Red Hat Security Advisory 2015-1139-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
edf6a2a888e1f12e7dc662266281129cfaba312336e0fc5b027d706bd9acab86Red Hat Security Advisory 2015-1137-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
b0d41a4e75261540327de9609c7f84e2f2c54a7eabc27611a2cfb4708a7cd5fdRed Hat Security Advisory 2015-1138-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
bc6b92e674b8c59bb4c70d6ba01e90053bbee07767a1b4dc571aa00572108c9eRed Hat Security Advisory 2015-1081-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
f850717f067dc5fbc24d473f0750598f7b3ddbe0c5961ad8568a8305fdcc444bMandriva Linux Security Advisory 2015-058 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644. arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU. Various other issues have also been addressed. The updated packages provides a solution for these security issues.
9e3286645b07ba09497f299f4db502238c2d94c89713da2d000ee34aeb276a28Ubuntu Security Notice 2515-2 - USN-2515-1 fixed vulnerabilities in the Linux kernel. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures. This update fixes the problem. A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. Various other issues were also addressed.
53baab56a79fe3971010064b4cef9abd6fb13fe2a27a242cc2c2dba794d3df3aUbuntu Security Notice 2516-3 - USN-2516-1 fixed vulnerabilities in the Linux kernel, and the fix in USN-2516-2 was incomplete. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures. This update fixes the problem. Various other issues were also addressed.
1a88ef9adcc3ea7c2604f0479fa1730a550192db416be0a49b7d6ed0f176098aUbuntu Security Notice 2516-2 - USN-2516-1 fixed vulnerabilities in the Linux kernel. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures. This update fixes the problem. A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. Various other issues were also addressed.
76903f6b56698c4952e01e1d34693ec01de15214367c1003f5d4153b94ec442fUbuntu Security Notice 2518-1 - A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
03584d0fcffadd6ca49b1e56d0b3d7d9ae8c678d2a96002a23311b725d15ff9aUbuntu Security Notice 2517-1 - A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
c2beb8818a02fe1fe50f205d50c8a8c8098205e9d6db7cb024d6c2c259ec35f5Ubuntu Security Notice 2516-1 - A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
867c10eb1c46d3dd5d476bf47cf8c230ef2d51da96ccd2b529ad846c96b4791bUbuntu Security Notice 2515-1 - A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
689a6f122c96b236c5a992bb616f2e866816f6de37648ac2056305f5cc906c16Ubuntu Security Notice 2493-1 - Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. A flaw was discovered with file renaming in the linux kernel. A local user could exploit this flaw to cause a denial of service (deadlock and system hang). Various other issues were also addressed.
78c1dcddff69907c427b2816efa40b8a09fbf6141aceb7afd6b3af9ee42f1518Ubuntu Security Notice 2491-1 - Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. Various other issues were also addressed.
19a2af96124543aaa352ea18ece1dd413cfb089cee4acb7401e035e68bc63c5cUbuntu Security Notice 2490-1 - Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. Prasad J Pandit reported a flaw in the rock_continue function of the Linux kernel's ISO 9660 CDROM file system. A local user could exploit this flaw to cause a denial of service (system crash or hang). Various other issues were also addressed.
9ee17d00db7459bc6c51e01f25a03c93b528f10b6763878bf01be7960f03a2edUbuntu Security Notice 2492-1 - Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. A flaw was discovered with file renaming in the linux kernel. A local user could exploit this flaw to cause a denial of service (deadlock and system hang). Various other issues were also addressed.
8dad5e507e46c620d936929ce8e358be1f8fa17509f76d943ec58a0fdb565fc7Mandriva Linux Security Advisory 2015-027 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c. Various other issues have also been addressed. The updated packages provides a solution for these security issues.
8db2a8779b1b5045f0e914377584f2e707328f0f91ef09e5a26429ff9fa5d67c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed