USN-2664-1

Description

linux-lts-utopic vulnerabilities A race condition was discovered in the Linux kernel's file_handle size verification. A local user could exploit this flaw to read potentially sensative memory locations. (CVE-2015-1420) A underflow error was discovered in the Linux kernel's Ozmo Devices USB over WiFi host controller driver. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially execute arbitrary code via a specially crafted packet. (CVE-2015-4001) A bounds check error was discovered in the Linux kernel's Ozmo Devices USB over WiFi host controller driver. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially execute arbitrary code via a specially crafted packet. (CVE-2015-4002) A division by zero error was discovered in the Linux kernel's Ozmo Devices USB over WiFi host controller driver. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4003) Carl H Lunde discovered missing consistency checks in the Linux kernel's UDF file system (CONFIG_UDF_FS). A local attacker could exploit this flaw to cause a denial of service (system crash) by using a corrupted file system image. (CVE-2015-4167) Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filter JIT optimization. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4700) A double free flaw was discovered in the Linux kernel's path lookup. A local user could cause a denial of service (Oops). (CVE-2015-5706)

Affected Systems

• ubuntu•linux-lts-utopic

  < 3.16.0-43.58~14.04.1

References (8)

• https://ubuntu.com/security/notices/USN-2664-1
• https://ubuntu.com/security/CVE-2015-1420
• https://ubuntu.com/security/CVE-2015-4001
• https://ubuntu.com/security/CVE-2015-4002
• https://ubuntu.com/security/CVE-2015-4003
• https://ubuntu.com/security/CVE-2015-4167
• https://ubuntu.com/security/CVE-2015-4700
• https://ubuntu.com/security/CVE-2015-5706