1. Server >
  2. Unix Server


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Unix Server


Suchen

News RSS Quellen: 8x
News Kategorien unterhalb von Unix Server: 0x
News RSS Feeds dieser Unix Server Kategorie: RSS Feed Unix Server
Benutze Feedly zum Abonieren.Folge uns auf feedly
Download RSS Feed App für Windows 10 Store (Leider gibt es nicht mehr viele Extensions mit welchen Sie RSS-Feeds in einer Software abonieren können. Der Browser Support für RSS-Feeds wurde eingestellt (Firefox,Chrome).

Eigene IT Security Webseite / Blog / Quelle hinzufügen

Seitennavigation

Seite 6 von 144 Seiten (Bei Beitrag 175 - 210)
5.006x Beiträge in dieser Kategorie

Auf Seite 5 zurück | Nächste 7 Seite | Letzte Seite

[ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [6] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ]

DSA-4501 libreoffice - security update

Zur Kategorie wechselnUnix Server vom | Quelle: debian.org Direktlink direkt öffnen

It was discovered that the code fixes to address CVE-2018-16858 and CVE-2019-9848 were not complete.


News Bewertung

Weiterlesen Weiterlesen

Red Hat Security Advisory 2019-2484-01

Zur Kategorie wechselnUnix Server vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Red Hat Security Advisory 2019-2484-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. As usual, Oracle refuses to give details on the vulnerabilities.
News Bewertung

Weiterlesen Weiterlesen

Security: Preisgabe von Informationen in wpa_supplicant (Ubuntu)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

High-End-Enterprise-Server Markt Anwendung und Analyse bis 2019-2023

Zur Kategorie wechselnUnix Server vom | Quelle: google.com Direktlink direkt öffnen

Der High-End-Enterprise-Server Market Report bietet umfassende Einblicke in die wichtigsten Faktoren, Chancen, ... IBM I und UNIX-Betriebssystem.
News Bewertung

Weiterlesen Weiterlesen

USN-4098-1: wpa_supplicant and hostapd vulnerability

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

wpa vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS

Summary

wpa_supplicant and hostapd could be made to expose sensitive information over the network.

Software Description

  • wpa - client support for WPA and WPA2

Details

It was discovered that wpa_supplicant and hostapd were vulnerable to a side channel attack against EAP-pwd. A remote attacker could possibly use this issue to recover certain passwords.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
hostapd - 2:2.6-21ubuntu3.2
wpasupplicant - 2:2.6-21ubuntu3.2
Ubuntu 18.04 LTS
hostapd - 2:2.6-15ubuntu2.4
wpasupplicant - 2:2.6-15ubuntu2.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References


News Bewertung

Weiterlesen Weiterlesen

News: Reiser4 für Linux 5.1 und 5.2

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen

Die Entwickler des Dateisystems Reiser4 haben jetzt Versionen für Linux 5.1 und 5.2 freigegeben. Sie ermöglichen es den Nutzern des Dateisystems, die Linux-Kernel 5.1 oder 5.2 einzusetzen. Weitere Änderungen enthalten sie aber nicht.
News Bewertung

Weiterlesen Weiterlesen

Security: Mehrere Probleme in rh-mysql80-mysql (Red Hat)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

News: Kivitendo 3.5.4 veröffentlicht

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen

Knapp acht Monate nach der letzten Hauptversion steht mit Kivitendo 3.5.4 eine verbesserte Version des freien Warenwirtschafts- und Buchhaltungssystems bereit. Neben Korrekturen und Detailverbesserungen wurden fast alle Abhängigkeiten zu mitgelieferten Perl-Modulen aufgelöst.
News Bewertung

Weiterlesen Weiterlesen

News: Apache Software Foundation gibt Jahresbericht für das Fiskaljahr 2019 heraus

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen

Die Apache Software Foundation (ASF) hat den Jahresbericht für das am 30. April zu Ende gegangene Fiskaljahr 2019 veröffentlicht.
News Bewertung

Weiterlesen Weiterlesen

Security: Zwei Probleme in jhead (Fedora)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

Security: Denial of Service in igraph (Fedora)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

Security: Zwei Probleme in Red Hat Single Sign-On (Red Hat)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

Debian Security Advisory 4500-1

Zur Kategorie wechselnUnix Server vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Debian Linux Security Advisory 4500-1 - Several vulnerabilities have been discovered in the chromium web browser.
News Bewertung

Weiterlesen Weiterlesen

Red Hat Security Advisory 2019-2483-01

Zur Kategorie wechselnUnix Server vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Red Hat Security Advisory 2019-2483-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.3 serves as a replacement for Red Hat Single Sign-On 7.3.2, and includes bug fixes and enhancements, which are documented in the Release Notes, linked to in the References section. Issues addressed include a cross site request forgery vulnerability.
News Bewertung

Weiterlesen Weiterlesen

Ubuntu Security Notice USN-4097-2

Zur Kategorie wechselnUnix Server vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Ubuntu Security Notice 4097-2 - USN-4097-1 fixed several vulnerabilities in php5. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that PHP incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
News Bewertung

Weiterlesen Weiterlesen

Ubuntu Security Notice USN-4097-1

Zur Kategorie wechselnUnix Server vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Ubuntu Security Notice 4097-1 - It was discovered that PHP incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
News Bewertung

Weiterlesen Weiterlesen

Ubuntu Security Notice USN-4095-2

Zur Kategorie wechselnUnix Server vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Ubuntu Security Notice 4095-2 - USN-4095-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. Various other issues were also addressed.
News Bewertung

Weiterlesen Weiterlesen

Red Hat Security Advisory 2019-2476-01

Zur Kategorie wechselnUnix Server vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Red Hat Security Advisory 2019-2476-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
News Bewertung

Weiterlesen Weiterlesen

Ubuntu Security Notice USN-4096-1

Zur Kategorie wechselnUnix Server vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Ubuntu Security Notice 4096-1 - Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information.
News Bewertung

Weiterlesen Weiterlesen

Debian Security Advisory 4497-1

Zur Kategorie wechselnUnix Server vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Debian Linux Security Advisory 4497-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
News Bewertung

Weiterlesen Weiterlesen

USN-4097-2: PHP vulnerabilities

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

php5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 ESM
  • Ubuntu 12.04 ESM

Summary

PHP could be made to crash or execute arbitrary code if it received specially crafted image.

Software Description

  • php5 - HTML-embedded scripting language interpreter

Details

USN-4097-1 fixed several vulnerabilities in php5. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that PHP incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2019-11041, CVE-2019-11042)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM
libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.29+esm5
php5-cgi - 5.5.9+dfsg-1ubuntu4.29+esm5
php5-cli - 5.5.9+dfsg-1ubuntu4.29+esm5
php5-fpm - 5.5.9+dfsg-1ubuntu4.29+esm5
php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.29+esm5
Ubuntu 12.04 ESM
libapache2-mod-php5 - 5.3.10-1ubuntu3.39
php5-cgi - 5.3.10-1ubuntu3.39
php5-cli - 5.3.10-1ubuntu3.39
php5-fpm - 5.3.10-1ubuntu3.39
php5-xmlrpc - 5.3.10-1ubuntu3.39

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References


News Bewertung

Weiterlesen Weiterlesen

Ubuntu Security Notice USN-4093-1

Zur Kategorie wechselnUnix Server vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Ubuntu Security Notice 4093-1 - It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
News Bewertung

Weiterlesen Weiterlesen

Ubuntu Security Notice USN-4095-1

Zur Kategorie wechselnUnix Server vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Ubuntu Security Notice 4095-1 - Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
News Bewertung

Weiterlesen Weiterlesen

Ubuntu Security Notice USN-4094-1

Zur Kategorie wechselnUnix Server vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Ubuntu Security Notice 4094-1 - It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. Various other issues were also addressed.
News Bewertung

Weiterlesen Weiterlesen

Red Hat Security Advisory 2019-2471-01

Zur Kategorie wechselnUnix Server vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Red Hat Security Advisory 2019-2471-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. A padding oracle vulnerability has been addressed.
News Bewertung

Weiterlesen Weiterlesen

Red Hat Security Advisory 2019-2473-01

Zur Kategorie wechselnUnix Server vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Red Hat Security Advisory 2019-2473-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a null pointer vulnerability.
News Bewertung

Weiterlesen Weiterlesen

Security: Ausführen beliebiger Kommandos in kconfig und kdelibs4 (SUSE)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

Security: Zwei Probleme in mariadb-100 (SUSE)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

Security: Preisgabe von Informationen in openssl (Red Hat)

Zur Kategorie wechselnUnix Server vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

USN-4097-1: PHP vulnerabilities

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

php7.0, php7.2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary

PHP could be made to crash or execute arbitrary code if it received specially crafted image.

Software Description

  • php7.2 - HTML-embedded scripting language interpreter
  • php7.0 - HTML-embedded scripting language interpreter

Details

It was discovered that PHP incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2019-11041, CVE-2019-11042)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
libapache2-mod-php7.2 - 7.2.19-0ubuntu0.19.04.2
php7.2-cgi - 7.2.19-0ubuntu0.19.04.2
php7.2-cli - 7.2.19-0ubuntu0.19.04.2
php7.2-fpm - 7.2.19-0ubuntu0.19.04.2
php7.2-xmlrpc - 7.2.19-0ubuntu0.19.04.2
Ubuntu 18.04 LTS
libapache2-mod-php7.2 - 7.2.19-0ubuntu0.18.04.2
php7.2-cgi - 7.2.19-0ubuntu0.18.04.2
php7.2-cli - 7.2.19-0ubuntu0.18.04.2
php7.2-fpm - 7.2.19-0ubuntu0.18.04.2
php7.2-xmlrpc - 7.2.19-0ubuntu0.18.04.2
Ubuntu 16.04 LTS
libapache2-mod-php7.0 - 7.0.33-0ubuntu0.16.04.6
php7.0-cgi - 7.0.33-0ubuntu0.16.04.6
php7.0-cli - 7.0.33-0ubuntu0.16.04.6
php7.0-fpm - 7.0.33-0ubuntu0.16.04.6
php7.0-xmlrpc - 7.0.33-0ubuntu0.16.04.6

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References


News Bewertung

Weiterlesen Weiterlesen

USN-4095-2: Linux kernel (Xenial HWE) vulnerabilities

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

linux-lts-xenial, linux-aws vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 ESM

Summary

Several security issues were fixed in the Linux kernel.

Software Description

  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-lts-xenial - Linux hardware enablement kernel from Xenial for Trusty

Details

USN-4095-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM.

Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383)

It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126)

Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125)

It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833)

It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614)

It was discovered that the Linux kernel on ARM processors allowed a tracing process to modify a syscall after a seccomp decision had been made on that syscall. A local attacker could possibly use this to bypass seccomp restrictions. (CVE-2019-2054)

It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM
linux-image-4.4.0-1050-aws - 4.4.0-1050.54
linux-image-4.4.0-159-generic - 4.4.0-159.187~14.04.1
linux-image-4.4.0-159-generic-lpae - 4.4.0-159.187~14.04.1
linux-image-4.4.0-159-lowlatency - 4.4.0-159.187~14.04.1
linux-image-4.4.0-159-powerpc-e500mc - 4.4.0-159.187~14.04.1
linux-image-4.4.0-159-powerpc-smp - 4.4.0-159.187~14.04.1
linux-image-4.4.0-159-powerpc64-emb - 4.4.0-159.187~14.04.1
linux-image-4.4.0-159-powerpc64-smp - 4.4.0-159.187~14.04.1
linux-image-aws - 4.4.0.1050.51
linux-image-generic-lpae-lts-xenial - 4.4.0.159.140
linux-image-generic-lts-xenial - 4.4.0.159.140
linux-image-lowlatency-lts-xenial - 4.4.0.159.140
linux-image-powerpc-e500mc-lts-xenial - 4.4.0.159.140
linux-image-powerpc-smp-lts-xenial - 4.4.0.159.140
linux-image-powerpc64-emb-lts-xenial - 4.4.0.159.140
linux-image-powerpc64-smp-lts-xenial - 4.4.0.159.140
linux-image-virtual-lts-xenial - 4.4.0.159.140

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References


News Bewertung

Weiterlesen Weiterlesen

USN-4096-1: Linux kernel (AWS) vulnerability

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

linux-aws, linux-aws-hwe vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary

The system could be made to expose sensitive information.

Software Description

  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-aws-hwe - Linux kernel for Amazon Web Services (AWS-HWE) systems

Details

Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory).

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
linux-image-5.0.0-1012-aws - 5.0.0-1012.13
linux-image-aws - 5.0.0.1012.12
Ubuntu 18.04 LTS
linux-image-4.15.0-1045-aws - 4.15.0-1045.47
linux-image-aws - 4.15.0.1045.44
Ubuntu 16.04 LTS
linux-image-4.15.0-1045-aws - 4.15.0-1045.47~16.04.1
linux-image-aws-hwe - 4.15.0.1045.45

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References


News Bewertung

Weiterlesen Weiterlesen

USN-4095-1: Linux kernel vulnerabilities

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS

Summary

Several security issues were fixed in the Linux kernel.

Software Description

  • linux - Linux kernel
  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-kvm - Linux kernel for cloud environments
  • linux-raspi2 - Linux kernel for Raspberry Pi 2
  • linux-snapdragon - Linux kernel for Snapdragon processors

Details

Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383)

It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126)

Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125)

Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599)

It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614)

Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272)

It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
linux-image-4.4.0-1054-kvm - 4.4.0-1054.61
linux-image-4.4.0-1090-aws - 4.4.0-1090.101
linux-image-4.4.0-1118-raspi2 - 4.4.0-1118.127
linux-image-4.4.0-1122-snapdragon - 4.4.0-1122.128
linux-image-4.4.0-159-generic - 4.4.0-159.187
linux-image-4.4.0-159-generic-lpae - 4.4.0-159.187
linux-image-4.4.0-159-lowlatency - 4.4.0-159.187
linux-image-4.4.0-159-powerpc-e500mc - 4.4.0-159.187
linux-image-4.4.0-159-powerpc-smp - 4.4.0-159.187
linux-image-4.4.0-159-powerpc64-emb - 4.4.0-159.187
linux-image-4.4.0-159-powerpc64-smp - 4.4.0-159.187
linux-image-aws - 4.4.0.1090.94
linux-image-generic - 4.4.0.159.167
linux-image-generic-lpae - 4.4.0.159.167
linux-image-kvm - 4.4.0.1054.54
linux-image-lowlatency - 4.4.0.159.167
linux-image-powerpc-e500mc - 4.4.0.159.167
linux-image-powerpc-smp - 4.4.0.159.167
linux-image-powerpc64-emb - 4.4.0.159.167
linux-image-powerpc64-smp - 4.4.0.159.167
linux-image-raspi2 - 4.4.0.1118.118
linux-image-snapdragon - 4.4.0.1122.114
linux-image-virtual - 4.4.0.159.167

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References


News Bewertung

Weiterlesen Weiterlesen

USN-4094-1: Linux kernel vulnerabilities

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary

Several security issues were fixed in the Linux kernel.

Software Description

  • linux - Linux kernel
  • linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
  • linux-gke-4.15 - Linux kernel for Google Container Engine (GKE) systems
  • linux-kvm - Linux kernel for cloud environments
  • linux-oem - Linux kernel for OEM processors
  • linux-oracle - Linux kernel for Oracle Cloud systems
  • linux-raspi2 - Linux kernel for Raspberry Pi 2
  • linux-snapdragon - Linux kernel for Snapdragon processors
  • linux-azure - Linux kernel for Microsoft Azure Cloud systems
  • linux-hwe - Linux hardware enablement (HWE) kernel

Details

It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053)

Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093)

Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13097, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616, CVE-2018-13096, CVE-2018-13098, CVE-2018-14615)

Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613, CVE-2018-14609)

Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617)

Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862)

Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169)

It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856)

Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383)

It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126)

Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125)

It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614)

It was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12818)

It was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12819)

It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984)

Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233)

Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272)

It was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. An attacker could use this to cause a denial of service (system crash). (CVE-2019-2024)

It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101)

It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846)

It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information. (CVE-2018-20511)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
linux-image-4.15.0-1021-oracle - 4.15.0-1021.23
linux-image-4.15.0-1040-gcp - 4.15.0-1040.42
linux-image-4.15.0-1040-gke - 4.15.0-1040.42
linux-image-4.15.0-1042-kvm - 4.15.0-1042.42
linux-image-4.15.0-1043-raspi2 - 4.15.0-1043.46
linux-image-4.15.0-1050-oem - 4.15.0-1050.57
linux-image-4.15.0-1060-snapdragon - 4.15.0-1060.66
linux-image-4.15.0-58-generic - 4.15.0-58.64
linux-image-4.15.0-58-generic-lpae - 4.15.0-58.64
linux-image-4.15.0-58-lowlatency - 4.15.0-58.64
linux-image-gcp - 4.15.0.1040.42
linux-image-generic - 4.15.0.58.60
linux-image-generic-lpae - 4.15.0.58.60
linux-image-gke - 4.15.0.1040.43
linux-image-gke-4.15 - 4.15.0.1040.43
linux-image-kvm - 4.15.0.1042.42
linux-image-lowlatency - 4.15.0.58.60
linux-image-oem - 4.15.0.1050.54
linux-image-oracle - 4.15.0.1021.24
linux-image-powerpc-e500mc - 4.15.0.58.60
linux-image-powerpc-smp - 4.15.0.58.60
linux-image-powerpc64-emb - 4.15.0.58.60
linux-image-powerpc64-smp - 4.15.0.58.60
linux-image-raspi2 - 4.15.0.1043.41
linux-image-snapdragon - 4.15.0.1060.63
linux-image-virtual - 4.15.0.58.60
Ubuntu 16.04 LTS
linux-image-4.15.0-1021-oracle - 4.15.0-1021.23~16.04.1
linux-image-4.15.0-1040-gcp - 4.15.0-1040.42~16.04.1
linux-image-4.15.0-1055-azure - 4.15.0-1055.60
linux-image-4.15.0-58-generic - 4.15.0-58.64~16.04.1
linux-image-4.15.0-58-generic-lpae - 4.15.0-58.64~16.04.1
linux-image-4.15.0-58-lowlatency - 4.15.0-58.64~16.04.1
linux-image-azure - 4.15.0.1055.58
linux-image-gcp - 4.15.0.1040.54
linux-image-generic-hwe-16.04 - 4.15.0.58.79
linux-image-generic-lpae-hwe-16.04 - 4.15.0.58.79
linux-image-gke - 4.15.0.1040.54
linux-image-lowlatency-hwe-16.04 - 4.15.0.58.79
linux-image-oem - 4.15.0.58.79
linux-image-oracle - 4.15.0.1021.15
linux-image-virtual-hwe-16.04 - 4.15.0.58.79

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References


News Bewertung

Weiterlesen Weiterlesen

USN-4093-1: Linux kernel vulnerabilities

Zur Kategorie wechselnUnix Server vom | Quelle: usn.ubuntu.com Direktlink direkt öffnen

linux, linux-hwe, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS

Summary

Several security issues were fixed in the Linux kernel.

Software Description

  • linux - Linux kernel
  • linux-azure - Linux kernel for Microsoft Azure Cloud systems
  • linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
  • linux-kvm - Linux kernel for cloud environments
  • linux-raspi2 - Linux kernel for Raspberry Pi 2
  • linux-snapdragon - Linux kernel for Snapdragon processors
  • linux-hwe - Linux hardware enablement (HWE) kernel

Details

It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126)

Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125)

It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614)

It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984)

Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233)

Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272)

It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
linux-image-5.0.0-1013-gcp - 5.0.0-1013.13
linux-image-5.0.0-1013-kvm - 5.0.0-1013.14
linux-image-5.0.0-1014-azure - 5.0.0-1014.14
linux-image-5.0.0-1014-raspi2 - 5.0.0-1014.14
linux-image-5.0.0-1018-snapdragon - 5.0.0-1018.19
linux-image-5.0.0-25-generic - 5.0.0-25.26
linux-image-5.0.0-25-generic-lpae - 5.0.0-25.26
linux-image-5.0.0-25-lowlatency - 5.0.0-25.26
linux-image-azure - 5.0.0.1014.13
linux-image-gcp - 5.0.0.1013.13
linux-image-generic - 5.0.0.25.26
linux-image-generic-lpae - 5.0.0.25.26
linux-image-gke - 5.0.0.1013.13
linux-image-kvm - 5.0.0.1013.13
linux-image-lowlatency - 5.0.0.25.26
linux-image-raspi2 - 5.0.0.1014.11
linux-image-snapdragon - 5.0.0.1018.11
linux-image-virtual - 5.0.0.25.26
Ubuntu 18.04 LTS
linux-image-5.0.0-1014-azure - 5.0.0-1014.14~18.04.1
linux-image-5.0.0-25-generic - 5.0.0-25.26~18.04.1
linux-image-5.0.0-25-generic-lpae - 5.0.0-25.26~18.04.1
linux-image-5.0.0-25-lowlatency - 5.0.0-25.26~18.04.1
linux-image-azure - 5.0.0.1014.25
linux-image-generic-hwe-18.04 - 5.0.0.25.82
linux-image-generic-lpae-hwe-18.04 - 5.0.0.25.82
linux-image-lowlatency-hwe-18.04 - 5.0.0.25.82
linux-image-snapdragon-hwe-18.04 - 5.0.0.25.82
linux-image-virtual-hwe-18.04 - 5.0.0.25.82

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References


News Bewertung

Weiterlesen Weiterlesen

Seitennavigation

Seite 6 von 144 Seiten (Bei Beitrag 175 - 210)
5.006x Beiträge in dieser Kategorie

Auf Seite 5 zurück | Nächste 7 Seite | Letzte Seite

[ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [6] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ]