USN-2663-1

Description

linux vulnerabilities Alexandre Oliva reported a race condition flaw in the btrfs file system's handling of extended attributes (xattrs). A local attacker could exploit this flaw to bypass ACLs and potentially escalate privileges. (CVE-2014-9710) A race condition was discovered in the Linux kernel's file_handle size verification. A local user could exploit this flaw to read potentially sensative memory locations. (CVE-2015-1420) A underflow error was discovered in the Linux kernel's Ozmo Devices USB over WiFi host controller driver. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially execute arbitrary code via a specially crafted packet. (CVE-2015-4001) A bounds check error was discovered in the Linux kernel's Ozmo Devices USB over WiFi host controller driver. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially execute arbitrary code via a specially crafted packet. (CVE-2015-4002) A division by zero error was discovered in the Linux kernel's Ozmo Devices USB over WiFi host controller driver. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4003) Carl H Lunde discovered missing consistency checks in the Linux kernel's UDF file system (CONFIG_UDF_FS). A local attacker could exploit this flaw to cause a denial of service (system crash) by using a corrupted file system image. (CVE-2015-4167)

Affected Systems

• ubuntu•linux

  < 3.13.0-57.95

References (7)

• https://ubuntu.com/security/notices/USN-2663-1
• https://ubuntu.com/security/CVE-2014-9710
• https://ubuntu.com/security/CVE-2015-1420
• https://ubuntu.com/security/CVE-2015-4001
• https://ubuntu.com/security/CVE-2015-4002
• https://ubuntu.com/security/CVE-2015-4003
• https://ubuntu.com/security/CVE-2015-4167