Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ubuntu 16.04 Linux Kernel Vulnerabilities


  • Please log in to reply
4 replies to this topic

#1 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,563 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:10:29 PM

Posted 02 July 2016 - 06:48 AM

USN-3016-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-3016-1 explains that a total of seven Linux kernel vulnerabilities have been found and then fixed in the updated kernel packages for Ubuntu 16.04 LTS.

 

 

Details

Jesse Hertz and Tim Newsham discovered that the Linux netfilter
implementation did not correctly perform validation when handling 32 bit
compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local
unprivileged attacker could use this to cause a denial of service (system
crash) or execute arbitrary code with administrative privileges.
(CVE-2016-4997)

Kangjie Lu discovered an information leak in the core USB implementation in
the Linux kernel. A local attacker could use this to obtain potentially
sensitive information from kernel memory. (CVE-2016-4482)

Kangjie Lu discovered an information leak in the timer handling
implementation in the Advanced Linux Sound Architecture (ALSA) subsystem of
the Linux kernel. A local attacker could use this to obtain potentially
sensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578)

Kangjie Lu discovered an information leak in the X.25 Call Request handling
in the Linux kernel. A local attacker could use this to obtain potentially
sensitive information from kernel memory. (CVE-2016-4580)

It was discovered that an information leak exists in the Rock Ridge
implementation in the Linux kernel. A local attacker who is able to mount a
malicious iso9660 file system image could exploit this flaw to obtain
potentially sensitive information from kernel memory. (CVE-2016-4913)

Baozeng Ding discovered that the Transparent Inter-process Communication
(TIPC) implementation in the Linux kernel did not verify socket existence
before use in some situations. A local attacker could use this to cause a
denial of service (system crash). (CVE-2016-4951)

Jesse Hertz and Tim Newsham discovered that the Linux netfilter
implementation did not correctly perform validation when handling
IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to
cause a denial of service (system crash) or obtain potentially sensitive
information from kernel memory. (CVE-2016-4998)

 

http://www.ubuntu.com/usn/usn-3016-1/

 

To update your system, please run the following commands in Terminal:

 sudo apt-get update
 sudo apt-get dist-upgrade


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:29 AM

Posted 02 July 2016 - 08:41 AM

I'm not clear on what "a local attacker" implies. My guess would be that is someone sitting in front of the computer or someone who

has gained access remotely by consent or non-consent. Does anyone reading this know where Ubuntu developers or other Linux websites

give a definition for "a local attacker"?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 NickAu

NickAu

    Bleepin' Fish Doctor

  • Topic Starter

  • Moderator
  • 13,563 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:10:29 PM

Posted 02 July 2016 - 05:10 PM

 

I'm not clear on what "a local attacker" implies. My guess would be that is someone sitting in front of the computer

Yes I agree.



#4 Guest_hollowface_*

Guest_hollowface_*

  • Guests
  • OFFLINE
  •  

Posted 02 July 2016 - 05:48 PM

I'm unclear as to which kernel versions are affected, as well as if this is limited to Ubuntu 16.04 (are older releases affected?), or if this is even limited to Ubuntu (are non-Ubuntu based distros affected?). Nice to see the issues patched so quickly :)



#5 wizardfromoz

wizardfromoz

  • Banned
  • 2,799 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 02 July 2016 - 07:05 PM

Ditto to all hf asked and said.

 

:wizardball:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users