==========================================================================
Ubuntu Security Notice USN-2468-1
January 13, 2015

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.10

Summary:

Several security issues were fixed in the kernel.

Software Description:
– linux: Linux kernel

Details:

A null pointer dereference flaw was discovered in the the Linux kernel’s
SCTP implementation when ASCONF is used. A remote attacker could exploit
this flaw to cause a denial of service (system crash) via a malformed INIT
chunk. (CVE-2014-7841)

A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual
Machine) subsystem of the Linux kernel was discovered. A guest OS user
could exploit this flaw to cause a denial of service (guest OS crash) via a
specially crafted application. (CVE-2014-7842)

Miloš Prchlík reported a flaw in how the ARM64 platform handles a single
byte overflow in __clear_user. A local user could exploit this flaw to
cause a denial of service (system crash) by reading one byte beyond a
/dev/zero page boundary. (CVE-2014-7843)

A stack buffer overflow was discovered in the ioctl command handling for
the Technotrend/Hauppauge USB DEC devices driver. A local user could
exploit this flaw to cause a denial of service (system crash) or possibly
gain privileges. (CVE-2014-8884)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
linux-image-3.16.0-29-generic 3.16.0-29.39
linux-image-3.16.0-29-generic-lpae 3.16.0-29.39
linux-image-3.16.0-29-lowlatency 3.16.0-29.39
linux-image-3.16.0-29-powerpc-e500mc 3.16.0-29.39
linux-image-3.16.0-29-powerpc-smp 3.16.0-29.39
linux-image-3.16.0-29-powerpc64-emb 3.16.0-29.39
linux-image-3.16.0-29-powerpc64-smp 3.16.0-29.39

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2468-1
CVE-2014-7841, CVE-2014-7842, CVE-2014-7843, CVE-2014-8884

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.16.0-29.39

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJUtRVjAAoJEAUvNnAY1cPYiHQP/2lcARNFVj6Kmtd+S5d7ze+Y
ytN8DBg+FPCjRG1uX3pAvUGab3FYNZlbyIZRVHP6pIgd57a2DFfMbYxoetBdcsEF
QsyxoAeelI1PMhqXG4NUijeC3jq3eQEIL9HxlOIoZOnRxP5t4X+Mdj7vyM/ugsGS
BzJPdPEUx5sGRiyomEdFiP1POjRwpB35M0gm4Odaysg6g2AfCbAOrxR5ocH9Nhpj
CSw79pqYl0eW85wL0+9+e1AM+MOH8AvTxbqbHBlc79Q623ZQUYHWeZh44JlX+7Dh
fDjcGeSg/ulNUORg5CcVWseZfOYcz+pVF1p8TXtMD2tKDRf7i7maxkl/dyq1aA0L
r8/i57Q3QvNXuecS4Rziw7TSOgU5pyuC4kP/GWYHIKfG3gJ1iry5MqXXiVLvvWc4
O0yXyRoHiweS8kaweebcSbVl7cMHB+LtjyH6m+MnIcMF0MGWkcrTegJk1CX2xxe2
aZkBwrXkFcF/drQQiXu+9TWsd+xlPQGa/msic3BPz5G6b2xG/afc2sgnEuQWFRJV
y8V0zOv5i3YHKdxv68ClZYnQEieJSXZq+81oEuESb8rSQi36iIgkVw5Ld4BxrRCD
sBBD+cOps1WohZq/8XbP3VGbGlllfC44KEEiF4b2PAehOGd6Tupq54MCXEY2qQ0F
RRuEWhHVU8PaY1Ljy6s8
=DX/7
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2467-1
January 13, 2015

linux-lts-utopic vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
– linux-lts-utopic: Linux hardware enablement kernel from Utopic

Details:

A null pointer dereference flaw was discovered in the the Linux kernel’s
SCTP implementation when ASCONF is used. A remote attacker could exploit
this flaw to cause a denial of service (system crash) via a malformed INIT
chunk. (CVE-2014-7841)

A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual
Machine) subsystem of the Linux kernel was discovered. A guest OS user
could exploit this flaw to cause a denial of service (guest OS crash) via a
specially crafted application. (CVE-2014-7842)

Miloš Prchlík reported a flaw in how the ARM64 platform handles a single
byte overflow in __clear_user. A local user could exploit this flaw to
cause a denial of service (system crash) by reading one byte beyond a
/dev/zero page boundary. (CVE-2014-7843)

A stack buffer overflow was discovered in the ioctl command handling for
the Technotrend/Hauppauge USB DEC devices driver. A local user could
exploit this flaw to cause a denial of service (system crash) or possibly
gain privileges. (CVE-2014-8884)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-3.16.0-29-generic 3.16.0-29.39~14.04.1
linux-image-3.16.0-29-generic-lpae 3.16.0-29.39~14.04.1
linux-image-3.16.0-29-lowlatency 3.16.0-29.39~14.04.1
linux-image-3.16.0-29-powerpc-e500mc 3.16.0-29.39~14.04.1
linux-image-3.16.0-29-powerpc-smp 3.16.0-29.39~14.04.1
linux-image-3.16.0-29-powerpc64-emb 3.16.0-29.39~14.04.1
linux-image-3.16.0-29-powerpc64-smp 3.16.0-29.39~14.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2467-1
CVE-2014-7841, CVE-2014-7842, CVE-2014-7843, CVE-2014-8884

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-utopic/3.16.0-29.39~14.04.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJUtRSrAAoJEAUvNnAY1cPYFYQP/0a+BIb09vq/eXkEsCfpJl45
Hl7uni6sfW95Bu1V3po1aP2qVcWd0UOAfeTAhVtYKD/jNlAwO2JN3xS/06s1HSn2
c2lE/P7gvoT/QW1DjCut+aGvX1UuSj6Se9q4i0MGCVmSfQpoYEeimf9K8OENj632
Egd2rW+YQk/usAZE4qOILD/h8/ZgHNXkH8PCjg5Q+k9j934oJXt3vmNtF4lYwK80
/r6GovtNklQt1qDWPZ1X7QNy5Y4do/Uj7d3VdWm7vCHrGbHgrlbqGqlmmcAICZP2
Uo5ppjWlNZ5219Xpf0vmWWFnADGZFFck8rU5FmuCreok+VEac/T2H/syl8vg4y0t
p9wghEnWusT09+vmlJxQyJoD7/lZi+7AAQh2hevBXX5kluKPx7mhoYn04Xb1RSr1
20LHbY8kMuxa9ZQXS8bTXiYeIYXTFUYm+NCAWaccqEXOX+V5Eu4qQlbKV+iLb/TL
Mx2kmxkzpf87O7LfIQVJ+gDWc4jLlwQT9CaqCyKn5gi3kKQc+iG9HWsphSnCp721
r27Sw/mJpUWF9jN01pIElKpxwPtbDR4tN8EHAkC5yKBHiNQmOOtPvTnl1LkpTrBT
juER+3AbQ+GQT5W96KFUdzXwsRvGvsZtotGhn+C4b4tkGaNZrcoeIrGHsnq0SHcl
APmPA4zwsCp5CiSvdW04
=ZtxE
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2466-1
January 13, 2015

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
– linux: Linux kernel

Details:

A null pointer dereference flaw was discovered in the the Linux kernel’s
SCTP implementation when ASCONF is used. A remote attacker could exploit
this flaw to cause a denial of service (system crash) via a malformed INIT
chunk. (CVE-2014-7841)

A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual
Machine) subsystem of the Linux kernel was discovered. A guest OS user
could exploit this flaw to cause a denial of service (guest OS crash) via a
specially crafted application. (CVE-2014-7842)

Miloš Prchlík reported a flaw in how the ARM64 platform handles a single
byte overflow in __clear_user. A local user could exploit this flaw to
cause a denial of service (system crash) by reading one byte beyond a
/dev/zero page boundary. (CVE-2014-7843)

A stack buffer overflow was discovered in the ioctl command handling for
the Technotrend/Hauppauge USB DEC devices driver. A local user could
exploit this flaw to cause a denial of service (system crash) or possibly
gain privileges. (CVE-2014-8884)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-3.13.0-44-generic 3.13.0-44.73
linux-image-3.13.0-44-generic-lpae 3.13.0-44.73
linux-image-3.13.0-44-lowlatency 3.13.0-44.73
linux-image-3.13.0-44-powerpc-e500 3.13.0-44.73
linux-image-3.13.0-44-powerpc-e500mc 3.13.0-44.73
linux-image-3.13.0-44-powerpc-smp 3.13.0-44.73
linux-image-3.13.0-44-powerpc64-emb 3.13.0-44.73
linux-image-3.13.0-44-powerpc64-smp 3.13.0-44.73

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2466-1
CVE-2014-7841, CVE-2014-7842, CVE-2014-7843, CVE-2014-8884

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-44.73

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJUtRPqAAoJEAUvNnAY1cPYtcgP/RheK5IDFmnA2Y0TMfNY8bzV
4MPl19t7HR73A4rSGkITKR7nKb4L3bDDIoIoFkRadxfhebKtts2bI5DRHsDXa69l
9tRqBz+mQSY72Ku+cImVowLqzvY+yo5Uh6tXeHJOdUtl4hrAQOb3Yy/aL+GEeyrd
FAWVuu36m9HPS6sm0mhOFBNgQ3e+Hr/nd7tioFq/KdT5ypqjfMlD0Y+NJ/UpB2SC
qBgKKMeINZAnFP028X0On5UmuVf5Z6P01CGQIpAnU6xsGBQ1r8RbeqrEVP/98+FU
TxM7j7oSNfyGYFZkiYzo90W8GwtlRqrKN79tLXTdryaR6HzlQ2KrUQMAEHKK5w+Y
KWKxYtKIGiG0YXJ7vnb5WJSNiWv/tHT2/oeOWLL/IZv5yiTfCQXrkhJ76wXs3r2a
eyCjPIQ5o9bb7/9uksksbXQ81JOEWar22y0kmuNhtcUYBWEvR29xhsdM/RF3eqsw
RS+NvzEbce9Xs9IkI0c7IXRuu2dzl/QsZoBKCgwJtOU1xwFG8J8dw7EHJvKFyDK1
QS0qj0C5N8WaskKxykiK+YXpPA7/iexv5Ibw5laG0+kM3thPkuAe9aFo/Oeqqbj4
thURUxLnIkSuVkhb9cdLmeDIBtgzZcmsoMQNssQA1WeREsdt2HKPOoa+nKpVar06
22Od57dM5LQ0nPGXDX7a
=mVSb
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2465-1
January 13, 2015

linux-lts-trusty vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
– linux-lts-trusty: Linux hardware enablement kernel from Trusty

Details:

A null pointer dereference flaw was discovered in the the Linux kernel’s
SCTP implementation when ASCONF is used. A remote attacker could exploit
this flaw to cause a denial of service (system crash) via a malformed INIT
chunk. (CVE-2014-7841)

A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual
Machine) subsystem of the Linux kernel was discovered. A guest OS user
could exploit this flaw to cause a denial of service (guest OS crash) via a
specially crafted application. (CVE-2014-7842)

Miloš Prchlík reported a flaw in how the ARM64 platform handles a single
byte overflow in __clear_user. A local user could exploit this flaw to
cause a denial of service (system crash) by reading one byte beyond a
/dev/zero page boundary. (CVE-2014-7843)

A stack buffer overflow was discovered in the ioctl command handling for
the Technotrend/Hauppauge USB DEC devices driver. A local user could
exploit this flaw to cause a denial of service (system crash) or possibly
gain privileges. (CVE-2014-8884)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.13.0-44-generic 3.13.0-44.73~precise1
linux-image-3.13.0-44-generic-lpae 3.13.0-44.73~precise1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2465-1
CVE-2014-7841, CVE-2014-7842, CVE-2014-7843, CVE-2014-8884

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-44.73~precise1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJUtRPHAAoJEAUvNnAY1cPYvqQP/3+ECjcuvINjgfHywjUt0lKK
F3BvcXuwZU+TiA2dIDsnGiqz3s/l9zzD3oCSCLnwUThLWuRjV1Z3xYQYUylHQSvW
rCi1bty5cBs8C565CggP+fPfdDYwOjgxRjh/iAi6lOesbDR37Xw7Se/UZ2YC7J/k
++C7pjE5+ER+Us65d2prbJn56ryqSvrZabdGqaV4tkci6esM0kYujsPHtRxZru2R
zYhxFqOZpap0F57T19ZsQH5l+ISpa+YjObK7hiaDu3xMEHowbu8rgbwsYER88doJ
OxAZ/JSOTRS3RcBfYTzFKLDy7jJ8tjXvZSWlv2V9Q3eI09/DA8ObO/2Ec2hlI8iV
Iu/tH8BRREAAh3GUqGKlNT5ZSMneSM1G+hvfazYVHeWonVQnqIQmqBQk/Zu+hsHj
A18kE5kEsGVDP8I3ZyyJhPFoRMfQG4gELPvte0yRCbikOZyfyChPJTiZ7gf+m8gp
7B0IonOzMqBvOn5zEr9E+pHhM8axfG9avL3YSIlYYXgvIOckrRM3MdfTOGDqtgo0
XFWETdeLtFD2BK2JxzXgUEm7B/0Uw0Ipt72yrVX9kgXHqUHRiloLsNPTsKIQW9mH
sTjfR6QjgeU3K2O9cfYQOZK0YXB0yx2KQIVrC35R3TOvNEjMR4ydg0XEFO2AHRKg
q8j/zzo/Wua54VIsu+N+
=2b2y
—–END PGP SIGNATURE—–
—