Ubuntu Security Notice 1256-1 - It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Various other issues were also addressed.
065ea3de04cbda6ba2f070db62f0f0ff03f73b678f1a9b1d73799d5e8bba15abUbuntu Security Notice 1212-1 - Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly clear memory when writing certain file holes. A local attacker could exploit this to read uninitialized data from the disk, leading to a loss of privacy. Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values. By inserting a specially crafted disk device, a local attacker could exploit this to gain root privileges. Various other issues were also addressed.
f2bd89a7fb4e075ddf3c443cc67ea905e50e3d359edda7464f4642e35cf7b84eUbuntu Security Notice 1193-1 - Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. Phil Oester discovered that the network bonding system did not correctly handle large queues. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Various other issues were also addressed.
810150f9280d8079e9e82fe2c1122748180f18655b2b42c4b85a73255f95f902
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed