Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:32205
HistoryJun 13, 2015 - 12:00 a.m.

[USN-2631-1] Linux kernel vulnerabilities

2015-06-1300:00:00
vulners.com
17
JSON

==========================================================================
Ubuntu Security Notice USN-2631-1
June 10, 2015

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:

  • linux: Linux kernel

Details:

Jan Beulich discovered the Xen virtual machine subsystem of the Linux
kernel did not properly restrict access to PCI command registers. A local
guest user could exploit this flaw to cause a denial of service (host
crash). (CVE-2015-2150)

A privilege escalation was discovered in the fork syscall via the int80
entry on 64 bit kernels with 32 bit emulation support. An unprivileged
local attacker could exploit this flaw to increase their privileges on the
system. (CVE-2015-2830)

A memory corruption issue was discovered in AES decryption when using the
Intel AES-NI accelerated code path. A remote attacker could exploit this
flaw to cause a denial of service (system crash) or potentially escalate
privileges on Intel base machines with AEC-GCM mode IPSec security
association. (CVE-2015-3331)

Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping
support. A local user could exploit this flaw to cause a denial of service
(system crash) or gain administrative privileges on the system.
(CVE-2015-3636)

Carl H Lunde discovered missing sanity checks in the the Linux kernel's UDF
file system (CONFIG_UDF_FS). A local attack could exploit this flaw to cause
a denial of service (system crash) by using a corrupted filesystem image.
(CVE-2015-4167)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.2.0-85-generic 3.2.0-85.122
linux-image-3.2.0-85-generic-pae 3.2.0-85.122
linux-image-3.2.0-85-highbank 3.2.0-85.122
linux-image-3.2.0-85-omap 3.2.0-85.122
linux-image-3.2.0-85-powerpc-smp 3.2.0-85.122
linux-image-3.2.0-85-powerpc64-smp 3.2.0-85.122
linux-image-3.2.0-85-virtual 3.2.0-85.122

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2631-1
CVE-2015-2150, CVE-2015-2830, CVE-2015-3331, CVE-2015-3636,
CVE-2015-4167

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.2.0-85.122

– ubuntu-security-announce mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Related

ubuntu 12
nessus 57
openvas 38
amazon 1
debian 4
osv 2
securityvulns 6
mageia 3
prion 6
cve 6
redhat 7
f5 10
debiancve 6
ubuntucve 7
centos 2
veracode 1
thn 1
android 2
cloudfoundry 1
fedora 3
oraclelinux 13
suse 8
xen 1
talosblog 1
ibm 1
ubuntu
ubuntu
Linux kernel (OMAP4) vulnerabilities
2015-06-10 00:00:00
Linux kernel vulnerabilities
2015-06-10 00:00:00
Linux kernel vulnerabilities
2015-05-20 00:00:00
nessus
nessus
Ubuntu 12.04 LTS : linux vulnerabilities (USN-2631-1)
2015-06-11 00:00:00
Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2613-1)
2015-05-21 00:00:00
Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-2614-1)
2015-05-21 00:00:00
openvas
openvas
Ubuntu Update for linux-ti-omap4 USN-2632-1
2015-06-11 00:00:00
Ubuntu Update for linux USN-2631-1
2015-06-11 00:00:00
Ubuntu Update for linux-lts-trusty USN-2613-1
2015-06-09 00:00:00
amazon
amazon
Medium: kernel
2015-05-14 14:27:00
debian
debian
[SECURITY] [DSA 3290-1] linux security update
2015-06-18 06:58:51
[SECURITY] [DSA 3290-1] linux security update
2015-06-18 06:58:51
[SECURITY] [DSA 3237-1] linux security update
2015-04-26 12:37:13
osv
osv
linux - security update
2015-06-18 00:00:00
linux - security update
2015-04-26 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3290-1] linux security update
2015-06-21 00:00:00
[USN-2590-1] Linux kernel vulnerabilities
2015-05-05 00:00:00
Linux kernel security vulnerabilities
2015-06-21 00:00:00
mageia
mageia
Updated kernel-tmb packages fix security vulnerabilities
2015-05-13 18:54:07
Updated kernel package fixes security vulnerabilities
2015-05-01 00:57:25
Updated kernel-linus package fixes security vulnerabilities
2015-05-01 00:57:25
prion
prion
Integer overflow
2015-08-05 18:59:00
Command injection
2015-03-12 14:59:00
Buffer overflow
2015-05-27 10:59:00
cve
cve
CVE-2015-2150
2015-03-12 14:59:00
CVE-2015-4167
2015-08-05 18:59:00
CVE-2015-3331
2015-05-27 10:59:00
redhat
redhat
(RHSA-2015:0989) Important: kernel-rt security, bug fix, and enhancement update
2015-05-12 00:00:00
(RHSA-2015:0981) Important: kernel-rt security, bug fix, and enhancement update
2015-05-12 20:50:51
(RHSA-2015:0987) Important: kernel security and bug fix update
2015-05-12 00:00:00
f5
f5
SOL17321 - Linux kernel UDF vulnerability CVE-2015-4167
2015-09-25 00:00:00
K17321 : Linux kernel UDF vulnerability CVE-2015-4167
2015-09-25 00:00:00
K16819 : Linux kernel vulnerability CVE-2015-3331
2015-06-30 00:00:00
debiancve
debiancve
CVE-2015-4167
2015-08-05 18:59:00
CVE-2015-3331
2015-05-27 10:59:00
CVE-2015-2150
2015-03-12 14:59:00
ubuntucve
ubuntucve
CVE-2015-4167
2015-06-03 00:00:00
CVE-2015-3331
2015-04-21 00:00:00
CVE-2015-2150
2015-03-12 00:00:00
centos
centos
kernel, perf, python security update
2015-05-13 16:57:56
kernel, perf, python security update
2015-07-15 15:04:33
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:05:52
thn
thn
New Android Malware Secretly Records Phone Calls and Steals Private Data
2018-04-03 14:21:00
android
android
CVE-2015-3636
2015-09-01 00:00:00
PingPongRoot
2015-05-08 00:00:00
cloudfoundry
cloudfoundry
CVE-2015-3636 - ipv4 use-after-free | Cloud Foundry
2015-06-12 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: kernel-4.0.2-300.fc22
2015-05-11 19:03:23
[SECURITY] Fedora 22 Update: kernel-4.0.0-0.rc4.git0.1.fc22
2015-03-22 04:43:08
[SECURITY] Fedora 22 Update: kernel-4.0.0-1.fc22
2015-04-23 16:07:26
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security and bugfix update
2015-05-13 00:00:00
kernel security, bug fix, and enhancement update
2015-07-14 00:00:00
Unbreakable Enterprise kernel security and bugfix update
2015-05-13 00:00:00
suse
suse
Security update for the Real Time Linux Kernel (important)
2015-08-12 19:09:18
Security Update for Linux Kernel (important)
2015-04-02 21:04:54
Security update for the Linux Kernel (important)
2015-09-02 15:10:18
xen
xen
Non-maskable interrupts triggerable by guests
2015-03-10 12:00:00
talosblog
talosblog
Fake AV Investigation Unearths KevDroid, New Android Malware
2018-04-02 08:48:00
ibm
ibm
Security Bulletin: IBM Security Directory Suite is affected by multiple vulnerabilities (CVE-2016-10142, CVE-2015-3331, CVE-2014-2523)
2019-03-28 17:55:02
JSON
Related for SECURITYVULNS:DOC:32205
ubuntu12nessus57openvas38amazon1debian4osv2securityvulns6mageia3prion6cve6redhat7f510debiancve6ubuntucve7centos2veracode1thn1android2cloudfoundry1fedora3oraclelinux13suse8xen1talosblog1ibm1