You are here

Hírolvasó

Ubuntu Hour június

Ubuntu magyar közösség - 2018.06.05, k - 08:15


Időpont: 2018. június 08. (péntek)

Kezdés: 18.00 óra

BUDAPEST

A rendezvény mindenki számára ingyenes.

Bemutatkozik az FCM (jelenlegi) fordítócsapata

Ubuntu magyar közösség - 2018.05.30, sze - 08:45

Királyvári Gábornak, a fordítócsapat alapítójának a bemutatkozásából (ez az első bemutatkozó számban jelent meg) idézve:
“Hogyan is indult útjára a fordítócsapat? Hát, ezt így elég nehéz röviden leírni, de megpróbálok tömör lenni. Munkám során közelebb kerültem a Unix alapú rendszerekhez (hozzáteszem, nem ez a napi munkám), sokat érdeklődtem irántuk, majd elszántam magam az Ubuntu telepítésére, melyet többen is ajánlottak. 2007 tavaszán egyik nagyon jó barátomat (név szerint Nagy Attilát) felvették ahhoz az IT céghez, ahol én is dolgoztam már másfél éve. Nagy Attilával mindig azon gondolkoztunk, hogy valami nagyot és maradandót kellene alkotnunk közösen… Nagyon hajtott a vágy, hogy valamit alkotnom kell, valamit létre kell hoznom a nagyközönség számára.
Kiindulópontom a fordítások kapcsán a következő volt: ha már adott egy rendszer (Ubuntu) és ingyen van, ez biztos sok ember munkájának a gyümölcse. Ha már ingyen van és én nem tudok hozzátenni semmit jelenleg, akkor hozzájárulok és tiszteletemet fejezem ki a létrehozók előtt egy olyan produktum létrehozásával (magával a FCM magyar fordításaival), ami másoknak is segítségére szolgálhat, persze szabad szellemben és ingyen, ahogy a rendszer is ingyenes.
2007. június 13. 22:19 – Ekkor írtam e-mailt az admin@fullcirclemagazin.org-ra, hogy elkezdjük fordítani a magazint magyar nyelvre…

...

2007. júniusa – bőven 10 év telt el azóta. A csapat tagjai, létszáma az idők során sokszor változott. Hol többen, hol kevesebben, néha lelkesen, néha – a nehézségek miatt – kevésbé lelkesen, de talán azóta is rendíthetetlenül folytatja munkáját a csapat.
Most ismét összeállítottunk egy bemutatkozót, a mostani csapat tagjairól (mint minden más a magazinnal kapcsolatban, ez is önkéntes alapon történt).

Az új bemutatkozó szám letölthető innen: Bemutatkozás – 2018

A Fordítócsapat jelenlegi tagjainak bemutatkozása – 2018

Full Circle Magazin - 2018.05.29, k - 20:40
Bemutatkozik a fordítócsapat

“Hogyan is indult útjára a fordítócsapat? Hát, ezt így elég nehéz röviden leírni, de megpróbálok tömör lenni. Munkám során közelebb kerültem a Unix alapú rendszerekhez (hozzáteszem, nem ez a napi munkám), sokat érdeklődtem irántuk, majd elszántam magam az Ubuntu telepítésére, melyet többen is ajánlottak. 2007 tavaszán egyik nagyon jó barátomat (név szerint Nagy Attilát: http://www.attilanagy.hu/) felvették ahhoz az IT céghez, ahol én is dolgoztam már másfél éve. Nagy Attilával mindig azon gondolkoztunk, hogy valami nagyot és maradandót kellene alkotnunk közösen.” … “Nagyon hajtott a vágy, hogy valamit alkotnom kell, valamit létre kell hoznom a nagyközönség számára.
Kiindulópontom a fordítások kapcsán a következő volt: ha már adott egy rendszer (Ubuntu) és ingyen van, ez biztos sok ember munkájának a gyümölcse. Ha már ingyen van és én nem tudok hozzátenni semmit jelenleg, akkor hozzájárulok és tiszteletemet fejezem ki a létrehozók előtt egy olyan produktum létrehozásával (magával a FCM magyar fordításaival), ami másoknak is segítségére szolgálhat, persze szabad szellemben és ingyen, ahogy a rendszer is ingyenes.”
“2007. június 13. 22:19
Ekkor írtam e-mailt az admin@fullcirclemagazin.org-ra, hogy elkezdjük fordítani a magazint magyar nyelvre…”
Királyvári Gábor – a csapat alapítójának bemutatkozásából.

Lassan 10 év telt el azóta. A csapat tagjai, létszáma az idők során sokszor változott. Hol többen, hol kevesebben, néha lelkesen, néha – a nehézségek miatt – kevésbé lelkesen, de talán azóta is rendíthetetlenül folytatja munkáját a csapat.

A jelenlegi csapat (2018) bemutatkozása: Bemutatkozás - 2018 (0)

A “Kezdő csapat” bemutatkozása: Bemutatkozás (240)

127. szám

Full Circle Magazin - 2018.05.17, cs - 14:04
Tartalom 127. szám
  • Hírek
  • Parancsolj és uralkodj: Gyorsított Mobil Oldalak
  • Hogyanok:
    • Ubuntu Base telepítése
    • Bevezető a FreeCAD-be – 8. rész
    • Programozás Great Cow BASIC-ben
    • Inkscape – 67. rész
  • Kutatás Linuxszal
  • Különvélemény – Ez Plasma 5 vagy Plasma 4
  • Az én történetem – Tapasztalatom az Ubuntuval
  • Hogyan írjunk a Full Circle-be?
  • KODI-szoba: Podcastok és programozás
  • Fókuszban: FixMeStick
  • Levelek
  • KáVé
  • Játékok Ubuntun – Humble Bundle
  • Támogatóink
  • Közreműködnél?
127. szám (2)

Megjelent a Full Circle magazin 127. számának magyar fordítása

Ubuntu magyar közösség - 2018.05.17, cs - 13:46

A fordítócsapat örömmel jelenti be, hogy elkészült a Full Circle magazin 127. számának magyar fordítása.

Tartalom:

  • Hírek
  • Parancsolj és uralkodj: Gyorsított Mobil Oldalak
  • Hogyanok:
    • Ubuntu Base telepítése
    • Bevezető a FreeCAD-hez – 8. rész
    • Programozás Great Cow BASIC-ben
    • Inkscape – 67. rész
  • Kutatás Linuxszal
  • Különvélemény: Ez Plasma 5 vagy Plasma 4?
  • Az én történetem: Tapasztalatom az Ubuntuval
  • Hogyan írjunk a Full Circle-be!
  • KODI-szoba: Podcastok és programozás
  • Fókuszban: FixMeStick
  • Levelek
  • KáVé
  • Játékok Ubuntun: Humble Bundle
  • Támogatóink
  • Közreműködnél?

Az új szám elérhető a régiek mellett a http://fullcircle.hu oldalon.

Letöltési link: 127. szám

A fordítást a Full Circle magazin magyar fordítócsapata készítette.

A régebbi számok továbbra is elérhetők a fordítócsapat oldalán, a fullcircle.hu oldalon, továbbá a Full Circle magazin hivatalos oldalának letöltései között: http://fullcirclemagazine.org/downloads/

Megpróbálunk minél hamarabb jelentkezni a 128. számmal. A régebbi számok mindegyike elérhető és letölthető weboldalunkról, illetve kereshettek minket a Facebookon is.

Jó olvasgatást kívánunk mindenkinek!

Ubuntu Hour május

Ubuntu magyar közösség - 2018.05.07, h - 07:57

Időpont: 2018. május 11. (péntek)


BUDAPEST
Kezdés: 18.00 óra
Helyszín: A Grund Bazsesz terem (Budapest, VIII. Nagytemplom utca 30.)
Téma: Bionic Beaver 18.04 tesztelés
Megközelítés: Corvin negyedtől 8 perc, Klinikák megállótól 5 perc séta.
Kapcsolatfelvétel a szervezővel.
MISKOLC
Kezdés: 18.00 óra
Helyszín: Avasi Sörház (Hangoló Söröző) (Miskolc, Meggyesalja u. 1.)
Téma: Ki milyen programokat használ...
Kapcsolatfelvétel a szervezőkkel: itt és itt.

A rendezvények mindenki számára ingyenesek.

Megjelent már? Megjelent már?

Ubuntu magyar közösség - 2018.04.26, cs - 06:35
Megjelent már?

Nem. Az Ubuntu 18.04 április 26-án jelenik meg, várhatóan valamikor a délutáni órákban. Irányadóként az elmúlt években megjelent kiadások megjelenési időpontjai:

  • Ubuntu 17.10 - 15:08
  • Ubuntu 17.04 - 15:09
  • Ubuntu 16.10 - 17:14
  • Ubuntu 16.04 - 18:17
  • Ubuntu 15.10 - 16:10
  • Ubuntu 15.04 - 17:19
  • Ubuntu 14.10 - 20:32
  • Ubuntu 14.04 - 19:09
  • Ubuntu 13.10 - 15:13
  • Ubuntu 13.04 - 14:07
  • Ubuntu 12.10 - 19:15
  • Ubuntu 12.04 - 14:04
  • Ubuntu 11.10 - 15:15
  • Ubuntu 11.04 - 13:36
  • Ubuntu 10.10 - 12:10
  • Ubuntu 10.04 - 19:24
  • Ubuntu 9.10 - 16:25
  • Ubuntu 9.04 - 14:53
  • Ubuntu 8.10 - 16:11
  • Ubuntu 8.04 - 14:17
  • Ubuntu 7.10 - 13:15
  • Ubuntu 7.04 - 16:18
Hol tartunk most? Mikor lesz már kész?

Az ISO testing tracker oldalon nyomon követheted, hol tart a tesztelés, esetlegesen milyen hibákat találtak, és hogy melyik az utolsó build.

De egy szerveren megtaláltam a képfájlt. Akkor megjelent?

Nem. Elképzelhető, hogy egyik vagy másik tükörszerverre már kikerült egy képfájl, azonban nem biztos, hogy ez már a végleges. Ha ennek a bizonyos szervernek a címében még a „pool” szó is szerepel, az azt jelenti, hogy innen szinkronizálnak a tükörszerverek - ha innen töltesz, azzal csak a kiadást késlelteted. Hivatalosan akkor jelent meg, amikor a bejelentést kiküldik az ubuntu-announce levelezőlistára.

Ott a bejelentés a listán, az ubuntu.hu-n meg továbbra sincs semmi. Akkor most már megjelent?

Igen. Ha esetleg nem vettük volna észre, szólj IRC-n (freenode hálózat, #ubuntu-hu szoba), vagy itt, hogy valaki sürgősen tegye ki róla a hírt, akinek van jogosultsága, ezt pedig szedje le.

Már nagyon izgatott vagyok. Ti mit csináltok ilyenkor?

IRC-zünk. A magyar közösségi csatornán (freenode, #ubuntu-hu) inkább technikai koordináció zajlik ilyenkor (tükörszerverek beállásának követése, a bejelentés és a letöltési oldal folyamatos frissítése), és persze folyamatosan figyeljük a hivatalos levelezőlistát, hogy mikor kell kitenni a nagy hírt. A nemzetközi buli színtere pedig az #ubuntu-release-party szoba, ahol angol nyelven folyik a társalgás, és a világ minden részéről összesereglenek az emberek, barátkoznak, beszélgetnek, és együtt várják az új kiadás megjelenését.

Ubuntu 18.04, Bionic Beaver Release Party

Ubuntu magyar közösség - 2018.04.25, sze - 09:13

Az Ubuntu 18.04-es, Bionic Beaver kódnévre hallgató verziója 2018. április 26-án jelenik meg, aminek alkalmából Budapesten (csütörtökön) és Miskolcon (pénteken) Release Party-t szervezünk.


BUDAPEST

Időpont: 2018. április 26. (csütörtök)
Kezdés: 18.00 óra

Helyszín: A Grund 5-ös terem (Budapest, VIII. Nagytemplom utca 30.)
Megközelítés: Corvin negyedtől 8 perc, Klinikák megállótól 5 perc séta.
Kapcsolatfelvétel a szervezővel.


MISKOLC

Időpont: 2018. április 27. (péntek)
Kezdés: 18.00 óra

Helyszín: Grabovsky Közösségi Iroda (3530 Miskolc, Rákóczi Ferenc u. 13.)
Kapcsolatfelvétel a szervezőkkel: itt és itt.



A Release Party célközönsége a hétköznapi felhasználó, a rendezvényt nem visszük el szakmai témák irányába. Release Party után veszi kezdetét a hagyományos Ubuntu Hour ismerkedéssel, kötetlen beszélgetéssel.


A rendezvények mindenki számára ingyenesek.

Megjelent a Full Circle magazin 126. számának magyar fordítása

Ubuntu magyar közösség - 2018.04.25, sze - 07:49

A fordítócsapat örömmel jelenti be, hogy elkészült a Full Circle magazin 126. számának magyar fordítása.

Tartalom:

  • Hírek
  • Parancsolj és uralkodj: HTTPS, Docker és Let’s Encrypt
  • Hogyanok:
    • LaTeX: függőleges helyköz
    • Bevezető a FreeCAD-hez – 7. rész
    • tmux – 2. rész
    • Inkscape – 66. rész
  • Kutatás Linuxszal
  • Különvélemény: Írás Ubuntun
  • Hogyan írjunk a Full Circle-be!
  • KODI-szoba: Újjáépítés
  • Fókuszban: Pop!_OS
  • Fókuszban: DSL2
  • Levelek
  • KáVé
  • Játékok Ubuntun: Pac-Man 256
  • Támogatóink
  • Közreműködnél?

Az új szám elérhető a régiek mellett a http://fullcircle.hu oldalon.

Letöltési link: 126. szám

A fordítást a Full Circle magazin magyar fordítócsapata készítette.

A régebbi számok továbbra is elérhetők a fordítócsapat oldalán, a fullcircle.hu oldalon, továbbá a Full Circle magazin hivatalos oldalának letöltései között: http://fullcirclemagazine.org/downloads/

Megpróbálunk minél hamarabb jelentkezni a 127. számmal. A régebbi számok mindegyike elérhető és letölthető weboldalunkról, illetve kereshettek minket a Facebookon is.

Jó olvasgatást kívánunk mindenkinek!

126. szám

Full Circle Magazin - 2018.04.24, k - 20:36
Tartalom 126. szám
  • Hírek
  • Parancsolj és uralkodj: HTTPS, Docker és Let’s Encrypt
  • Hogyanok:
    • LaTeX: függőleges helyköz
    • Bevezető a FreeCAD-hez – 7. rész
    • tmux – 2. rész
    • Inkscape – 66. rész
    • Kutatás Linuxszal
  • Különvélemény – Írás Ubuntun
  • Hogyan írjunk a Full Circle-be?
  • KODI-szoba: Újjáépítés
  • Fókuszban: Pop!_OS
  • Fókuszban: DSL2
  • Levelek
  • KáVé
  • Játékok Ubuntun – Pac-Man 256
  • Támogatóink
  • Közreműködnél?
126. szám (2)

Szabad Szoftver Konferencia 2018 – regisztrálj, és gyere el!

Ubuntu magyar közösség - 2018.04.18, sze - 20:35

Elindult a regisztráció az idei Szabad Szoftver Konferenciára, amelyre 2018. május 12-én kerül sor az ELTE Lágymányosi Campusának Északi épületében. A konferencián négy szekcióban párhuzamosan zajlanak majd az előadások. Az előadások leírása megtalálható a konferencia honlapján. Több szabad szoftveres közösség és támogatóink (Andrews, Novell, Rackforest, Serverside, NISZ) is készülnek kiállítói asztallal, így az előadások közötti szünetekben sem maradtok program nélkül. Idén is készülünk értékes nyereményekkel, sorsolunk pólókat, és díjazzuk a konferencia legjobb előadóját.

A konferencián a részvétel ingyenes, de regisztrációhoz kötött. További információk és regisztráció a konferencia honlapján (konf.fsf.hu).

Ubuntu Hour április

Ubuntu magyar közösség - 2018.04.05, cs - 08:24

Időpont: 2018. április 13. (péntek)

BUDAPEST
Kezdés: 18.00 óra
Helyszín: A Grund Bazsesz terem (Budapest, VIII. Nagytemplom utca 30.)
Téma: Bionic Beaver 18.04 Beta 1
Kapcsolatfelvétel a szervezővel.
MISKOLC
Kezdés: 18.00 óra
Helyszín: Avasi Sörház (Hangoló Söröző) (Miskolc, Meggyesalja u. 1.)
Téma: Objektumorientált programozás (OOP)
Kapcsolatfelvétel a szervezőkkel: itt és itt.

A rendezvények mindenki számára ingyenesek.

USN-3620-2: Linux kernel (Trusty HWE) vulnerabilities

Ubuntu security notices - 2018.04.05, cs - 04:23
linux-lts-trusty vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 ESM
Summary

Several security issues were fixed in the Linux kernel.

Software Description
  • linux-lts-trusty - Linux hardware enablement kernel from Trusty for Precise ESM
Details

USN-3620-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM.

Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715)

It was discovered that the netlink 802.11 configuration interface in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker with the CAP_NET_ADMIN privilege could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11089)

It was discovered that a buffer overflow existed in the ioctl handling code in the ISDN subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-12762)

It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information. (CVE-2017-17741)

It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805)

It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task’s default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)

It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026)

It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5332)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 ESM
linux-image-3.13.0-144-generic - 3.13.0-144.193~precise1
linux-image-3.13.0-144-generic-lpae - 3.13.0-144.193~precise1
linux-image-generic-lpae-lts-trusty - 3.13.0.144.135
linux-image-generic-lts-trusty - 3.13.0.144.135

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References
Kategóriák: Securiy

USN-3620-1: Linux kernel vulnerabilities

Ubuntu security notices - 2018.04.04, sze - 22:44
linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS
Summary

Several security issues were fixed in the Linux kernel.

Software Description
  • linux - Linux kernel
Details

It was discovered that the netlink 802.11 configuration interface in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker with the CAP_NET_ADMIN privilege could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11089)

It was discovered that a buffer overflow existed in the ioctl handling code in the ISDN subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-12762)

It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information. (CVE-2017-17741)

It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805)

It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task’s default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)

It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026)

It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5332)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS
linux-image-3.13.0-144-generic - 3.13.0-144.193
linux-image-3.13.0-144-generic-lpae - 3.13.0-144.193
linux-image-3.13.0-144-lowlatency - 3.13.0-144.193
linux-image-3.13.0-144-powerpc-e500 - 3.13.0-144.193
linux-image-3.13.0-144-powerpc-e500mc - 3.13.0-144.193
linux-image-3.13.0-144-powerpc-smp - 3.13.0-144.193
linux-image-3.13.0-144-powerpc64-emb - 3.13.0-144.193
linux-image-3.13.0-144-powerpc64-smp - 3.13.0-144.193
linux-image-generic - 3.13.0.144.154
linux-image-generic-lpae - 3.13.0.144.154
linux-image-lowlatency - 3.13.0.144.154
linux-image-powerpc-e500 - 3.13.0.144.154
linux-image-powerpc-e500mc - 3.13.0.144.154
linux-image-powerpc-smp - 3.13.0.144.154
linux-image-powerpc64-emb - 3.13.0.144.154
linux-image-powerpc64-smp - 3.13.0.144.154

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References
Kategóriák: Securiy

USN-3619-1: Linux kernel vulnerabilities

Ubuntu security notices - 2018.04.04, sze - 22:21
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in the Linux kernel.

Software Description
  • linux - Linux kernel
  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-kvm - Linux kernel for cloud environments
  • linux-raspi2 - Linux kernel for Raspberry Pi 2
  • linux-snapdragon - Linux kernel for Snapdragon processors
Details

Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16995)

It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861)

It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407)

It was discovered that an information disclosure vulnerability existed in the ACPI implementation of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory addresses). (CVE-2017-11472)

It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129)

It was discovered that the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel contained a use-after-free when handling device removal. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16528)

Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532)

Andrey Konovalov discovered that the Conexant cx231xx USB video capture driver in the Linux kernel did not properly validate interface descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16536)

Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537)

Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645)

Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646)

Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16649)

Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16650)

It was discovered that the USB Virtual Host Controller Interface (VHCI) driver in the Linux kernel contained an information disclosure vulnerability. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16911)

It was discovered that the USB over IP implementation in the Linux kernel did not validate endpoint numbers. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16912)

It was discovered that the USB over IP implementation in the Linux kernel did not properly validate CMD_SUBMIT packets. A remote attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2017-16913)

It was discovered that the USB over IP implementation in the Linux kernel contained a NULL pointer dereference error. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16914)

It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16994)

It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448)

It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449)

It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450)

It was discovered that the core USB subsystem in the Linux kernel did not validate the number of configurations and interfaces in a device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-17558)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information. (CVE-2017-17741)

It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805)

It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806)

It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task’s default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)

Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. (CVE-2017-17862)

It was discovered that the parallel cryptography component of the Linux kernel incorrectly freed kernel memory. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18075)

It was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203)

It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204)

It was discovered that an infinite loop could occur in the the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208)

Andy Lutomirski discovered that the KVM implementation in the Linux kernel was vulnerable to a debug exception error when single-stepping through a syscall. A local attacker in a non-Linux guest vm could possibly use this to gain administrative privileges in the guest vm. (CVE-2017-7518)

It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026)

It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5332)

Mohamed Ghannam discovered a null pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333)

范龙飞 discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344)

It was discovered that an integer overflow error existed in the futex implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-6927)

It was discovered that a NULL pointer dereference existed in the RDS (Reliable Datagram Sockets) protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-7492)

It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-8043)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
linux-image-4.4.0-1020-kvm - 4.4.0-1020.25
linux-image-4.4.0-1054-aws - 4.4.0-1054.63
linux-image-4.4.0-1086-raspi2 - 4.4.0-1086.94
linux-image-4.4.0-1088-snapdragon - 4.4.0-1088.93
linux-image-4.4.0-119-generic - 4.4.0-119.143
linux-image-4.4.0-119-generic-lpae - 4.4.0-119.143
linux-image-4.4.0-119-lowlatency - 4.4.0-119.143
linux-image-4.4.0-119-powerpc-e500mc - 4.4.0-119.143
linux-image-4.4.0-119-powerpc-smp - 4.4.0-119.143
linux-image-4.4.0-119-powerpc64-emb - 4.4.0-119.143
linux-image-4.4.0-119-powerpc64-smp - 4.4.0-119.143
linux-image-aws - 4.4.0.1054.56
linux-image-generic - 4.4.0.119.125
linux-image-generic-lpae - 4.4.0.119.125
linux-image-kvm - 4.4.0.1020.19
linux-image-lowlatency - 4.4.0.119.125
linux-image-powerpc-e500mc - 4.4.0.119.125
linux-image-powerpc-smp - 4.4.0.119.125
linux-image-powerpc64-emb - 4.4.0.119.125
linux-image-powerpc64-smp - 4.4.0.119.125
linux-image-raspi2 - 4.4.0.1086.86
linux-image-snapdragon - 4.4.0.1088.80

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References
Kategóriák: Securiy

USN-3617-3: Linux kernel (Raspberry Pi 2) vulnerabilities

Ubuntu security notices - 2018.04.04, sze - 21:17
linux-raspi2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
Summary

Several security issues were fixed in the Linux kernel.

Software Description
  • linux-raspi2 - Linux kernel for Raspberry Pi 2
Details

It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861)

It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129)

Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532)

Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537)

Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645)

Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646)

Andrey Konovalov discovered that the ASIX Ethernet USB driver in the Linux kernel did not properly handle suspend and resume events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16647)

Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16649)

Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16650)

It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16994)

It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448)

It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information. (CVE-2017-17741)

It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805)

It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806)

It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task’s default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)

It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204)

It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026)

It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5332)

Mohamed Ghannam discovered a null pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333)

范龙飞 discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 17.10
linux-image-4.13.0-1016-raspi2 - 4.13.0-1016.17
linux-image-raspi2 - 4.13.0.1016.14

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References
Kategóriák: Securiy

USN-3618-1: LibVNCServer vulnerability

Ubuntu security notices - 2018.04.04, sze - 17:43
libvncserver vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

LibVNCServer could be made to crash, expose sensitive information, or run programs if it received specially crafted network traffic.

Software Description
  • libvncserver - vnc server library
Details

It was discovered that LibVNCServer incorrectly handled certain packet lengths. A remote attacker able to connect to a LibVNCServer could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 17.10
libvncclient1 - 0.9.11+dfsg-1ubuntu0.1
libvncserver1 - 0.9.11+dfsg-1ubuntu0.1
Ubuntu 16.04 LTS
libvncserver1 - 0.9.10+dfsg-3ubuntu0.16.04.2
Ubuntu 14.04 LTS
libvncserver0 - 0.9.9+dfsg-1ubuntu1.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart LibVNCServer applications to make all the necessary changes.

References
Kategóriák: Securiy

USN-3617-2: Linux (HWE) vulnerabilities

Ubuntu security notices - 2018.04.03, k - 22:40
linux-hwe, linux-gcp, linux-oem vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in the Linux kernel.

Software Description
  • linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
  • linux-hwe - Linux hardware enablement (HWE) kernel
  • linux-oem - Linux kernel for OEM processors
Details

USN-3617-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS.

It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861)

It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407)

It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129)

Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532)

Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537)

Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645)

Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646)

Andrey Konovalov discovered that the ASIX Ethernet USB driver in the Linux kernel did not properly handle suspend and resume events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16647)

Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16649)

Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16650)

It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16994)

It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448)

It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information. (CVE-2017-17741)

It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805)

It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806)

It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a tasks’ default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)

It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204)

It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026)

It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5332)

Mohamed Ghannam discovered a null pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333)

范龙飞 discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
linux-image-4.13.0-1012-gcp - 4.13.0-1012.16
linux-image-4.13.0-1022-oem - 4.13.0-1022.24
linux-image-4.13.0-38-generic - 4.13.0-38.43~16.04.1
linux-image-4.13.0-38-generic-lpae - 4.13.0-38.43~16.04.1
linux-image-4.13.0-38-lowlatency - 4.13.0-38.43~16.04.1
linux-image-gcp - 4.13.0.1012.14
linux-image-generic-hwe-16.04 - 4.13.0.38.57
linux-image-generic-lpae-hwe-16.04 - 4.13.0.38.57
linux-image-gke - 4.13.0.1012.14
linux-image-lowlatency-hwe-16.04 - 4.13.0.38.57
linux-image-oem - 4.13.0.1022.26

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References
Kategóriák: Securiy

USN-3617-1: Linux kernel vulnerabilities

Ubuntu security notices - 2018.04.03, k - 21:43
linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
Summary

Several security issues were fixed in the Linux kernel.

Software Description
  • linux - Linux kernel
Details

It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861)

It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407)

It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129)

Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532)

Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537)

Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645)

Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646)

Andrey Konovalov discovered that the ASIX Ethernet USB driver in the Linux kernel did not properly handle suspend and resume events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16647)

Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16649)

Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16650)

It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16994)

It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448)

It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information. (CVE-2017-17741)

It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805)

It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806)

It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a tasks’ default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)

It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204)

It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026)

It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5332)

Mohamed Ghannam discovered a null pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333)

范龙飞 discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 17.10
linux-image-4.13.0-38-generic - 4.13.0-38.43
linux-image-4.13.0-38-generic-lpae - 4.13.0-38.43
linux-image-4.13.0-38-lowlatency - 4.13.0-38.43
linux-image-generic - 4.13.0.38.41
linux-image-generic-lpae - 4.13.0.38.41
linux-image-lowlatency - 4.13.0.38.41

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References
Kategóriák: Securiy

USN-3616-1: Python Crypto vulnerability

Ubuntu security notices - 2018.04.03, k - 19:53
python-crypto vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
Summary

Python Crypto could expose sensitive information.

Software Description
  • python-crypto - cryptographic algorithms and protocols for Python
Details

It was discovered that Python Crypto incorrectly generated ElGamal key parameters. A remote attacker could possibly use this issue to obtain sensitive information.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 17.10
python-crypto - 2.6.1-7ubuntu0.1
python3-crypto - 2.6.1-7ubuntu0.1
Ubuntu 16.04 LTS
python-crypto - 2.6.1-6ubuntu0.16.04.3
python3-crypto - 2.6.1-6ubuntu0.16.04.3
Ubuntu 14.04 LTS
python-crypto - 2.6.1-4ubuntu0.3
python3-crypto - 2.6.1-4ubuntu0.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References
Kategóriák: Securiy

Oldalak

Subscribe to Informatikai megoldások hírolvasó