kernel: net: double-free and memory corruption in get_net_ns_by_id()

A use-after-free vulnerability was found in a network namespaces code affecting the Linux kernel since v4.0-rc1 through v4.15-rc5. The function getnetnsbyid does not check for the net::count value after it has found a peer network in netnsids idr which could lead to double free and memory...

kernel: Missing capabilities check in net/netfilter/nfnetlink_cthelper.c allows for unprivileged access to systemwide nfnl_cthelper_list structure

The net/netfilter/nfnetlinkcthelper.c function in the Linux kernel through 4.14.4 does not require the CAPNETADMIN capability for new, get, and del operations. This allows local users to bypass intended access restrictions because the nfnlcthelperlist data structure is shared across all net...

kernel: net: double-free and memory corruption in get_net_ns_by_id()

A use-after-free vulnerability was found in a network namespaces code affecting the Linux kernel since v4.0-rc1 through v4.15-rc5. The function getnetnsbyid does not check for the net::count value after it has found a peer network in netnsids idr which could lead to double free and memory...

Ubuntu: Security Advisory (USN-3617-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3619-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3619-2 advisory. USN-3619-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...

USN-3619-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3619-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that the Berkeley Packet Filter BPF implementation in the Linux...

USN-3619-2 linux-lts-xenial, linux-aws vulnerabilities

USN-3619-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that the Berkeley Packet Filter BPF implementation in the Linux...

Ubuntu 17.10 : linux-raspi2 vulnerabilities (USN-3617-3)

It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-0861 It was discovered that a...

USN-3619-1: Linux kernel vulnerabilities

Jann Horn discovered that the Berkeley Packet Filter BPF implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-16995 It was discovered that a...

USN-3619-1 linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

Jann Horn discovered that the Berkeley Packet Filter BPF implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-16995 It was discovered that a...

USN-3617-3: Linux kernel (Raspberry Pi 2) vulnerabilities

It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-0861 It was discovered that a...

Ubuntu 16.04 LTS : Linux (HWE) vulnerabilities (USN-3617-2)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3617-2 advisory. USN-3617-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement H...

USN-3617-2: Linux (HWE) vulnerabilities

USN-3617-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. It was discovered that a race condition leading to a use-after-free vulnerability existed in t...

USN-3617-2 linux-hwe, linux-gcp, linux-oem vulnerabilities

USN-3617-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. It was discovered that a race condition leading to a use-after-free vulnerability existed in t...

USN-3617-1: Linux kernel vulnerabilities

It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-0861 It was discovered that the KVM...

Virtuozzo 7 : readykernel-patch (VZA-2018-014)

According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - It was discovered that the implementation of ebtables in the kernel did not properly validate the offsets received fro...

Important kernel security update: CVE-2018-1068; Virtuozzo ReadyKernel patch 47.0 for Virtuozzo 7.0.1 to 7.0.6 HF3

The cumulative Virtuozzo ReadyKernel patch was updated with a security fix. The patch applies to all supported Virtuozzo 7.0 kernels except 3.10.0-693.17.1.vz7.43.10 7.0.7. Vulnerability id: CVE-2018-1068 It was discovered that the implementation of ebtables in the kernel did not properly validat...

EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1055)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a...

Security update for docker, docker-runc, containerd, golang-github-docker-libnetwork (important)

This update for docker, docker-runc, containerd, golang-github-docker-libnetwork fixes several issues. These security issues were fixed: - CVE-2017-16539: The DefaultLinuxSpec function in oci/defaults.go docker did not block /proc/scsi pathnames, which allowed attackers to trigger data loss when...

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update provides the upstream 4.4.111 and fixes several security issues. The most important fix in this update is for the security issue named "Meltdown" that is fixed in theese kernels by enabling kernel Page Table Isolation KTPI. Note that according to AMD, this issue does not...