星球

Blog:Ubuntu security notices


最後更新: 2016/10/4 19:54:36
RSS | RDF | ATOM

USN-3068-1: Libidn vulnerabilities

2016/9/2 17:08:07 | Ubuntu security notices

Ubuntu Security Notice USN-3068-1


24th August, 2016


libidn vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 16.04 LTS


  • Ubuntu 14.04 LTS


  • Ubuntu 12.04 LTS





Summary


Several security issues were fixed in Libidn.





Software description





  • libidn
    - implementation of IETF IDN specifications











Details


Thijs Alkemade, Gustavo Grieco, Daniel Stenberg, and Nikos
Mavrogiannopoulos discovered that Libidn incorrectly handled invalid UTF-8
characters. A remote attacker could use this issue to cause Libidn to
crash, resulting in a denial of service, or possibly disclose sensitive
memory. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2015-2059)



Hanno Böck discovered that Libidn incorrectly handled certain input. A
remote attacker could possibly use this issue to cause Libidn to crash,
resulting in a denial of service. (CVE-2015-8948, CVE-2016-6262,
CVE-2016-6261, CVE-2016-6263)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 16.04 LTS:




libidn11

1.32-3ubuntu1.1





Ubuntu 14.04 LTS:




libidn11

1.28-1ubuntu2.1





Ubuntu 12.04 LTS:




libidn11

1.23-2ubuntu0.1






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


In general, a standard system update will make all the necessary changes.





References




CVE-2015-2059,

CVE-2015-8948,

CVE-2016-6261,

CVE-2016-6262,

CVE-2016-6263


USN-3069-1: Eye of GNOME vulnerability

2016/9/2 17:08:07 | Ubuntu security notices

Ubuntu Security Notice USN-3069-1


25th August, 2016


eog vulnerability


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 16.04 LTS


  • Ubuntu 14.04 LTS


  • Ubuntu 12.04 LTS





Summary


Eye of GNOME could be made to crash or run programs as your login if it
opened a specially crafted image.





Software description





  • eog
    - Eye of GNOME graphics viewer program











Details


It was discovered that Eye of GNOME incorrectly handled certain invalid
UTF-8 strings. If a user were tricked into opening a specially-crafted
image, a remote attacker could use this issue to cause Eye of GNOME to
crash, resulting in a denial of service, or possibly execute arbitrary
code.



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 16.04 LTS:




eog

3.18.2-1ubuntu2.1





Ubuntu 14.04 LTS:




eog

3.10.2-0ubuntu5.2





Ubuntu 12.04 LTS:




eog

3.4.2-0ubuntu1.3






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


In general, a standard system update will make all the necessary changes.





References




CVE-2016-6855


USN-3070-1: Linux kernel vulnerabilities

2016/9/2 17:08:07 | Ubuntu security notices

Ubuntu Security Notice USN-3070-1


29th August, 2016


linux vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 16.04 LTS





Summary


Several security issues were fixed in the kernel.





Software description





  • linux
    - Linux kernel







Details


A missing permission check when settings ACLs was discovered in nfsd. A
local user could exploit this flaw to gain access to any file by setting an
ACL. (CVE-2016-1237)



Kangjie Lu discovered an information leak in the Reliable Datagram Sockets
(RDS) implementation in the Linux kernel. A local attacker could use this
to obtain potentially sensitive information from kernel memory.
(CVE-2016-5244)



James Patrick-Evans discovered that the airspy USB device driver in the
Linux kernel did not properly handle certain error conditions. An attacker
with physical access could use this to cause a denial of service (memory
consumption). (CVE-2016-5400)



Yue Cao et al discovered a flaw in the TCP implementation's handling of
challenge acks in the Linux kernel. A remote attacker could use this to
cause a denial of service (reset connection) or inject content into an TCP
stream. (CVE-2016-5696)



Pengfei Wang discovered a race condition in the MIC VOP driver in the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash) or obtain potentially sensitive information from kernel
memory. (CVE-2016-5728)



Cyril Bur discovered that on PowerPC platforms, the Linux kernel mishandled
transactional memory state on exec(). A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2016-5828)



It was discovered that a heap based buffer overflow existed in the USB HID
driver in the Linux kernel. A local attacker could use this cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2016-5829)



It was discovered that the OverlayFS implementation in the Linux kernel did
not properly verify dentry state before proceeding with unlink and rename
operations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2016-6197)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 16.04 LTS:




linux-image-4.4.0-36-generic-lpae

4.4.0-36.55






linux-image-4.4.0-36-powerpc64-smp

4.4.0-36.55






linux-image-4.4.0-36-powerpc-e500mc

4.4.0-36.55






linux-image-4.4.0-36-powerpc64-emb

4.4.0-36.55






linux-image-4.4.0-36-lowlatency

4.4.0-36.55






linux-image-4.4.0-36-generic

4.4.0-36.55






linux-image-4.4.0-36-powerpc-smp

4.4.0-36.55






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


After a standard system update you need to reboot your computer to make
all the necessary changes.



ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.





References




CVE-2016-1237,

CVE-2016-5244,

CVE-2016-5400,

CVE-2016-5696,

CVE-2016-5728,

CVE-2016-5828,

CVE-2016-5829,

CVE-2016-6197


USN-3070-2: Linux kernel (Raspberry Pi 2) vulnerabilities

2016/9/2 17:08:07 | Ubuntu security notices

Ubuntu Security Notice USN-3070-2


30th August, 2016


linux-raspi2 vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 16.04 LTS





Summary


Several security issues were fixed in the kernel.





Software description





  • linux-raspi2
    - Linux kernel for Raspberry Pi 2







Details


A missing permission check when settings ACLs was discovered in nfsd. A
local user could exploit this flaw to gain access to any file by setting an
ACL. (CVE-2016-1237)



Kangjie Lu discovered an information leak in the Reliable Datagram Sockets
(RDS) implementation in the Linux kernel. A local attacker could use this
to obtain potentially sensitive information from kernel memory.
(CVE-2016-5244)



James Patrick-Evans discovered that the airspy USB device driver in the
Linux kernel did not properly handle certain error conditions. An attacker
with physical access could use this to cause a denial of service (memory
consumption). (CVE-2016-5400)



Yue Cao et al discovered a flaw in the TCP implementation's handling of
challenge acks in the Linux kernel. A remote attacker could use this to
cause a denial of service (reset connection) or inject content into an TCP
stream. (CVE-2016-5696)



Pengfei Wang discovered a race condition in the MIC VOP driver in the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash) or obtain potentially sensitive information from kernel
memory. (CVE-2016-5728)



Cyril Bur discovered that on PowerPC platforms, the Linux kernel mishandled
transactional memory state on exec(). A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2016-5828)



It was discovered that a heap based buffer overflow existed in the USB HID
driver in the Linux kernel. A local attacker could use this cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2016-5829)



It was discovered that the OverlayFS implementation in the Linux kernel did
not properly verify dentry state before proceeding with unlink and rename
operations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2016-6197)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 16.04 LTS:




linux-image-4.4.0-1021-raspi2

4.4.0-1021.27






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


After a standard system update you need to reboot your computer to make
all the necessary changes.



ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.





References




CVE-2016-1237,

CVE-2016-5244,

CVE-2016-5400,

CVE-2016-5696,

CVE-2016-5728,

CVE-2016-5828,

CVE-2016-5829,

CVE-2016-6197


USN-3070-3: Linux kernel (Qualcomm Snapdragon) vulnerabilities

2016/9/2 17:08:07 | Ubuntu security notices

Ubuntu Security Notice USN-3070-3


30th August, 2016


linux-snapdragon vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 16.04 LTS





Summary


Several security issues were fixed in the kernel.





Software description





  • linux-snapdragon
    - Linux kernel for Snapdragon Processors







Details


A missing permission check when settings ACLs was discovered in nfsd. A
local user could exploit this flaw to gain access to any file by setting an
ACL. (CVE-2016-1237)



Kangjie Lu discovered an information leak in the Reliable Datagram Sockets
(RDS) implementation in the Linux kernel. A local attacker could use this
to obtain potentially sensitive information from kernel memory.
(CVE-2016-5244)



James Patrick-Evans discovered that the airspy USB device driver in the
Linux kernel did not properly handle certain error conditions. An attacker
with physical access could use this to cause a denial of service (memory
consumption). (CVE-2016-5400)



Yue Cao et al discovered a flaw in the TCP implementation's handling of
challenge acks in the Linux kernel. A remote attacker could use this to
cause a denial of service (reset connection) or inject content into an TCP
stream. (CVE-2016-5696)



Pengfei Wang discovered a race condition in the MIC VOP driver in the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash) or obtain potentially sensitive information from kernel
memory. (CVE-2016-5728)



Cyril Bur discovered that on PowerPC platforms, the Linux kernel mishandled
transactional memory state on exec(). A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2016-5828)



It was discovered that a heap based buffer overflow existed in the USB HID
driver in the Linux kernel. A local attacker could use this cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2016-5829)



It was discovered that the OverlayFS implementation in the Linux kernel did
not properly verify dentry state before proceeding with unlink and rename
operations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2016-6197)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 16.04 LTS:




linux-image-4.4.0-1024-snapdragon

4.4.0-1024.27






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


After a standard system update you need to reboot your computer to make
all the necessary changes.



ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.





References




CVE-2016-1237,

CVE-2016-5244,

CVE-2016-5400,

CVE-2016-5696,

CVE-2016-5728,

CVE-2016-5828,

CVE-2016-5829,

CVE-2016-6197


USN-3070-4: Linux kernel (Xenial HWE) vulnerabilities

2016/9/2 17:08:07 | Ubuntu security notices

Ubuntu Security Notice USN-3070-4


30th August, 2016


linux-lts-xenial vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 14.04 LTS





Summary


Several security issues were fixed in the kernel.





Software description





  • linux-lts-xenial
    - Linux hardware enablement kernel from Xenial for Trusty







Details


USN-3070-1 fixed vulnerabilities in the Linux kernel for Ubuntu
16.04 LTS. This update provides the corresponding updates for the
Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for
Ubuntu 14.04 LTS.



A missing permission check when settings ACLs was discovered in nfsd. A
local user could exploit this flaw to gain access to any file by setting an
ACL. (CVE-2016-1237)



Kangjie Lu discovered an information leak in the Reliable Datagram Sockets
(RDS) implementation in the Linux kernel. A local attacker could use this
to obtain potentially sensitive information from kernel memory.
(CVE-2016-5244)



James Patrick-Evans discovered that the airspy USB device driver in the
Linux kernel did not properly handle certain error conditions. An attacker
with physical access could use this to cause a denial of service (memory
consumption). (CVE-2016-5400)



Yue Cao et al discovered a flaw in the TCP implementation's handling of
challenge acks in the Linux kernel. A remote attacker could use this to
cause a denial of service (reset connection) or inject content into an TCP
stream. (CVE-2016-5696)



Pengfei Wang discovered a race condition in the MIC VOP driver in the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash) or obtain potentially sensitive information from kernel
memory. (CVE-2016-5728)



Cyril Bur discovered that on PowerPC platforms, the Linux kernel mishandled
transactional memory state on exec(). A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2016-5828)



It was discovered that a heap based buffer overflow existed in the USB HID
driver in the Linux kernel. A local attacker could use this cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2016-5829)



It was discovered that the OverlayFS implementation in the Linux kernel did
not properly verify dentry state before proceeding with unlink and rename
operations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2016-6197)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 14.04 LTS:




linux-image-4.4.0-36-generic-lpae

4.4.0-36.55~14.04.1






linux-image-4.4.0-36-powerpc64-smp

4.4.0-36.55~14.04.1






linux-image-4.4.0-36-powerpc-e500mc

4.4.0-36.55~14.04.1






linux-image-4.4.0-36-powerpc64-emb

4.4.0-36.55~14.04.1






linux-image-4.4.0-36-lowlatency

4.4.0-36.55~14.04.1






linux-image-4.4.0-36-generic

4.4.0-36.55~14.04.1






linux-image-4.4.0-36-powerpc-smp

4.4.0-36.55~14.04.1






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


After a standard system update you need to reboot your computer to make
all the necessary changes.



ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.





References




CVE-2016-1237,

CVE-2016-5244,

CVE-2016-5400,

CVE-2016-5696,

CVE-2016-5728,

CVE-2016-5828,

CVE-2016-5829,

CVE-2016-6197


USN-3071-1: Linux kernel vulnerabilities

2016/9/2 17:08:07 | Ubuntu security notices

Ubuntu Security Notice USN-3071-1


29th August, 2016


linux vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 14.04 LTS





Summary


Several security issues were fixed in the kernel.





Software description





  • linux
    - Linux kernel







Details


Kangjie Lu discovered an information leak in the Reliable Datagram Sockets
(RDS) implementation in the Linux kernel. A local attacker could use this
to obtain potentially sensitive information from kernel memory.
(CVE-2016-5244)



Yue Cao et al discovered a flaw in the TCP implementation's handling of
challenge acks in the Linux kernel. A remote attacker could use this to
cause a denial of service (reset connection) or inject content into an TCP
stream. (CVE-2016-5696)



Pengfei Wang discovered a race condition in the MIC VOP driver in the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash) or obtain potentially sensitive information from kernel
memory. (CVE-2016-5728)



Cyril Bur discovered that on PowerPC platforms, the Linux kernel mishandled
transactional memory state on exec(). A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2016-5828)



It was discovered that a heap based buffer overflow existed in the USB HID
driver in the Linux kernel. A local attacker could use this cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2016-5829)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 14.04 LTS:




linux-image-3.13.0-95-powerpc64-smp

3.13.0-95.142






linux-image-3.13.0-95-generic-lpae

3.13.0-95.142






linux-image-3.13.0-95-powerpc-e500mc

3.13.0-95.142






linux-image-3.13.0-95-lowlatency

3.13.0-95.142






linux-image-3.13.0-95-powerpc64-emb

3.13.0-95.142






linux-image-3.13.0-95-generic

3.13.0-95.142






linux-image-3.13.0-95-powerpc-smp

3.13.0-95.142






linux-image-3.13.0-95-powerpc-e500

3.13.0-95.142






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


After a standard system update you need to reboot your computer to make
all the necessary changes.



ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.





References




CVE-2016-5244,

CVE-2016-5696,

CVE-2016-5728,

CVE-2016-5828,

CVE-2016-5829


USN-3071-2: Linux kernel (Trusty HWE) vulnerabilities

2016/9/2 17:08:07 | Ubuntu security notices

Ubuntu Security Notice USN-3071-2


29th August, 2016


linux-lts-trusty vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 12.04 LTS





Summary


Several security issues were fixed in the kernel.





Software description





  • linux-lts-trusty
    - Linux hardware enablement kernel from Trusty for Precise







Details


USN-3071-1 fixed vulnerabilities in the Linux kernel for Ubuntu
14.04 LTS. This update provides the corresponding updates for the
Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for
Ubuntu 12.04 LTS.



Kangjie Lu discovered an information leak in the Reliable Datagram Sockets
(RDS) implementation in the Linux kernel. A local attacker could use this
to obtain potentially sensitive information from kernel memory.
(CVE-2016-5244)



Yue Cao et al discovered a flaw in the TCP implementation's handling of
challenge acks in the Linux kernel. A remote attacker could use this to
cause a denial of service (reset connection) or inject content into an TCP
stream. (CVE-2016-5696)



Pengfei Wang discovered a race condition in the MIC VOP driver in the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash) or obtain potentially sensitive information from kernel
memory. (CVE-2016-5728)



Cyril Bur discovered that on PowerPC platforms, the Linux kernel mishandled
transactional memory state on exec(). A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2016-5828)



It was discovered that a heap based buffer overflow existed in the USB HID
driver in the Linux kernel. A local attacker could use this cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2016-5829)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 12.04 LTS:




linux-image-3.13.0-95-generic

3.13.0-95.142~precise1






linux-image-3.13.0-95-generic-lpae

3.13.0-95.142~precise1






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


After a standard system update you need to reboot your computer to make
all the necessary changes.



ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.





References




CVE-2016-5244,

CVE-2016-5696,

CVE-2016-5728,

CVE-2016-5828,

CVE-2016-5829


USN-3072-1: Linux kernel vulnerabilities

2016/9/2 17:08:07 | Ubuntu security notices

Ubuntu Security Notice USN-3072-1


29th August, 2016


linux vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 12.04 LTS





Summary


Several security issues were fixed in the kernel.





Software description





  • linux
    - Linux kernel







Details


Kangjie Lu discovered an information leak in the Reliable Datagram Sockets
(RDS) implementation in the Linux kernel. A local attacker could use this
to obtain potentially sensitive information from kernel memory.
(CVE-2016-5244)



Yue Cao et al discovered a flaw in the TCP implementation's handling of
challenge acks in the Linux kernel. A remote attacker could use this to
cause a denial of service (reset connection) or inject content into an TCP
stream. (CVE-2016-5696)



It was discovered that a heap based buffer overflow existed in the USB HID
driver in the Linux kernel. A local attacker could use this cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2016-5829)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 12.04 LTS:




linux-image-3.2.0-109-generic

3.2.0-109.150






linux-image-3.2.0-109-virtual

3.2.0-109.150






linux-image-3.2.0-109-generic-pae

3.2.0-109.150






linux-image-3.2.0-109-powerpc64-smp

3.2.0-109.150






linux-image-3.2.0-109-highbank

3.2.0-109.150






linux-image-3.2.0-109-omap

3.2.0-109.150






linux-image-3.2.0-109-powerpc-smp

3.2.0-109.150






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


After a standard system update you need to reboot your computer to make
all the necessary changes.



ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.





References




CVE-2016-5244,

CVE-2016-5696,

CVE-2016-5829


USN-3072-2: Linux kernel (OMAP4) vulnerabilities

2016/9/2 17:08:07 | Ubuntu security notices

Ubuntu Security Notice USN-3072-2


29th August, 2016


linux-ti-omap4 vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 12.04 LTS





Summary


Several security issues were fixed in the kernel.





Software description





  • linux-ti-omap4
    - Linux kernel for OMAP4







Details


Kangjie Lu discovered an information leak in the Reliable Datagram Sockets
(RDS) implementation in the Linux kernel. A local attacker could use this
to obtain potentially sensitive information from kernel memory.
(CVE-2016-5244)



Yue Cao et al discovered a flaw in the TCP implementation's handling of
challenge acks in the Linux kernel. A remote attacker could use this to
cause a denial of service (reset connection) or inject content into an TCP
stream. (CVE-2016-5696)



It was discovered that a heap based buffer overflow existed in the USB HID
driver in the Linux kernel. A local attacker could use this cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2016-5829)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 12.04 LTS:




linux-image-3.2.0-1487-omap4

3.2.0-1487.114






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


After a standard system update you need to reboot your computer to make
all the necessary changes.



ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.





References




CVE-2016-5244,

CVE-2016-5696,

CVE-2016-5829