer could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 17.10
libvncclient1 - 0.9.11+dfsg-1ubuntu0.1
libvncserver1 - 0.9.11+dfsg-1ubuntu0.1
Ubuntu 16.04 LTS
libvncserver1 - 0.9.10+dfsg-3ubuntu0.16.04.2
Ubuntu 14.04 LTS
libvncserver0 - 0.9.9+dfsg-1ubuntu1.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart LibVNCServer applications to make all the necessary changes.

References


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3620-1: Linux kernel vulnerabilities

Unix Server vom 04.04.2018 um 00:00 Uhr | Quelle usn.ubuntu.com

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the Linux kernel.

Software Description

  • linux - Linux kernel

Details

It was discovered that the netlink 802.11 configuration interface in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker with the CAP_NET_ADMIN privilege could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11089)

It was discovered that a buffer overflow existed in the ioctl handling code in the ISDN subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-12762)

It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information. (CVE-2017-17741)

It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805)

It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task’s’ default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)

It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026)

It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5332)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS
linux-image-3.13.0-144-generic - 3.13.0-144.193
linux-image-3.13.0-144-generic-lpae - 3.13.0-144.193
linux-image-3.13.0-144-lowlatency - 3.13.0-144.193
linux-image-3.13.0-144-powerpc-e500 - 3.13.0-144.193
linux-image-3.13.0-144-powerpc-e500mc - 3.13.0-144.193
linux-image-3.13.0-144-powerpc-smp - 3.13.0-144.193
linux-image-3.13.0-144-powerpc64-emb - 3.13.0-144.193
linux-image-3.13.0-144-powerpc64-smp - 3.13.0-144.193
linux-image-generic - 3.13.0.144.154
linux-image-generic-lpae - 3.13.0.144.154
linux-image-lowlatency - 3.13.0.144.154
linux-image-powerpc-e500 - 3.13.0.144.154
linux-image-powerpc-e500mc - 3.13.0.144.154
linux-image-powerpc-smp - 3.13.0.144.154
linux-image-powerpc64-emb - 3.13.0.144.154
linux-image-powerpc64-smp - 3.13.0.144.154

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3619-1: Linux kernel vulnerabilities

Unix Server vom 04.04.2018 um 00:00 Uhr | Quelle usn.ubuntu.com

linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS

Summary

Several security issues were fixed in the Linux kernel.

Software Description

  • linux - Linux kernel
  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-kvm - Linux kernel for cloud environments
  • linux-raspi2 - Linux kernel for Raspberry Pi 2
  • linux-snapdragon - Linux kernel for Snapdragon processors

Details

Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16995)

It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861)

It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407)

It was discovered that an information disclosure vulnerability existed in the ACPI implementation of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory addresses). (CVE-2017-11472)

It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129)

It was discovered that the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel contained a use-after-free when handling device removal. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16528)

Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532)

Andrey Konovalov discovered that the Conexant cx231xx USB video capture driver in the Linux kernel did not properly validate interface descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16536)

Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537)

Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645)

Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646)

Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16649)

Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16650)

It was discovered that the USB Virtual Host Controller Interface (VHCI) driver in the Linux kernel contained an information disclosure vulnerability. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16911)

It was discovered that the USB over IP implementation in the Linux kernel did not validate endpoint numbers. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16912)

It was discovered that the USB over IP implementation in the Linux kernel did not properly validate CMD_SUBMIT packets. A remote attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2017-16913)

It was discovered that the USB over IP implementation in the Linux kernel contained a NULL pointer dereference error. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16914)

It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16994)

It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448)

It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449)

It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450)

It was discovered that the core USB subsystem in the Linux kernel did not validate the number of configurations and interfaces in a device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-17558)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information. (CVE-2017-17741)

It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805)

It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806)

It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task’s’ default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)

Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. (CVE-2017-17862)

It was discovered that the parallel cryptography component of the Linux kernel incorrectly freed kernel memory. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18075)

It was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203)

It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204)

It was discovered that an infinite loop could occur in the the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208)

Andy Lutomirski discovered that the KVM implementation in the Linux kernel was vulnerable to a debug exception error when single-stepping through a syscall. A local attacker in a non-Linux guest vm could possibly use this to gain administrative privileges in the guest vm. (CVE-2017-7518)

It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026)

It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5332)

Mohamed Ghannam discovered a null pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333)

范龙飞 discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344)

It was discovered that an integer overflow error existed in the futex implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-6927)

It was discovered that a NULL pointer dereference existed in the RDS (Reliable Datagram Sockets) protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-7492)

It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-8043)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
linux-image-4.4.0-1020-kvm - 4.4.0-1020.25
linux-image-4.4.0-1054-aws - 4.4.0-1054.63
linux-image-4.4.0-1086-raspi2 - 4.4.0-1086.94
linux-image-4.4.0-1088-snapdragon - 4.4.0-1088.93
linux-image-4.4.0-119-generic - 4.4.0-119.143
linux-image-4.4.0-119-generic-lpae - 4.4.0-119.143
linux-image-4.4.0-119-lowlatency - 4.4.0-119.143
linux-image-4.4.0-119-powerpc-e500mc - 4.4.0-119.143
linux-image-4.4.0-119-powerpc-smp - 4.4.0-119.143
linux-image-4.4.0-119-powerpc64-emb - 4.4.0-119.143
linux-image-4.4.0-119-powerpc64-smp - 4.4.0-119.143
linux-image-aws - 4.4.0.1054.56
linux-image-generic - 4.4.0.119.125
linux-image-generic-lpae - 4.4.0.119.125
linux-image-kvm - 4.4.0.1020.19
linux-image-lowlatency - 4.4.0.119.125
linux-image-powerpc-e500mc - 4.4.0.119.125
linux-image-powerpc-smp - 4.4.0.119.125
linux-image-powerpc64-emb - 4.4.0.119.125
linux-image-powerpc64-smp - 4.4.0.119.125
linux-image-raspi2 - 4.4.0.1086.86
linux-image-snapdragon - 4.4.0.1088.80

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3617-3: Linux kernel (Raspberry Pi 2) vulnerabilities

Unix Server vom 04.04.2018 um 00:00 Uhr | Quelle usn.ubuntu.com

linux-raspi2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10

Summary

Several security issues were fixed in the Linux kernel.

Software Description

  • linux-raspi2 - Linux kernel for Raspberry Pi 2

Details

It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861)

It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129)

Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532)

Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537)

Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645)

Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646)

Andrey Konovalov discovered that the ASIX Ethernet USB driver in the Linux kernel did not properly handle suspend and resume events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16647)

Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16649)

Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16650)

It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16994)

It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448)

It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information. (CVE-2017-17741)

It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805)

It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806)

It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a tasks’ default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)

It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204)

It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026)

It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5332)

Mohamed Ghannam discovered a null pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333)

范龙飞 discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 17.10
linux-image-4.13.0-1016-raspi2 - 4.13.0-1016.17
linux-image-raspi2 - 4.13.0.1016.14

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4166 openjdk-7 - security update

Unix Server vom 04.04.2018 um 00:00 Uhr | Quelle debian.org

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code, incorrect LDAP/GSS authentication, insecure use of cryptography or bypass of deserialisation restrictions.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4165 ldap-account-manager - security update

Unix Server vom 03.04.2018 um 00:00 Uhr | Quelle debian.org

Michal Kedzior found two vulnerabilities in LDAP Account Manager, a web front-end for LDAP directories.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

CentOS Seven blog: SuperComputing is #PoweredByCentOS

Unix Server vom 03.04.2018 um 00:00 Uhr | Quelle seven.centos.org

Last week I, and one of my colleagues, had the opportunity to attend SuperComputing Asia in Singapore. The great thing about the various SuperComputing conferences is getting to see what amazing things people are doing with HPC (High Performance Computing) to make the world a better place. This was very much the case last week at SC-Asia.

We had the opportunity to interview three people who are using HPC to solve real world problems, and I wanted to share those interviews with you.

First we spoke with Abhishek Saha who is an engineering student at National University of Singapore. He's working with the  Hydroinformatics Institute of Singapore to simulate water run-off across the entire island, to propose solutions for flooding.

Next, we spoke with Nick Zang who is a research fellow at Nanyang Technological University. He's investigating jet engine noise, and ways of reducing that noise:

Finally, we spoke with Yap Jia Qing, who is the Founder & CEO of Nurture.AI, an organization dedicated to encouraging AI researchers to publish their findings in AI along with open source implementations of the research, in order to reduce the burden of reproducing, and then building on, that research. This, in turn, greatly accelerates the progress of AI research.

The first two of these researchers are using CentOS in their their supercomputing infrastrucures, as well as using the large CentOS infrastructure at the National SuperComputing Center. Nurture.ai is an Ubuntu shop. All of the work from all three of these projects is open source, in an effort to accelerate research and implementations.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3616-1: Python Crypto vulnerability

Unix Server vom 03.04.2018 um 00:00 Uhr | Quelle usn.ubuntu.com

python-crypto vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

Python Crypto could expose sensitive information.

Software Description

  • python-crypto - cryptographic algorithms and protocols for Python

Details

It was discovered that Python Crypto incorrectly generated ElGamal key parameters. A remote attacker could possibly use this issue to obtain sensitive information.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 17.10
python-crypto - 2.6.1-7ubuntu0.1
python3-crypto - 2.6.1-7ubuntu0.1
Ubuntu 16.04 LTS
python-crypto - 2.6.1-6ubuntu0.16.04.3
python3-crypto - 2.6.1-6ubuntu0.16.04.3
Ubuntu 14.04 LTS
python-crypto - 2.6.1-4ubuntu0.3
python3-crypto - 2.6.1-4ubuntu0.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3615-1: LibRaw vulnerabilities

Unix Server vom 03.04.2018 um 00:00 Uhr | Quelle usn.ubuntu.com

libraw vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

LibRaw could be made to crash or run programs as your login if it opened a specially crafted file.

Software Description

  • libraw - raw image decoder library

Details

It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 17.10
libraw16 - 0.18.2-2ubuntu0.2
Ubuntu 16.04 LTS
libraw15 - 0.17.1-1ubuntu0.2
Ubuntu 14.04 LTS
libraw9 - 0.15.4-1ubuntu0.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart your session to make all the necessary changes.

References


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3617-2: Linux (HWE) vulnerabilities

Unix Server vom 03.04.2018 um 00:00 Uhr | Quelle usn.ubuntu.com

linux-hwe, linux-gcp, linux-oem vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS

Summary

Several security issues were fixed in the Linux kernel.

Software Description

  • linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
  • linux-hwe - Linux hardware enablement (HWE) kernel
  • linux-oem - Linux kernel for OEM processors

Details

USN-3617-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS.

It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861)

It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407)

It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129)

Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532)

Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537)

Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645)

Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646)

Andrey Konovalov discovered that the ASIX Ethernet USB driver in the Linux kernel did not properly handle suspend and resume events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16647)

Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16649)

Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16650)

It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16994)

It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448)

It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information. (CVE-2017-17741)

It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805)

It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806)

It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a tasks’ default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)

It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204)

It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026)

It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5332)

Mohamed Ghannam discovered a null pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333)

范龙飞 discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
linux-image-4.13.0-1012-gcp - 4.13.0-1012.16
linux-image-4.13.0-1022-oem - 4.13.0-1022.24
linux-image-4.13.0-38-generic - 4.13.0-38.43~16.04.1
linux-image-4.13.0-38-generic-lpae - 4.13.0-38.43~16.04.1
linux-image-4.13.0-38-lowlatency - 4.13.0-38.43~16.04.1
linux-image-gcp - 4.13.0.1012.14
linux-image-generic-hwe-16.04 - 4.13.0.38.57
linux-image-generic-lpae-hwe-16.04 - 4.13.0.38.57
linux-image-gke - 4.13.0.1012.14
linux-image-lowlatency-hwe-16.04 - 4.13.0.38.57
linux-image-oem - 4.13.0.1022.26

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

USN-3617-1: Linux kernel vulnerabilities

Unix Server vom 03.04.2018 um 00:00 Uhr | Quelle usn.ubuntu.com

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10

Summary

Several security issues were fixed in the Linux kernel.

Software Description

  • linux - Linux kernel

Details

It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861)

It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407)

It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129)

Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532)

Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537)

Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645)

Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646)

Andrey Konovalov discovered that the ASIX Ethernet USB driver in the Linux kernel did not properly handle suspend and resume events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16647)

Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16649)

Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16650)

It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16994)

It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448)

It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information. (CVE-2017-17741)

It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805)

It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806)

It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a tasks’ default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)

It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204)

It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026)

It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5332)

Mohamed Ghannam discovered a null pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333)

范龙飞 discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 17.10
linux-image-4.13.0-38-generic - 4.13.0-38.43
linux-image-4.13.0-38-generic-lpae - 4.13.0-38.43
linux-image-4.13.0-38-lowlatency - 4.13.0-38.43
linux-image-generic - 4.13.0.38.41
linux-image-generic-lpae - 4.13.0.38.41
linux-image-lowlatency - 4.13.0.38.41

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4164 apache2 - security update

Unix Server vom 03.04.2018 um 00:00 Uhr | Quelle debian.org

Several vulnerabilities have been found in the Apache HTTPD server.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

CentOS Seven blog: SuperComputing is #PoweredByCentOS

Unix Server vom 03.04.2018 um 00:00 Uhr | Quelle blog.centos.org

Last week I, and one of my colleagues, had the opportunity to attend SuperComputing Asia in Singapore. The great thing about the various SuperComputing conferences is getting to see what amazing things people are doing with HPC (High Performance Computing) to make the world a better place. This was very much the case last week at SC-Asia.

We had the opportunity to interview three people who are using HPC to solve real world problems, and I wanted to share those interviews with you.

First we spoke with Abhishek Saha who is an engineering student at National University of Singapore. He's working with the  Hydroinformatics Institute of Singapore to simulate water run-off across the entire island, to propose solutions for flooding.

Next, we spoke with Nick Zang who is a research fellow at Nanyang Technological University. He's investigating jet engine noise, and ways of reducing that noise:

Finally, we spoke with Yap Jia Qing, who is the Founder & CEO of Nurture.AI, an organization dedicated to encouraging AI researchers to publish their findings in AI along with open source implementations of the research, in order to reduce the burden of reproducing, and then building on, that research. This, in turn, greatly accelerates the progress of AI research.

The first two of these researchers are using CentOS in their their supercomputing infrastrucures, as well as using the large CentOS infrastructure at the National SuperComputing Center. Nurture.ai is an Ubuntu shop. All of the work from all three of these projects is open source, in an effort to accelerate research and implementations.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4163 beep - security update

Unix Server vom 02.04.2018 um 00:00 Uhr | Quelle debian.org

It was discovered that a race condition in beep (if configured as setuid via debconf) allows local privilege escalation.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

Seitennavigation

Seite 1 von 59 Seiten (Bei Beitrag 1 - 35)
2.045x Beiträge in dieser Kategorie

Nächste 2 Seite | Letzte Seite
[ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ]