Saturday, February 28, 2015

[USN-2516-2] Linux kernel vulnerability regression

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJU8YtbAAoJEAUvNnAY1cPYBlkP/ia9a3VQsi5LU8/Q2zfkU22e
2SEMKN4sss9X7BFuIbRIAKfSgm/lmj79m+3G6Wl1QskxXpC9KzRiLs+8Wp+Rr2/X
PYS1ur5WWBk0wM3Obj8ljQKV64p2/YOWoe+ltWAAcNQYP9YOT/+Msd1/Q1RotSik
9lK9H1meKmV4HBUjymO35IWPGHQ5+Ub7wFlzWK1hxKjyhUENcmH1FFcVuc36HZHj
UucJDghkxY4N2rpkzbIrMch3+EB5eNz5GEN8jAwZds9cJYv65Fpa23dw91Nmar7+
me1B1TRz94zaQqHP4DTIWPBVIw1HLzINGfSObeUVQu1CMB424mzTVTzxcEBYwtzB
t0uxEVwcp+47FxzIBJXtDVOxLe/KBVrs9a9zVnzougJMSk7CKKul8Mz57tvkA7Db
sh2FQuFsPZQvSX0LrCT8i9tTlfyTquZoLPQ1TgU9frVbiK0fiJCXOWfqcQ8Gn1sS
YY3UOw4ptNqfEXvTJ7/oclQxonydkUCRe+/0eVSMgbsylfCHCEq0sjiQ7/dlqUcq
vBdn0/xNE7BRpCdMYBPH3MY6Z1okq+m5A0OGBLaeI2lp2NdsA+ai6EjF4E0a16xo
35KtD1F6mKv5bortY3kWDPqDlgrrLoGh7OIHQA7iDF/Kd/cJeTK1TF2+XuBoaDW3
hptbN7utt0NS1NhSR1b2
=Z6yk
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2516-2
February 28, 2015

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

USN-2516-1 introduced a regression in the Linux kernel.

Software Description:
- linux: Linux kernel

Details:

USN-2516-1 fixed vulnerabilities in the Linux kernel. There was an unrelated
regression in the use of the virtual counter (CNTVCT) on arm64 architectures.
This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of
the SYSTENTER instruction when the guest OS does not initialize the
SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of
service of the guest OS (crash) or potentially gain privileges on the guest
OS. (CVE-2015-0239)

Andy Lutomirski discovered an information leak in the Linux kernel's Thread
Local Storage (TLS) implementation allowing users to bypass the espfix to
obtain information that could be used to bypass the Address Space Layout
Randomization (ASLR) protection mechanism. A local user could exploit this
flaw to obtain potentially sensitive information from kernel memory.
(CVE-2014-8133)

A restriction bypass was discovered in iptables when conntrack rules are
specified and the conntrack protocol handler module is not loaded into the
Linux kernel. This flaw can cause the firewall rules on the system to be
bypassed when conntrack rules are used. (CVE-2014-8160)

A flaw was discovered with file renaming in the linux kernel. A local user
could exploit this flaw to cause a denial of service (deadlock and system
hang). (CVE-2014-8559)

A flaw was discovered in how supplemental group memberships are handled in
certain namespace scenarios. A local user could exploit this flaw to bypass
file permission restrictions. (CVE-2014-8989)

A flaw was discovered in how Thread Local Storage (TLS) is handled by the
task switching function in the Linux kernel for x86_64 based machines. A
local user could exploit this flaw to bypass the Address Space Layout
Radomization (ASLR) protection mechanism. (CVE-2014-9419)

Prasad J Pandit reported a flaw in the rock_continue function of the Linux
kernel's ISO 9660 CDROM file system. A local user could exploit this flaw
to cause a denial of service (system crash or hang). (CVE-2014-9420)

A flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced
Meshing Protocol in the Linux kernel. A remote attacker could exploit this
flaw to cause a denial of service (mesh-node system crash) via fragmented
packets. (CVE-2014-9428)

A race condition was discovered in the Linux kernel's key ring. A local
user could cause a denial of service (memory corruption or panic) or
possibly have unspecified impact via the keyctl commands. (CVE-2014-9529)

A memory leak was discovered in the ISO 9660 CDROM file system when parsing
rock ridge ER records. A local user could exploit this flaw to obtain
sensitive information from kernel memory via a crafted iso9660 image.
(CVE-2014-9584)

A flaw was discovered in the Address Space Layout Randomization (ASLR) of
the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw
makes it easier for a local user to bypass the ASLR protection mechanism.
(CVE-2014-9585)

Dmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file
name decoding. A local unprivileged user could exploit this flaw to cause a
denial of service (system crash) or potentially gain administrative
privileges. (CVE-2014-9683)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
block-modules-3.13.0-46-generic-di 3.13.0-46.76
block-modules-3.13.0-46-generic-lpae-di 3.13.0-46.76
block-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
block-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
block-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
block-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
crypto-modules-3.13.0-46-generic-di 3.13.0-46.76
crypto-modules-3.13.0-46-generic-lpae-di 3.13.0-46.76
crypto-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
crypto-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
crypto-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
crypto-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
fat-modules-3.13.0-46-generic-di 3.13.0-46.76
fat-modules-3.13.0-46-generic-lpae-di 3.13.0-46.76
fat-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
fat-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
fat-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
fat-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
fb-modules-3.13.0-46-generic-di 3.13.0-46.76
fb-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
fb-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
fb-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
fb-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
firewire-core-modules-3.13.0-46-generic-di 3.13.0-46.76
firewire-core-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
firewire-core-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
firewire-core-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
firewire-core-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
floppy-modules-3.13.0-46-generic-di 3.13.0-46.76
floppy-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
floppy-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
floppy-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
floppy-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
fs-core-modules-3.13.0-46-generic-di 3.13.0-46.76
fs-core-modules-3.13.0-46-generic-lpae-di 3.13.0-46.76
fs-core-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
fs-core-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
fs-core-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
fs-core-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
fs-secondary-modules-3.13.0-46-generic-di 3.13.0-46.76
fs-secondary-modules-3.13.0-46-generic-lpae-di 3.13.0-46.76
fs-secondary-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
fs-secondary-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
fs-secondary-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
fs-secondary-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
input-modules-3.13.0-46-generic-di 3.13.0-46.76
input-modules-3.13.0-46-generic-lpae-di 3.13.0-46.76
input-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
input-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
input-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
input-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
ipmi-modules-3.13.0-46-generic-di 3.13.0-46.76
ipmi-modules-3.13.0-46-generic-lpae-di 3.13.0-46.76
ipmi-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
ipmi-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
ipmi-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
ipmi-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
irda-modules-3.13.0-46-generic-di 3.13.0-46.76
irda-modules-3.13.0-46-generic-lpae-di 3.13.0-46.76
irda-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
irda-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
irda-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
irda-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
kernel-image-3.13.0-46-generic-di 3.13.0-46.76
kernel-image-3.13.0-46-generic-lpae-di 3.13.0-46.76
kernel-image-3.13.0-46-powerpc-e500-di 3.13.0-46.76
kernel-image-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
kernel-image-3.13.0-46-powerpc-smp-di 3.13.0-46.76
kernel-image-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
linux-cloud-tools-3.13.0-46 3.13.0-46.76
linux-cloud-tools-3.13.0-46-generic 3.13.0-46.76
linux-cloud-tools-3.13.0-46-generic-lpae 3.13.0-46.76
linux-cloud-tools-3.13.0-46-lowlatency 3.13.0-46.76
linux-cloud-tools-3.13.0-46-powerpc-e500 3.13.0-46.76
linux-cloud-tools-3.13.0-46-powerpc-e500mc 3.13.0-46.76
linux-cloud-tools-3.13.0-46-powerpc-smp 3.13.0-46.76
linux-cloud-tools-3.13.0-46-powerpc64-emb 3.13.0-46.76
linux-cloud-tools-3.13.0-46-powerpc64-smp 3.13.0-46.76
linux-cloud-tools-common 3.13.0-46.76
linux-doc 3.13.0-46.76
linux-headers-3.13.0-46 3.13.0-46.76
linux-headers-3.13.0-46-generic 3.13.0-46.76
linux-headers-3.13.0-46-generic-lpae 3.13.0-46.76
linux-headers-3.13.0-46-lowlatency 3.13.0-46.76
linux-headers-3.13.0-46-powerpc-e500 3.13.0-46.76
linux-headers-3.13.0-46-powerpc-e500mc 3.13.0-46.76
linux-headers-3.13.0-46-powerpc-smp 3.13.0-46.76
linux-headers-3.13.0-46-powerpc64-emb 3.13.0-46.76
linux-headers-3.13.0-46-powerpc64-smp 3.13.0-46.76
linux-image-3.13.0-46-generic 3.13.0-46.76
linux-image-3.13.0-46-generic-lpae 3.13.0-46.76
linux-image-3.13.0-46-lowlatency 3.13.0-46.76
linux-image-3.13.0-46-powerpc-e500 3.13.0-46.76
linux-image-3.13.0-46-powerpc-e500mc 3.13.0-46.76
linux-image-3.13.0-46-powerpc-smp 3.13.0-46.76
linux-image-3.13.0-46-powerpc64-emb 3.13.0-46.76
linux-image-3.13.0-46-powerpc64-smp 3.13.0-46.76
linux-image-extra-3.13.0-46-generic 3.13.0-46.76
linux-image-extra-3.13.0-46-generic-lpae 3.13.0-46.76
linux-image-extra-3.13.0-46-lowlatency 3.13.0-46.76
linux-image-extra-3.13.0-46-powerpc-e500 3.13.0-46.76
linux-image-extra-3.13.0-46-powerpc-e500mc 3.13.0-46.76
linux-image-extra-3.13.0-46-powerpc-smp 3.13.0-46.76
linux-image-extra-3.13.0-46-powerpc64-emb 3.13.0-46.76
linux-image-extra-3.13.0-46-powerpc64-smp 3.13.0-46.76
linux-libc-dev 3.13.0-46.76
linux-source-3.13.0 3.13.0-46.76
linux-tools-3.13.0-46 3.13.0-46.76
linux-tools-3.13.0-46-generic 3.13.0-46.76
linux-tools-3.13.0-46-generic-lpae 3.13.0-46.76
linux-tools-3.13.0-46-lowlatency 3.13.0-46.76
linux-tools-3.13.0-46-powerpc-e500 3.13.0-46.76
linux-tools-3.13.0-46-powerpc-e500mc 3.13.0-46.76
linux-tools-3.13.0-46-powerpc-smp 3.13.0-46.76
linux-tools-3.13.0-46-powerpc64-emb 3.13.0-46.76
linux-tools-3.13.0-46-powerpc64-smp 3.13.0-46.76
linux-tools-common 3.13.0-46.76
linux-udebs-generic 3.13.0-46.76
linux-udebs-generic-lpae 3.13.0-46.76
linux-udebs-lowlatency 3.13.0-46.76
linux-udebs-powerpc-e500 3.13.0-46.76
linux-udebs-powerpc-e500mc 3.13.0-46.76
linux-udebs-powerpc-smp 3.13.0-46.76
linux-udebs-powerpc64-emb 3.13.0-46.76
linux-udebs-powerpc64-smp 3.13.0-46.76
md-modules-3.13.0-46-generic-di 3.13.0-46.76
md-modules-3.13.0-46-generic-lpae-di 3.13.0-46.76
md-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
md-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
md-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
md-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
message-modules-3.13.0-46-generic-di 3.13.0-46.76
message-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
message-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
message-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
message-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
mouse-modules-3.13.0-46-generic-di 3.13.0-46.76
mouse-modules-3.13.0-46-generic-lpae-di 3.13.0-46.76
mouse-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
mouse-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
mouse-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
mouse-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
multipath-modules-3.13.0-46-generic-di 3.13.0-46.76
multipath-modules-3.13.0-46-generic-lpae-di 3.13.0-46.76
multipath-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
multipath-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
multipath-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
multipath-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
nfs-modules-3.13.0-46-generic-di 3.13.0-46.76
nfs-modules-3.13.0-46-generic-lpae-di 3.13.0-46.76
nfs-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
nfs-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
nfs-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
nfs-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
nic-modules-3.13.0-46-generic-di 3.13.0-46.76
nic-modules-3.13.0-46-generic-lpae-di 3.13.0-46.76
nic-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
nic-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
nic-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
nic-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
nic-pcmcia-modules-3.13.0-46-generic-di 3.13.0-46.76
nic-pcmcia-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
nic-pcmcia-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
nic-pcmcia-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
nic-pcmcia-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
nic-shared-modules-3.13.0-46-generic-di 3.13.0-46.76
nic-shared-modules-3.13.0-46-generic-lpae-di 3.13.0-46.76
nic-shared-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
nic-shared-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
nic-shared-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
nic-shared-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
nic-usb-modules-3.13.0-46-generic-di 3.13.0-46.76
nic-usb-modules-3.13.0-46-generic-lpae-di 3.13.0-46.76
nic-usb-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
nic-usb-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
nic-usb-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
nic-usb-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
parport-modules-3.13.0-46-generic-di 3.13.0-46.76
parport-modules-3.13.0-46-generic-lpae-di 3.13.0-46.76
parport-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
parport-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
parport-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
parport-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
pata-modules-3.13.0-46-generic-di 3.13.0-46.76
pata-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
pata-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
pata-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
pata-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
pcmcia-modules-3.13.0-46-generic-di 3.13.0-46.76
pcmcia-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
pcmcia-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
pcmcia-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
pcmcia-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
pcmcia-storage-modules-3.13.0-46-generic-di 3.13.0-46.76
pcmcia-storage-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
pcmcia-storage-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
pcmcia-storage-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
pcmcia-storage-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
plip-modules-3.13.0-46-generic-di 3.13.0-46.76
plip-modules-3.13.0-46-generic-lpae-di 3.13.0-46.76
plip-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
plip-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
plip-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
plip-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
ppp-modules-3.13.0-46-generic-di 3.13.0-46.76
ppp-modules-3.13.0-46-generic-lpae-di 3.13.0-46.76
ppp-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
ppp-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
ppp-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
ppp-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
sata-modules-3.13.0-46-generic-di 3.13.0-46.76
sata-modules-3.13.0-46-generic-lpae-di 3.13.0-46.76
sata-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
sata-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
sata-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
sata-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
scsi-modules-3.13.0-46-generic-di 3.13.0-46.76
scsi-modules-3.13.0-46-generic-lpae-di 3.13.0-46.76
scsi-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
scsi-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
scsi-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
scsi-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
serial-modules-3.13.0-46-generic-di 3.13.0-46.76
serial-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
serial-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
serial-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
serial-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
speakup-modules-3.13.0-46-generic-di 3.13.0-46.76
speakup-modules-3.13.0-46-generic-lpae-di 3.13.0-46.76
speakup-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
speakup-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
speakup-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
speakup-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
squashfs-modules-3.13.0-46-generic-di 3.13.0-46.76
squashfs-modules-3.13.0-46-generic-lpae-di 3.13.0-46.76
squashfs-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
squashfs-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
squashfs-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
squashfs-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
storage-core-modules-3.13.0-46-generic-di 3.13.0-46.76
storage-core-modules-3.13.0-46-generic-lpae-di 3.13.0-46.76
storage-core-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
storage-core-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
storage-core-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
storage-core-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
usb-modules-3.13.0-46-generic-di 3.13.0-46.76
usb-modules-3.13.0-46-generic-lpae-di 3.13.0-46.76
usb-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
usb-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
usb-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
usb-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
virtio-modules-3.13.0-46-generic-di 3.13.0-46.76
virtio-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
virtio-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
virtio-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
virtio-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76
vlan-modules-3.13.0-46-generic-di 3.13.0-46.76
vlan-modules-3.13.0-46-generic-lpae-di 3.13.0-46.76
vlan-modules-3.13.0-46-powerpc-e500-di 3.13.0-46.76
vlan-modules-3.13.0-46-powerpc-e500mc-di 3.13.0-46.76
vlan-modules-3.13.0-46-powerpc-smp-di 3.13.0-46.76
vlan-modules-3.13.0-46-powerpc64-smp-di 3.13.0-46.76

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2516-2
http://www.ubuntu.com/usn/usn-2516-1
--filter-bins

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-46.76

Thursday, February 26, 2015

[USN-2520-1] CUPS vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJU70koAAoJEGVp2FWnRL6TK3IP/1J9eWOLuzZS/+rsTNgl9hQQ
3lSLWtJFKth149Xnmo+1qWXXBD87pWB/4MKMxCzSGdZ6NB9LBhkdlO+FjxDQ/JHy
zWxe7PKcsXc+02Jsh2rNjpU4ZZVxLNsUOUHVHkOqCPRnmajYp2NQkjm4jtgv4Wj8
UaTEDsymzkZDzwSTW6ym5KUPpAHRQRa3S9l8aXEk5vB89pCrZnwRMYA/+nb7tWiM
KkTsjBQszcwQrOOxYdUc5+z9IWHlypVzyqPjgXqkVo4nVa7unpsqEHcbcSu/0fCx
TwSdyLlCHFxEUA0x3bKuFX3mAyVZ2o14b4gBa6nJRpp2jYTc21CI1+yJLAXbssbR
W4kq521UwO6GFJASX1bEPU2ZZuE6/VyeCXIYSgqa4Yq/2XMBg7WZBTCWjRnTqCkh
maDyYIbhmP0SVsvaqnpzGoH5Yut8yWt6hl7qz/t65v3J01TnXQ4Op9igkP+tRwZL
tixYvFOcqn7HrmRysd9qFaL2tEt3JISA3q7R1sceWar38epBfRyfdq1DYx1z2zKf
5u7eFSBQIP910Eev1PQeG3jR8uGbTJhMnhYWqfzkpDsfbBxL4r2B/s/poipT0tM4
qlryxhPbBWfiwhCHv4UVrw+3njMrOSFPdtYogRXv0BakyunoZSSR2dj4NkUEGW6w
QCME0fsiQXpLRD4XZuTC
=pwLt
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2520-1
February 26, 2015

cups vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

CUPS could be made to crash or run programs if it processed a specially
crafted file.

Software Description:
- cups: Common UNIX Printing System(tm)

Details:

Peter De Wachter discovered that CUPS incorrectly handled certain malformed
compressed raster files. A remote attacker could use this issue to cause
CUPS to crash, resulting in a denial of service, or possibly execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
cups 1.7.5-3ubuntu3.1

Ubuntu 14.04 LTS:
cups 1.7.2-0ubuntu1.5

Ubuntu 12.04 LTS:
cups 1.5.3-0ubuntu8.6

Ubuntu 10.04 LTS:
cups 1.4.3-1ubuntu1.14

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2520-1
CVE-2014-9679

Package Information:
https://launchpad.net/ubuntu/+source/cups/1.7.5-3ubuntu3.1
https://launchpad.net/ubuntu/+source/cups/1.7.2-0ubuntu1.5
https://launchpad.net/ubuntu/+source/cups/1.5.3-0ubuntu8.6
https://launchpad.net/ubuntu/+source/cups/1.4.3-1ubuntu1.14

[USN-2519-1] GNU C Library vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJU70kOAAoJEGVp2FWnRL6TAHsP/1tNCfDJGeNnxnvQ7HpDOCu5
9wFUEd3lj8TtCk7D8QGjv6u9UwBdvOCHn4SUMZPwNKl6edtInS4vuxHRWnCJd6zJ
zhbG5WpRCc6fN18xt7LWFVHOy3LCedYEsVXlJsehLFvLT2/saRrisjQwc8NGJkc2
yUWbJl3Fa/mEXhIJ1szf5Ly84N74fqPut5q56BFBn/1eRxzQfzOV6gkW+vg5i08m
SvrtCVSLOI7hnsB8iQioKXAI3s9Z39IXQtoQoDhlN/L6cDU85/MsNLsIRSnJyjho
3uX/vequvEHdZQD5abTOqiRI/irigT5DP8K2tCOxkfvhR7l35WLHCBo9ZD8WTi31
2mELNuLAU7XeF+dZqi8mxdDJoGh3//BB6BgcQmZ5D2YoF9KAp0AjVlo3LFw5Zqks
Sajhpv0z3M8SfCpTWCf+3m3bWiJ97Hm9SSvvTMTraKHJ9kDEB7hSfGjo7ReFE/Jd
ZhS0mk/BCAmALm69APBMM0+YaypArysnbTYUfiFIG5/qw9tj9f8lbSi/v3o8vo9T
PMdQ6g3l4gSqOHf7wRTl/16NcrK+v0U342YhLuaceFpV9C9/8qMTY2gnVOOy+OQE
MvS9bXhqS3GBHFONDrToSCQl05mLfXSTeM8KV3aNd2Q1nFfHR2qWscJ7AaG7lrKV
N9pfli7Id/RN2Lhi6lt/
=RJq6
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2519-1
February 26, 2015

eglibc, glibc vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in the GNU C Library.

Software Description:
- glibc: GNU C Library
- eglibc: GNU C Library

Details:

Arnaud Le Blanc discovered that the GNU C Library incorrectly handled file
descriptors when resolving DNS queries under high load. This may cause a
denial of service in other applications, or an information leak. This issue
only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2013-7423)

It was discovered that the GNU C Library incorrectly handled receiving a
positive answer while processing the network name when performing DNS
resolution. A remote attacker could use this issue to cause the GNU C
Library to hang, resulting in a denial of service. (CVE-2014-9402)

Joseph Myers discovered that the GNU C Library wscanf function incorrectly
handled memory. A remote attacker could possibly use this issue to cause
the GNU C Library to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu
14.04 LTS and Ubuntu 14.10. (CVE-2015-1472, CVE-2015-1473)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
libc6 2.19-10ubuntu2.3

Ubuntu 14.04 LTS:
libc6 2.19-0ubuntu6.6

Ubuntu 12.04 LTS:
libc6 2.15-0ubuntu10.11

Ubuntu 10.04 LTS:
libc6 2.11.1-0ubuntu7.21

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2519-1
CVE-2013-7423, CVE-2014-9402, CVE-2015-1472, CVE-2015-1473

Package Information:
https://launchpad.net/ubuntu/+source/glibc/2.19-10ubuntu2.3
https://launchpad.net/ubuntu/+source/eglibc/2.19-0ubuntu6.6
https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.11
https://launchpad.net/ubuntu/+source/eglibc/2.11.1-0ubuntu7.21

[USN-2518-1] Linux kernel vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJU7wbzAAoJEAUvNnAY1cPYvxwP/RjPfNyY2AfOGQzrXvhPZEdM
06Ho3ngkfyKnmKm0IXg7DTGDfw8Ooi01WygKkUTPyubG/krQBycHXz0e2Q86/k/I
PJ8bHXODHHNUTYx+r68/ld9OTW/OPsmdlUYqrLl62uGdXcMl8uJfdO87g3AA2HmB
r8/tlppZlTJ46832U3QR4R/F3pwunqY00tC6JES41mxPRR6/VkN2b6cnt45AKw+m
KSELlw6UTzm3baTBo4ed4B9aD1x/Ta+NaMxclPUQqF8uUSJxeljAcfF0rRI4EZBX
JAf9cNnnuFSS3gudEQHQ0afg/pxezZ59V5MZUueKHoMAqNd6c0/U1EQmJfQB4TqN
hjFIP8tTLCXFcX4aXoCsMLhpCg2wf3/vWH5NNlGJ9tA/WZtaCyuj0sS8kyU4EkCh
hYOLbzDwhjF4Wd3mFvNNJy0PBAmQ6kwacUO12qFARvpiA3JMbIOIgcCjvc/t6pJQ
u2wY18p25y4xmLW+nWI+NNl+6tiqLYJ6unYetS7tRZRA3fFv4/a92q3XwNPsMghg
T85PsCO32dVvcVWAytuJeXE4cVgrW1iVNcHKDQiiqA96BD6zzd6zg6SIkuVlEkWf
lq9IhsGATc+KsUfNl6WhsQvL7RxdBLiyjyVkgrG1JqoMCeClctirw4BvStYEMt4u
vmFpsImYQnDeO6oUgDOl
=4sMn
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2518-1
February 26, 2015

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.10

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of
the SYSTENTER instruction when the guest OS does not initialize the
SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of
service of the guest OS (crash) or potentially gain privileges on the guest
OS. (CVE-2015-0239)

Andy Lutomirski discovered an information leak in the Linux kernel's Thread
Local Storage (TLS) implementation allowing users to bypass the espfix to
obtain information that could be used to bypass the Address Space Layout
Randomization (ASLR) protection mechanism. A local user could exploit this
flaw to obtain potentially sensitive information from kernel memory.
(CVE-2014-8133)

A restriction bypass was discovered in iptables when conntrack rules are
specified and the conntrack protocol handler module is not loaded into the
Linux kernel. This flaw can cause the firewall rules on the system to be
bypassed when conntrack rules are used. (CVE-2014-8160)

A flaw was discovered with file renaming in the linux kernel. A local user
could exploit this flaw to cause a denial of service (deadlock and system
hang). (CVE-2014-8559)

A flaw was discovered in how supplemental group memberships are handled in
certain namespace scenarios. A local user could exploit this flaw to bypass
file permission restrictions. (CVE-2014-8989)

A flaw was discovered in how Thread Local Storage (TLS) is handled by the
task switching function in the Linux kernel for x86_64 based machines. A
local user could exploit this flaw to bypass the Address Space Layout
Radomization (ASLR) protection mechanism. (CVE-2014-9419)

Prasad J Pandit reported a flaw in the rock_continue function of the Linux
kernel's ISO 9660 CDROM file system. A local user could exploit this flaw
to cause a denial of service (system crash or hang). (CVE-2014-9420)

A flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced
Meshing Protocol in the Linux kernel. A remote attacker could exploit this
flaw to cause a denial of service (mesh-node system crash) via fragmented
packets. (CVE-2014-9428)

A race condition was discovered in the Linux kernel's key ring. A local
user could cause a denial of service (memory corruption or panic) or
possibly have unspecified impact via the keyctl commands. (CVE-2014-9529)

A memory leak was discovered in the ISO 9660 CDROM file system when parsing
rock ridge ER records. A local user could exploit this flaw to obtain
sensitive information from kernel memory via a crafted iso9660 image.
(CVE-2014-9584)

A flaw was discovered in the Address Space Layout Randomization (ASLR) of
the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw
makes it easier for a local user to bypass the ASLR protection mechanism.
(CVE-2014-9585)

Dmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file
name decoding. A local unprivileged user could exploit this flaw to cause a
denial of service (system crash) or potentially gain administrative
privileges. (CVE-2014-9683)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
linux-image-3.16.0-31-generic 3.16.0-31.41
linux-image-3.16.0-31-generic-lpae 3.16.0-31.41
linux-image-3.16.0-31-lowlatency 3.16.0-31.41
linux-image-3.16.0-31-powerpc-e500mc 3.16.0-31.41
linux-image-3.16.0-31-powerpc-smp 3.16.0-31.41
linux-image-3.16.0-31-powerpc64-emb 3.16.0-31.41
linux-image-3.16.0-31-powerpc64-smp 3.16.0-31.41

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2518-1
CVE-2014-8133, CVE-2014-8160, CVE-2014-8559, CVE-2014-8989,
CVE-2014-9419, CVE-2014-9420, CVE-2014-9428, CVE-2014-9529,
CVE-2014-9584, CVE-2014-9585, CVE-2014-9683, CVE-2015-0239

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.16.0-31.41

[USN-2517-1] Linux kernel (Utopic HWE) vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJU7wbTAAoJEAUvNnAY1cPYikUP/jEVf6MdQTHfTZP7EkXp1FJY
QncJErnsgJiw1L2sNS2l7UqJMCTNpJUCRTlB00EVrkpdpnj5XPIvTSAP76ere2w2
+b+6/OBl+sQCX4njjreFHk5FgJnXghtFm6dqbjY1tI5Tb9nnFU1KSSWCstgSzyTY
No2/+bu8ye+acjqV2xJ3XrBJ4gz7pETgVzCwpwx3IJMtuJN5F0PdDFYvMxncioYC
NGTxHkQlzkoQuw8UBjKq6gdVZCZ+ZhAY5HjYXdv+pnIYyulew2P9K8FKRHLuSFpi
sMWV2WSEUrG8Ym7XAY5/YSaAJ64miGzmxdn+xyXfQlAQtOecv/4FjFHO8c4690pZ
lcKVbjJcBsIo4Mvj+ObuMY2H5sQyPdZ2Y7w76CWIRGTrgEwxsIJndDm4WVbd+hXu
yG/8v4ch58OoYWtEZ8uNTKCsZbu7V+7mdxQrtjpDBpA6JJqN7f4TYvI6Qf7Gh3Ms
8uiTX0vcWec19jbr7ApKVa8g06wjAQjVy0/X+MDJ/PEYe8BH+AKycAaY/X4+gH+T
jse4/0Z3a/LScDnVorcJ7Zm3oUic8qdwnZ10FArGmWLyv1Jxs62brUfmH3DPqFe1
+p/kGix5X+3TXNIkDyXL4GTjK+72IcI0FTmjwLgTBsWy1C68NuzkJ3G+JYix90+b
cczibOqE0t0Stx79mqGK
=MbPc
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2517-1
February 26, 2015

linux-lts-utopic vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-lts-utopic: Linux hardware enablement kernel from Utopic

Details:

A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of
the SYSTENTER instruction when the guest OS does not initialize the
SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of
service of the guest OS (crash) or potentially gain privileges on the guest
OS. (CVE-2015-0239)

Andy Lutomirski discovered an information leak in the Linux kernel's Thread
Local Storage (TLS) implementation allowing users to bypass the espfix to
obtain information that could be used to bypass the Address Space Layout
Randomization (ASLR) protection mechanism. A local user could exploit this
flaw to obtain potentially sensitive information from kernel memory.
(CVE-2014-8133)

A restriction bypass was discovered in iptables when conntrack rules are
specified and the conntrack protocol handler module is not loaded into the
Linux kernel. This flaw can cause the firewall rules on the system to be
bypassed when conntrack rules are used. (CVE-2014-8160)

A flaw was discovered with file renaming in the linux kernel. A local user
could exploit this flaw to cause a denial of service (deadlock and system
hang). (CVE-2014-8559)

A flaw was discovered in how supplemental group memberships are handled in
certain namespace scenarios. A local user could exploit this flaw to bypass
file permission restrictions. (CVE-2014-8989)

A flaw was discovered in how Thread Local Storage (TLS) is handled by the
task switching function in the Linux kernel for x86_64 based machines. A
local user could exploit this flaw to bypass the Address Space Layout
Radomization (ASLR) protection mechanism. (CVE-2014-9419)

Prasad J Pandit reported a flaw in the rock_continue function of the Linux
kernel's ISO 9660 CDROM file system. A local user could exploit this flaw
to cause a denial of service (system crash or hang). (CVE-2014-9420)

A flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced
Meshing Protocol in the Linux kernel. A remote attacker could exploit this
flaw to cause a denial of service (mesh-node system crash) via fragmented
packets. (CVE-2014-9428)

A race condition was discovered in the Linux kernel's key ring. A local
user could cause a denial of service (memory corruption or panic) or
possibly have unspecified impact via the keyctl commands. (CVE-2014-9529)

A memory leak was discovered in the ISO 9660 CDROM file system when parsing
rock ridge ER records. A local user could exploit this flaw to obtain
sensitive information from kernel memory via a crafted iso9660 image.
(CVE-2014-9584)

A flaw was discovered in the Address Space Layout Randomization (ASLR) of
the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw
makes it easier for a local user to bypass the ASLR protection mechanism.
(CVE-2014-9585)

Dmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file
name decoding. A local unprivileged user could exploit this flaw to cause a
denial of service (system crash) or potentially gain administrative
privileges. (CVE-2014-9683)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-3.16.0-31-generic 3.16.0-31.41~14.04.1
linux-image-3.16.0-31-generic-lpae 3.16.0-31.41~14.04.1
linux-image-3.16.0-31-lowlatency 3.16.0-31.41~14.04.1
linux-image-3.16.0-31-powerpc-e500mc 3.16.0-31.41~14.04.1
linux-image-3.16.0-31-powerpc-smp 3.16.0-31.41~14.04.1
linux-image-3.16.0-31-powerpc64-emb 3.16.0-31.41~14.04.1
linux-image-3.16.0-31-powerpc64-smp 3.16.0-31.41~14.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2517-1
CVE-2014-8133, CVE-2014-8160, CVE-2014-8559, CVE-2014-8989,
CVE-2014-9419, CVE-2014-9420, CVE-2014-9428, CVE-2014-9529,
CVE-2014-9584, CVE-2014-9585, CVE-2014-9683, CVE-2015-0239

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-utopic/3.16.0-31.41~14.04.1

[USN-2516-1] Linux kernel vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJU7wa0AAoJEAUvNnAY1cPYFLgP/Al2sxuDQCEaLYSqHLsE/0KP
QtnG9ao+fgHoByJu/zGh1y3W1vTo94Io+J7k0bIo4AHhfUNB12NwHv4z+m+Oc+ij
ph2ZJVZ47QWOXMg3c4sYzAwq4z0cUkhymEZ01h6iXLjndlpTb9dGQqaa2dYHZ3wv
Dvr7uX9/6RZR/amlcFonvlA8ln7gg1hJBijA04oaqE7ad/Qn1Gc1SFGIN35tBicJ
oi1Ura6BL8F+w34rH0LTnA5pbiQc04erMvvdsEY+9asNPaT8ps8CBZS7FJAVsiDg
Lu9ZAt3wZ3t1SliAYlIBvso+CcA5700ktpVAE9YRMvQlV85m3cUpaPvEybCPLhaH
gcK6eJzhBBN10CsOK1eD7am/Gz4xfl7Q4sADQ/mge8TArNJ5xEF+GUzP7AW+DPpY
kGC11udrUELlOCMd9H+GBmEaJGR+gD098NV9L4AJI48k0/RgbVbVuyn/wEl8+QB5
aIak//zR1ds/F4H8U1hVC1pDVBlvg7VhveZlOhxS+BHaiVHNK66uTnrdhxs3Qpdr
gjv+HICEI4pHuc5/7IpaiyxuUJbItzm/+FTyl04SnDNIbK8kPiKgQP2ISPhni52n
LvSjVVX9b60Q9vjJMUnQ3Y1cnC9R8yZ/Vjm//pO5GkgVdsLMN/VN4suEA4w6Tdhm
JfyrdNbmFq0aG56c0wvB
=hHIm
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2516-1
February 26, 2015

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of
the SYSTENTER instruction when the guest OS does not initialize the
SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of
service of the guest OS (crash) or potentially gain privileges on the guest
OS. (CVE-2015-0239)

Andy Lutomirski discovered an information leak in the Linux kernel's Thread
Local Storage (TLS) implementation allowing users to bypass the espfix to
obtain information that could be used to bypass the Address Space Layout
Randomization (ASLR) protection mechanism. A local user could exploit this
flaw to obtain potentially sensitive information from kernel memory.
(CVE-2014-8133)

A restriction bypass was discovered in iptables when conntrack rules are
specified and the conntrack protocol handler module is not loaded into the
Linux kernel. This flaw can cause the firewall rules on the system to be
bypassed when conntrack rules are used. (CVE-2014-8160)

A flaw was discovered with file renaming in the linux kernel. A local user
could exploit this flaw to cause a denial of service (deadlock and system
hang). (CVE-2014-8559)

A flaw was discovered in how supplemental group memberships are handled in
certain namespace scenarios. A local user could exploit this flaw to bypass
file permission restrictions. (CVE-2014-8989)

A flaw was discovered in how Thread Local Storage (TLS) is handled by the
task switching function in the Linux kernel for x86_64 based machines. A
local user could exploit this flaw to bypass the Address Space Layout
Radomization (ASLR) protection mechanism. (CVE-2014-9419)

Prasad J Pandit reported a flaw in the rock_continue function of the Linux
kernel's ISO 9660 CDROM file system. A local user could exploit this flaw
to cause a denial of service (system crash or hang). (CVE-2014-9420)

A flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced
Meshing Protocol in the Linux kernel. A remote attacker could exploit this
flaw to cause a denial of service (mesh-node system crash) via fragmented
packets. (CVE-2014-9428)

A race condition was discovered in the Linux kernel's key ring. A local
user could cause a denial of service (memory corruption or panic) or
possibly have unspecified impact via the keyctl commands. (CVE-2014-9529)

A memory leak was discovered in the ISO 9660 CDROM file system when parsing
rock ridge ER records. A local user could exploit this flaw to obtain
sensitive information from kernel memory via a crafted iso9660 image.
(CVE-2014-9584)

A flaw was discovered in the Address Space Layout Randomization (ASLR) of
the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw
makes it easier for a local user to bypass the ASLR protection mechanism.
(CVE-2014-9585)

Dmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file
name decoding. A local unprivileged user could exploit this flaw to cause a
denial of service (system crash) or potentially gain administrative
privileges. (CVE-2014-9683)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-3.13.0-46-generic 3.13.0-46.75
linux-image-3.13.0-46-generic-lpae 3.13.0-46.75
linux-image-3.13.0-46-lowlatency 3.13.0-46.75
linux-image-3.13.0-46-powerpc-e500 3.13.0-46.75
linux-image-3.13.0-46-powerpc-e500mc 3.13.0-46.75
linux-image-3.13.0-46-powerpc-smp 3.13.0-46.75
linux-image-3.13.0-46-powerpc64-emb 3.13.0-46.75
linux-image-3.13.0-46-powerpc64-smp 3.13.0-46.75

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2516-1
CVE-2014-8133, CVE-2014-8160, CVE-2014-8559, CVE-2014-8989,
CVE-2014-9419, CVE-2014-9420, CVE-2014-9428, CVE-2014-9529,
CVE-2014-9584, CVE-2014-9585, CVE-2014-9683, CVE-2015-0239

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-46.75

[USN-2515-1] Linux kernel (Trusty HWE) vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJU7waIAAoJEAUvNnAY1cPYWqYQAILcjAGmPtQBSeUeJ8P8Aj5n
Nuq7ZxBn2S6aVxm3rduMVou9UP29g9vADdLhN4IUpQnSI10wsCxvRGR4KileCPLN
b3sBbAnBvjWpQB36LS41Yb1JbT59Nc0BFNyGl/aqdsr4LfjBgLvw3Jakmtpfo2NS
vDwPniGVglPvzvp3Uu5oCbILqMszuOk2b9SyDUjEdomx+OwUlV56GfKQBm1zqdo6
lovZTJh8cr+bH1qp57AcmOpSUkQVzDYN2PlbQtvL6aAe0bF13vvZ9OKODIEmAH7d
X8z9nSwTFCSRfcvc1A8/k529XjySANuWojTDONzo88Jjd8i8kshs8q3quDig42kV
fii3yg2csgW+ps9SQgIxK3N1w1NFQaEvqCjU+pGxtTXLNJCj8XIsD2y3XSoiTxpD
2t1Dzn3QpF0cnohyjpajBxvdpTg04iE8lMHr+Oq8rX7sY7Lpy2zC+Whk1RlqpnP0
b5pwyRgJhumuEXspZ7y9CpIMIil1ML9zJQsgi47xgWCwVX5GyjPNBU3Mgqx3RlTO
5sO4r/4E5N5vbLP1A1Tp4G4+f66tFGDcZMZ4YqipEtmQJBGFVOujFtQ0OIUHQhHd
v113dZ8RXPxlAHZQfZRm6jXK2C+6aEKm1XJXOg2lK/0LT0nRFYW5GKQvuZ8RgE2H
ltDV/6vM1+gZBvobiFu6
=OkAr
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2515-1
February 26, 2015

linux-lts-trusty vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-lts-trusty: Linux hardware enablement kernel from Trusty

Details:

A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of
the SYSTENTER instruction when the guest OS does not initialize the
SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of
service of the guest OS (crash) or potentially gain privileges on the guest
OS. (CVE-2015-0239)

Andy Lutomirski discovered an information leak in the Linux kernel's Thread
Local Storage (TLS) implementation allowing users to bypass the espfix to
obtain information that could be used to bypass the Address Space Layout
Randomization (ASLR) protection mechanism. A local user could exploit this
flaw to obtain potentially sensitive information from kernel memory.
(CVE-2014-8133)

A restriction bypass was discovered in iptables when conntrack rules are
specified and the conntrack protocol handler module is not loaded into the
Linux kernel. This flaw can cause the firewall rules on the system to be
bypassed when conntrack rules are used. (CVE-2014-8160)

A flaw was discovered with file renaming in the linux kernel. A local user
could exploit this flaw to cause a denial of service (deadlock and system
hang). (CVE-2014-8559)

A flaw was discovered in how supplemental group memberships are handled in
certain namespace scenarios. A local user could exploit this flaw to bypass
file permission restrictions. (CVE-2014-8989)

A flaw was discovered in how Thread Local Storage (TLS) is handled by the
task switching function in the Linux kernel for x86_64 based machines. A
local user could exploit this flaw to bypass the Address Space Layout
Radomization (ASLR) protection mechanism. (CVE-2014-9419)

Prasad J Pandit reported a flaw in the rock_continue function of the Linux
kernel's ISO 9660 CDROM file system. A local user could exploit this flaw
to cause a denial of service (system crash or hang). (CVE-2014-9420)

A flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced
Meshing Protocol in the Linux kernel. A remote attacker could exploit this
flaw to cause a denial of service (mesh-node system crash) via fragmented
packets. (CVE-2014-9428)

A race condition was discovered in the Linux kernel's key ring. A local
user could cause a denial of service (memory corruption or panic) or
possibly have unspecified impact via the keyctl commands. (CVE-2014-9529)

A memory leak was discovered in the ISO 9660 CDROM file system when parsing
rock ridge ER records. A local user could exploit this flaw to obtain
sensitive information from kernel memory via a crafted iso9660 image.
(CVE-2014-9584)

A flaw was discovered in the Address Space Layout Randomization (ASLR) of
the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw
makes it easier for a local user to bypass the ASLR protection mechanism.
(CVE-2014-9585)

Dmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file
name decoding. A local unprivileged user could exploit this flaw to cause a
denial of service (system crash) or potentially gain administrative
privileges. (CVE-2014-9683)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.13.0-46-generic 3.13.0-46.75~precise1
linux-image-3.13.0-46-generic-lpae 3.13.0-46.75~precise1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2515-1
CVE-2014-8133, CVE-2014-8160, CVE-2014-8559, CVE-2014-8989,
CVE-2014-9419, CVE-2014-9420, CVE-2014-9428, CVE-2014-9529,
CVE-2014-9584, CVE-2014-9585, CVE-2014-9683, CVE-2015-0239

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-46.75~precise1

[USN-2514-1] Linux kernel (OMAP4) vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJU7wZmAAoJEAUvNnAY1cPYFhsP/jLj6OWUHMfqT0DqyNEvlR/h
OEv+gXnCXj6Jkis+JimQTT+57h1UKce7zLPq3CjxJl9ZuUIyFLkLVn0FWsI3qkON
d7G6iN39VFcU3KRCmy5NTDDiD1baXpdVr+vwfXpU10HY0fcMLdnVcFLjBtL1Hw4S
xoxlg/MTmjp+VpM+mb3gEZepV6aE0EJiQbxirun2k2wIwja487oYcvGAXs209IAW
fWdAA4sjFRdcLNvZmP/imHR9qUCaVUS+j3UgZpvm64yqAbIO/3AU+sSZBiRIpoNj
/wIH2CRAkAFlbQkFJ1B1Y/ab+TDLzzWg37J0oKX1AoRQKQ2rTbE3f/QwAXdjUpeJ
g23BQrftLpyt96bIdLTjyBCSsq5mXJPh1MgeWZHby4Ig1lHCwm7/fbnj7657mCQx
5KRqlj+2Y7cpbXDF5LOlHEytVJKNQd/N6co40d6H5VQyQB+ZjwPXEUpqVq22plJ+
g9qNZ1ALy1FpJ2b+jhZMviL6pAGp7RQck3iLL6zoqyHJ9zv69/6S+2CrO6cidBtS
yp9q7ZUwHZ3Hsy1cTFLMQrYTmZVqbKARBSz+MWUdGznMnwr2WewMJG6UVegj2meX
c2+/ue0Nl2SZVGRmeL6M9kW7RAnxqnGfS9+HX730vKxzMcNaRR1+IUXmPfKr3xWI
eY04949WXJe8tDtwkusO
=wx6M
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2514-1
February 26, 2015

linux-ti-omap4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-ti-omap4: Linux kernel for OMAP4

Details:

A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of
the SYSTENTER instruction when the guest OS does not initialize the
SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of
service of the guest OS (crash) or potentially gain privileges on the guest
OS. (CVE-2015-0239)

A flaw was discovered in the automatic loading of modules in the crypto
subsystem of the Linux kernel. A local user could exploit this flaw to load
installed kernel modules, increasing the attack surface and potentially
using this to gain administrative privileges. (CVE-2013-7421)

Andy Lutomirski discovered a flaw in how the Linux kernel handles
pivot_root when used with a chroot directory. A local user could exploit
this flaw to cause a denial of service (mount-tree loop). (CVE-2014-7970)

A restriction bypass was discovered in iptables when conntrack rules are
specified and the conntrack protocol handler module is not loaded into the
Linux kernel. This flaw can cause the firewall rules on the system to be
bypassed when conntrack rules are used. (CVE-2014-8160)

A race condition was discovered in the Linux kernel's key ring. A local
user could cause a denial of service (memory corruption or panic) or
possibly have unspecified impact via the keyctl commands. (CVE-2014-9529)

A memory leak was discovered in the ISO 9660 CDROM file system when parsing
rock ridge ER records. A local user could exploit this flaw to obtain
sensitive information from kernel memory via a crafted iso9660 image.
(CVE-2014-9584)

A flaw was discovered in the Address Space Layout Randomization (ASLR) of
the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw
makes it easier for a local user to bypass the ASLR protection mechanism.
(CVE-2014-9585)

A flaw was discovered in the crypto subsystem when screening module names
for automatic module loading if the name contained a valid crypto module
name, eg. vfat(aes). A local user could exploit this flaw to load installed
kernel modules, increasing the attack surface and potentially using this to
gain administrative privileges. (CVE-2014-9644)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.2.0-1460-omap4 3.2.0-1460.80

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2514-1
CVE-2013-7421, CVE-2014-7970, CVE-2014-8160, CVE-2014-9529,
CVE-2014-9584, CVE-2014-9585, CVE-2014-9644, CVE-2015-0239

Package Information:
https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.2.0-1460.80

[USN-2513-1] Linux kernel vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJU7wZBAAoJEAUvNnAY1cPYgKEP/RC6JzsgU5MBCpaBhfYPsrlC
XTMC2aFfJOPpSQeDIAnnY1I6tMCkEX2lkP6JvdR4qaLyJqtwbJHphpQELDsDZYUU
kSm1Sf+vD33BvttDMH5DE74bVy60gDGNExpvGAjYUQuvuBrY8MjtUq1UeOB0zX7g
1068LcVkp2wam4HEpwAa3d46eP+m/m2Af1kQ0+eLCWGVAlMkxRWkiT6uwWsf2bAu
BniuPP08bHzB9YWNRzaYNC60ked9qKx+8CarDqnANZdJrrKVlm7CdwBMXQUcBbUR
hotWK1VmyW2tMDPBgIn9ztCbPCpiM28hZyypqqdHMmMrnBXX6g41Q7aiVAOJwS+G
/KxIfIUwHGKjKd277Z/a8CAwDmLFviKZ3QZvtkmLhvpmVa+ySJZbc/r9fVd6U4Bq
Nbnr/Wq23CvN77nnMxhcIqSmEUHcioSgtrrA+BUaRXD/6E/lwDm79c39hHuNPqum
wJVqDFBWCKBfNwaYnokqJ1VwzKhago++pZNIcYCqfzMk8d3HTjHDJM6JH22eHRre
zU3J3Kgn4S8OHr3zbimEYxO8HGd5A9PzzyUnfuj0g+SIdcD0ZtkyBhvIeENXoFeq
Bq5vF97afsFpbYbC91n+OG1e8tyNmHFvYh6jF8eq839mikFHug/yeqRn9kStVtyX
W4RQrSyRqCsP6LDVVu8/
=aE69
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2513-1
February 26, 2015

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of
the SYSTENTER instruction when the guest OS does not initialize the
SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of
service of the guest OS (crash) or potentially gain privileges on the guest
OS. (CVE-2015-0239)

A flaw was discovered in the automatic loading of modules in the crypto
subsystem of the Linux kernel. A local user could exploit this flaw to load
installed kernel modules, increasing the attack surface and potentially
using this to gain administrative privileges. (CVE-2013-7421)

Andy Lutomirski discovered a flaw in how the Linux kernel handles
pivot_root when used with a chroot directory. A local user could exploit
this flaw to cause a denial of service (mount-tree loop). (CVE-2014-7970)

A restriction bypass was discovered in iptables when conntrack rules are
specified and the conntrack protocol handler module is not loaded into the
Linux kernel. This flaw can cause the firewall rules on the system to be
bypassed when conntrack rules are used. (CVE-2014-8160)

A race condition was discovered in the Linux kernel's key ring. A local
user could cause a denial of service (memory corruption or panic) or
possibly have unspecified impact via the keyctl commands. (CVE-2014-9529)

A memory leak was discovered in the ISO 9660 CDROM file system when parsing
rock ridge ER records. A local user could exploit this flaw to obtain
sensitive information from kernel memory via a crafted iso9660 image.
(CVE-2014-9584)

A flaw was discovered in the Address Space Layout Randomization (ASLR) of
the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw
makes it easier for a local user to bypass the ASLR protection mechanism.
(CVE-2014-9585)

A flaw was discovered in the crypto subsystem when screening module names
for automatic module loading if the name contained a valid crypto module
name, eg. vfat(aes). A local user could exploit this flaw to load installed
kernel modules, increasing the attack surface and potentially using this to
gain administrative privileges. (CVE-2014-9644)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.2.0-77-generic 3.2.0-77.112
linux-image-3.2.0-77-generic-pae 3.2.0-77.112
linux-image-3.2.0-77-highbank 3.2.0-77.112
linux-image-3.2.0-77-omap 3.2.0-77.112
linux-image-3.2.0-77-powerpc-smp 3.2.0-77.112
linux-image-3.2.0-77-powerpc64-smp 3.2.0-77.112
linux-image-3.2.0-77-virtual 3.2.0-77.112

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2513-1
CVE-2013-7421, CVE-2014-7970, CVE-2014-8160, CVE-2014-9529,
CVE-2014-9584, CVE-2014-9585, CVE-2014-9644, CVE-2015-0239

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.2.0-77.112

[USN-2512-1] Linux kernel (EC2) vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJU7wYjAAoJEAUvNnAY1cPYQhcP/0bi0Sn+HdSWnK9o0q5DYlUS
Ec0mroWczLSCPX5q5U7in1jlJBS8rnHhWkQr9+msxxyCH9hlI9d4RTYytmfaRWj+
IQMDZz6pGOEuDVTXzUC5KQtXPRFEK/emFbk5L0pRqj8PbZ+HlpmwTc6ZoiLgbKtH
70di+9mDaFB5dVgwuHdDeyXUTBlOTrCvrr/oY3O6uiqtDLhvu8ytGBzCwX3gcZAr
Ztneo2IZ4YIZisxrCo/KHTqcNks9B+NkmERCbRkf7xjE+3OdWYbc/EPSprHD0YuC
6YqPHjADrnuxZYPmJwGs1PjiXpi2CgOID0L9pNqCJ/pmAIECrWOOsgYN80+i7Y8p
7MjyQM1fNdc+faPqhrAhHCe5fb+43SgNsRhTCEYXWxYeLdvMyf/kdLVb6NSQtrNC
FQdi/qcquUq+niCzmLFQaEUo8lw6SENpWF/psqvtFb2iZOJ2Ll/wVHmsZB2+rkf4
wuoB2UDco87nUuEKYwl4r+3iAjhXs+0hCou1OoCpGCOtwMPAjzEiBk+puG7vSSrQ
DiC6E2UMQhT2oyaGWaCsDWNvIyrSKtK/+Q2dnfKfKmBx46dqfARLzz0kzK/ATXJy
Xc7H182uQm82zv6OMQuMW+dKQXHwmOqBWOKWodzgwCvvajqehLoZ95mLp5Qsb7uI
nsMK5m2OhzazJD6ccegx
=GsQA
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2512-1
February 26, 2015

linux-ec2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-ec2: Linux kernel for EC2

Details:

A race condition was discovered in the Linux kernel's key ring. A local
user could cause a denial of service (memory corruption or panic) or
possibly have unspecified impact via the keyctl commands. (CVE-2014-9529)

A memory leak was discovered in the ISO 9660 CDROM file system when parsing
rock ridge ER records. A local user could exploit this flaw to obtain
sensitive information from kernel memory via a crafted iso9660 image.
(CVE-2014-9584)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
linux-image-2.6.32-376-ec2 2.6.32-376.93

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2512-1
CVE-2014-9529, CVE-2014-9584

Package Information:
https://launchpad.net/ubuntu/+source/linux-ec2/2.6.32-376.93

[USN-2511-1] Linux kernel vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJU7wXxAAoJEAUvNnAY1cPYWUgP/RVRXG+6wEHESrBeiA703WYC
xo5rWZ4G9uH1ywsvnkmfelPtld9QPSPpkG1RuEsTXr4ymBLD+nYz15fpxVRr8QfE
koMJYGhc+DfM+evseUB+Gjkqx4BJeyMayLh6YxHBEQ+ga16gGgDWrs0/Ss0ZkssT
/xHn6XcgFG85tRzCmE0B9YeJ30+8ocWAumrKR+jk8JFVjGzfoeDsoAonxzDFISH9
LeN1N4o5ZgrPZ611C6Rq5PhlEQGmsUSXdHHpwfSha7YwveKkl0fV+zBdBcgMTkDQ
oOPtoiAEfcTXO9YVjJREn9pbO4QjnxIDQ6KAWnHNKpJVM6J1StRENS9fmFgzntLd
RyTrBKv43EufizPY233QQcK//DVKTi8GRE5DxZvwJw9G52n5XYcjEpn4YdtswpPB
yZveHtCrVI/pZV0n1aeCX1BWNYPoFul975SPWemBT1Zr3wB7TocvZI7sfLS7Eon6
ciSIp256LlXuepx6jBT/QcPtCy0wOiEajBzGCL3JGnAGfv+RQpYaK6QuiJ2lvefv
d/OBAnqIgLHXKOeCvLF0ZdRQ9uQUNlHGU6HAOo5DnRRnlmNkz3/ymasvDvIL3iH+
yZStTXG5Gin1jGr0lh8R+tTZM0O4hCA3FiIZbrflu0y/cycrDA+BqCgLrKT4kjHk
hDB8wAAanZLk4pzdagvt
=sOFF
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2511-1
February 26, 2015

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

A race condition was discovered in the Linux kernel's key ring. A local
user could cause a denial of service (memory corruption or panic) or
possibly have unspecified impact via the keyctl commands. (CVE-2014-9529)

A memory leak was discovered in the ISO 9660 CDROM file system when parsing
rock ridge ER records. A local user could exploit this flaw to obtain
sensitive information from kernel memory via a crafted iso9660 image.
(CVE-2014-9584)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
linux-image-2.6.32-73-386 2.6.32-73.140
linux-image-2.6.32-73-generic 2.6.32-73.140
linux-image-2.6.32-73-generic-pae 2.6.32-73.140
linux-image-2.6.32-73-ia64 2.6.32-73.140
linux-image-2.6.32-73-lpia 2.6.32-73.140
linux-image-2.6.32-73-powerpc 2.6.32-73.140
linux-image-2.6.32-73-powerpc-smp 2.6.32-73.140
linux-image-2.6.32-73-powerpc64-smp 2.6.32-73.140
linux-image-2.6.32-73-preempt 2.6.32-73.140
linux-image-2.6.32-73-server 2.6.32-73.140
linux-image-2.6.32-73-sparc64 2.6.32-73.140
linux-image-2.6.32-73-sparc64-smp 2.6.32-73.140
linux-image-2.6.32-73-versatile 2.6.32-73.140
linux-image-2.6.32-73-virtual 2.6.32-73.140

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2511-1
CVE-2014-9529, CVE-2014-9584

Package Information:
https://launchpad.net/ubuntu/+source/linux/2.6.32-73.140

Wednesday, February 25, 2015

[USN-2505-1] Firefox vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJU7kVIAAoJEGEfvezVlG4P/FAIAKDlyXHxs67dFvrZT1Q0LZ09
kmMvGrg5luZ4YKEX3XXjzptjzfwNpVo62Yz89UvaYHC604Y8yODgmuR7AgzZfy51
wuZB0CO/Wq4tinegpjhyJnPJVCjQKRDyBE16BTzJWBf7pt4Nu+xCU/HKPXweZfj4
dfATr4rnecsEFMU4/UTGU5uoar9aHO8g3z8gg87Q8nKRER7kbSY57i4qFthkvHCZ
pie7LlOhQ0gC6D8e0aXCEiMTAL26nd4vTmiu36XM3cJKLILLPRRSQW+hUmftoXyF
WmWuqsS6hFKrt8ClfIRvTN674fOpoj1S8IalsGD9OdV+tjqRmi000H/kXiQpWI8=
=TrvE
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2505-1
February 25, 2015

firefox vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Firefox could be made to crash or run programs as your login if it
opened a malicious website.

Software Description:
- firefox: Mozilla Open Source web browser

Details:

Matthew Noorenberghe discovered that whitelisted Mozilla domains could
make UITour API calls from background tabs. If one of these domains were
compromised and open in a background tab, an attacker could potentially
exploit this to conduct clickjacking attacks. (CVE-2015-0819)

Jan de Mooij discovered an issue that affects content using the Caja
Compiler. If web content loads specially crafted code, this could be used
to bypass sandboxing security measures provided by Caja. (CVE-2015-0820)

Armin Razmdjou discovered that opening hyperlinks with specific mouse
and key combinations could allow a Chrome privileged URL to be opened
without context restrictions being preserved. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to bypass security restrictions. (CVE-2015-0821)

Armin Razmdjou discovered that contents of locally readable files could
be made available via manipulation of form autocomplete in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to obtain sensitive
information. (CVE-2015-0822)

Atte Kettunen discovered a use-after-free in the OpenType Sanitiser (OTS)
in some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash. (CVE-2015-0823)

Atte Kettunen discovered a crash when drawing images using Cairo in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service. (CVE-2015-0824)

Atte Kettunen discovered a buffer underflow during playback of MP3 files
in some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to obtain
sensitive information. (CVE-2015-0825)

Atte Kettunen discovered a buffer overflow during CSS restyling in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2015-0826)

Abhishek Arya discovered an out-of-bounds read and write when rendering
SVG content in some circumstances. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit this
to obtain sensitive information. (CVE-2015-0827)

A buffer overflow was discovered in libstagefright during video playback
in some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking Firefox. (CVE-2015-0829)

Daniele Di Proietto discovered that WebGL could cause a crash in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service. (CVE-2015-0830)

Paul Bandha discovered a use-after-free in IndexedDB. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-0831)

Muneaki Nishimura discovered that a period appended to a hostname could
bypass key pinning and HSTS in some circumstances. A remote attacker could
potentially exloit this to conduct a Man-in-the-middle (MITM) attack.
(CVE-2015-0832)

Alexander Kolesnik discovered that Firefox would attempt plaintext
connections to servers when handling turns: and stuns: URIs. A remote
attacker could potentially exploit this by conducting a Man-in-the-middle
(MITM) attack in order to obtain credentials. (CVE-2015-0834)

Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Liz Henry, Byron
Campen, Tom Schuster, Ryan VanderMeulen, Christian Holler, Jesse Ruderman,
Randell Jesup, Robin Whittleton, Jon Coppeard, and Nikhil Marathe
discovered multiple memory safety issues in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-0835, CVE-2015-0836)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
firefox 36.0+build2-0ubuntu0.14.10.4

Ubuntu 14.04 LTS:
firefox 36.0+build2-0ubuntu0.14.04.4

Ubuntu 12.04 LTS:
firefox 36.0+build2-0ubuntu0.12.04.5

After a standard system update you need to restart Firefox to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2505-1
CVE-2015-0819, CVE-2015-0820, CVE-2015-0821, CVE-2015-0822,
CVE-2015-0823, CVE-2015-0824, CVE-2015-0825, CVE-2015-0826,
CVE-2015-0827, CVE-2015-0829, CVE-2015-0830, CVE-2015-0831,
CVE-2015-0832, CVE-2015-0834, CVE-2015-0835, CVE-2015-0836

Package Information:
https://launchpad.net/ubuntu/+source/firefox/36.0+build2-0ubuntu0.14.10.4
https://launchpad.net/ubuntu/+source/firefox/36.0+build2-0ubuntu0.14.04.4
https://launchpad.net/ubuntu/+source/firefox/36.0+build2-0ubuntu0.12.04.5

[CentOS-announce] CESA-2015:0266 Important CentOS 5 thunderbird Security Update

CentOS Errata and Security Advisory 2015:0266 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0266.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
03125dc617adf6e21a75514e135e82f08d90178f17f8d3e6c96d3cbc360b78ce thunderbird-31.5.0-1.el5.centos.i386.rpm

x86_64:
c638b9ceb5e6f217727fd392466c03bd268d668d167687215c87a8cbad9a4bcf thunderbird-31.5.0-1.el5.centos.x86_64.rpm

Source:
1985b7f18bb11b6dadb49cdb3a2dd8119767aab93f561789537319b754eb6d51 thunderbird-31.5.0-1.el5.centos.src.rpm



--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CESA-2015:0266 Important CentOS 6 thunderbird Security Update

CentOS Errata and Security Advisory 2015:0266 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0266.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
10cf2774899a722583ccf83178b5b0c670cdfaa467e7def8038101d0512e89ac thunderbird-31.5.0-1.el6.centos.i686.rpm

x86_64:
72d284150fec9a4815ab4358299199052181d31d62bdd0e5a8fe57e925ff6165 thunderbird-31.5.0-1.el6.centos.x86_64.rpm

Source:
5568672fb5bb86b79e4824e171f4c973ec6953defd67248f2c58b31ebf5d663b thunderbird-31.5.0-1.el6.centos.src.rpm



--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

OpenBSD Foundation 2014/2015 News & Fund Raising

2014 was the most successful year to date for the OpenBSD Foundation.
Both in the amount of money we raised and in the support we provided
for the OpenBSD and related projects. We are extremely grateful for
the support shown by our contributers large and small.

A detailed summary of the Foundation's activities in 2014 can be seen at

http://www.openbsdfoundation.org/activities.html

But here are some highpoints.

We received $397,000 in new donations and paid out $129,000 to support the
activities of the OpenBSD and related projects.

Some of the things the $129,000 made happen were higher speed network
links to the project's machine room; new servers, UPSs, network
switches, serial consoles and network monitoring equipment for the
machine room; development machines for several developers; participation
in GSOC 2014; and hackathons in Lujbljana, Dunedin, Berlin, and
Marrakesh.

As you can see, 2014 was a very good year for the Foundation. This
can be attributed to a number of unique events. A very public
finanical crisis at the start of the year generated extensive
community support, and the releases of LibreSSL generated significant
interest and support.

But it is important for us not to rely on one time events for our
success.

Which brings us to our 2015 Fundraising Campaign, described at

http://www.openbsdfoundation.org/campaign2015.html

The OpenBSD Foundation needs your help to achieve our fundraising
goal of $200,000 for 2015. We need both Individual and Corporate
sponsorship of the Foundation.

Reaching this goal will ensure the continued health of the projects
we support, will enable us to help them do more, and will avoid the
distraction of financial emergencies that could spell the end of
the projects.

In particular it would allow us to fund more dedicated developer
time for targeted development of specific projects.

If $10 were given for every installation of OpenBSD in the last
year from the master site we would be at our goal.

If $2 were given for every download of the OpenSSH source code in
the last year from the master site we would be at our goal.

If a penny was donated for every pf or OpenSSH installed with a
mainstream operating system or phone in the last year we would be
at our goal.

As an individual or corporation, the best kind of donation we can
receive is a recurring donation. This allows longer term planning
on our part, instead of hoping for one time cash infusions. The
easiest way for an individual to support us in this way is a recurring
Paypal donation, which is our preference.

Donations to the foundation can be made on our Donations Page.

http://www.openbsdfoundation.org/donations.html

We can be contacted regarding corporate sponsorship at
fundraising@openbsdfoundation.org

reallost1.fbsd2233449:电商时代,线上营销与线下门店如何结合,快速提升业绩?

                     打 造 金 牌 店 长 特 训 营 
                                              ---门店九大核心问题解决模板

【时间地点】 2016年3月03-04 日 广州、3月17-18日 北京

【参加对象】 储备店长、新任店长、正副店长、门店经理、区域督导、营运经理等渴望提升系统门店经营管理水平的人士

【学习费用】 3 5 0 0 /人(含课程讲义、午餐、茶点...)

 垂询热线:深圳:0755-6128-0006,北京:010-5129-9910

在·线·QQ·微信:320588808     18917870808    许先生

注:如不需此类信件信息,请发送"删除'至wytuixin@163.com,打扰之处,还请谅解。。。

课程背景:
  在微营销盛行的今天,电商网店与传统门店并存的零售环境下,传统门店的集客方式、销售技巧、顾客管理、员工管理、货品管理以及门店赢利模式等等发生了巨大的变化,作为门店的店长经理,你是否遇到以下九大核心问题?
1、如何运用微营销等有效手段来快速增加进店人数,解决进店率不足问题?
2、电商时代,线上营销与线下门店如何结合,快速提升业绩?
3、如何创新VIP顾客管理,激活"睡美人"?
4、如何活用"PK机制"激发员工的斗志,快速提升业绩?
5、如何掌握教练技术与员工辅导,解决店长不能批量复制能手问题?
6、如何建立三洗五会培训体系,彻底解决学习后不执行的问题?
7、如何导入门店"文化墙",打造自动自发式的狼性团队?
8、如何运用月周日会议管理,快速达成门店销售目标?
9、如何让店长快速学会门店数据分析工具,看懂财务报表,主动解决经营问题?
   中国金牌店长培训第一品牌,赶快参加吧!聚焦门店经营九大核心问题,20套落地模板。剖析店长常见
的27个头痛的管理现象,掌握19个实用管理工具。"回去就能用,行动就见效"是本次店长系统成长训练营
的最大卖点。《打造金牌店长特训营》二天三阶段13个小时的落地课程,将为店长的门店经营管理技能系统
提升提供全面解决方案。

培训收益:
1、牢记开店的目的:"盈利才是硬道理"!
2、明确店长的角色定位,服务意识及系统管理能力。
3、掌握高效率门店领导与管理的方法,迅速提升工作效率。
4、树立品牌推广意识,学会用微营销拓展进店人数的有效方法。
5、掌握门店日常营运管理七大核心"武器",确保销售目标的持续达成。
6、学习有效激励与管理员工和新员工辅导的技巧,打造超级战斗力狼性团队。
7、加强VIP客户管理,用优质服务塑造品牌;赢得忠诚顾客,确保门店持续经营。
8、学会销售数据的管理与分析;了解库存积压对生意的危害;掌握货品在门店快速流转的销售策略。
9、由"销售型店长"到"管理型店长"再到"经营型店长"三级跳。系统掌握门店赢利模式,成为门店经
   营管理与绩效改善的高手。

讲师介绍:【刘晓亮】
实战渠道管理专家
实战连锁经营管理专家
中国十大经销商培训名师
清华、北大、上海交大EMBA班特聘讲师

  他从外企销售代表做起,拥有超过10年跨国企业中高层营销管理工作经历和全球著名咨询公司麦肯锡PAI活动管理项目辅导顾问资历,并且拥有15年企业管理培训与咨询的从业经验,以"为企业培养实战型渠道管理及连锁运营人才"为使命,专注于成长性品牌连锁经营与终端业绩快速提升的问题研究与课程开发,培训中经常提供各种有效解决问题的落地工具,被誉为"工具先生"。已有成千上万的职业经理人受益于刘晓亮老师的"理念+方法+工具"实用课程,在各自企业的管理工作岗位上发挥着重要的作用。他认为"加盟商赢利模式老化" 和"忽视门店精细化管理"是制约连锁品牌在终端门店持续扩大市场份额的两大难题。刘晓亮先生知识渊博,视野开阔,信息量大。课程风趣幽默,互动性强,观点精辟、工具落地。是许多品牌企业经销商大会指定演讲嘉宾。他始创的"345B"培训质量控制体系,较好地解决了企业管理培训领域长期以来效果难以落地的痼疾,为中国企业管理培训落地服务作出了重要的贡献。他主讲的《高效运营团队七大系统》、《单店赢利模式五大维度》、《经销商做强做大六项修炼》、《门店精细化管理实战班》、《打造金牌店长特训营》等咨询式培训课程已帮助众多品牌连锁企业及其经销商团队迅速改善管理,大幅提升生意。一惯倡导的"快乐、激励、分享"培训文化,广受学员的好评。同时,在咨询辅导方面,刘晓亮老师认为"改造人性"比"建立标准"更重要,他研发的《7X幸福企业人》辅导项目从根本上改造了人性,让每个员工以"我就是老板"的心态看待工作标准,打造出了"强大经营团队",给企业安装了一台持续经营的"发动机"。

客户评价:
  2014年2月我们全国大店店长在聚集总部。聆听刘晓亮老师的实战、精彩的课程,收获很大;刘老师通过对同仁堂门店的深入调研,设计了具有针对性的培训解决方案,并编出了一套门店运营管理工具。刘老师以其实用、风趣、大方的授课风格很好地调动了现场学员的热情和学习的积极性,满意度达到98%。     
                                                   ——同仁堂药业培训部  于淼经理

  刘老师的课程很生动、富有激情,最重要的是紧密结合了餐饮行业门店经理在工作中遇到的具体问题来分析。案例较多,实战性强,具有很强的指导作用。我们合作了5场,收获很多。希望刘老师推出更多好的课程。                                                                                     ——苏氏牛肉面 人力资源部 张景江总监

  我们公司2013-2014年度集团零售系统要对全国区域门店经理进行专题培训,我们人力资源部从全国各地选拔讲师,北京、上海、深圳常去听课,最后我们还是决定由刘晓亮老师担纲本次项目主讲。我们合作了8场,大家反映都很好,刘老师的课很实战、落地工具多,课堂气氛活跃。                    
                                                  ——亨得利集团培训中心 常晨明经理

  2012年7-9月,刘晓亮老师为中国的代理商完成了《经销商做强做大六项修炼》5场巡回培训。刘老师的课程信息量大、案例丰富、工具落地、互动性强,课堂氛围很好。最重要的是紧密结合了家具行业经销商在工作中遇到的问题,有针对性地进行分析。我们收获很大,以后希望有更多的合作。
                                                                ——全友家居 张友全总裁

  第一次与刘老师合作,我们请他为我们全国核心渠道商做了《经销商管理》的课程。我们的经销商听过很多课了,刘老师不但能教会理念的东西,更能教会一些评估的实用工具,实用性强,学员反映收获很大。
                                                ——联想集团大联想学院 孔庆斌院长

  刘老师的课程最重要的是紧密结合了珠宝行业门店管理人员在工作中遇到的实际问题。实战案例情节丰富,分析也很透彻。管理人员很快就学会了解决问题的思路,不象以前那样一旦遇到问题就是抱怨。我们比较过好几个培训讲师,最后聘请了刘晓亮老师,效果不错。
                                                      ——周大福珠宝华中分公司  张老师

  刘晓亮老师在百度里点击率很高,第一次请他上课我还是比较放心。听说他跟清华大学EMBA班也上过课,很实用,我才邀请他来上课。刘老师为人和气,很具敬业精神。他的课程方向性强,注重实战,工具不少。是能够让我们VIP会员企业满意的培训讲师,我们已经邀请他来北大讲课4次了。               
                                                 ——北京大学汇丰商学院  张俊东老师

  我本人做销售带团队,很喜欢学习。上过不少老师的课,刘晓亮老师的课程十分实用,是我们SLIC提升销售人员零售终端表现的好课程,谢谢刘老师。
                                          ——施耐德电气智能终端事业部华北区 李总

  这几年,我们请过很多国内名气大的营销讲师,刘老师可以说是中国照明行业最优秀的实战营销讲师。刘老师讲课生动活泼,极富哲理,具有实战性、幽默感,2010年欧普照明举办了6场全国销售人员培训,学员反映很实用,都很满意。
                                                       ——欧普照明华东区营销总监 杨总

课程大纲:
第一阶段:金牌店长必修篇---销售型店长
第一单元:电商时代,线上营销与线下门店如何结合,快速提升业绩?
一、如何做好微信营销,提升成交率?
1、一个作用是:实现路人变客户、客户变伙伴的过程
2、三种模式是:发展新客户、转化老客户、建立客户联盟
3、八种动作是:吸过客、集访客、激潜客、转现客、养忠客、挖大客、升友客、结换客
二、O2O时代,如何做好线上营销与线下门店结合问题?
1、如何定位你的营销模式?
2、不同企业不同阶段有不同的操作方法
3、O2O模式建立过程中,应该注意的3个问题
三、现场形成你的解决模板:建立《连锁门店O2O推广模式》,增加进店人数,提升促成率
四、案例分析:杭州××著名服装连锁店的运用ABC微信互动法,销量持续增长

第二阶段:金牌店长核心篇---管理型店长
第一单元:管理自己-"猴子穿衣不算人"
一、我是谁?
1、"猴子穿衣不算人"
2、店长的苦恼:为什么我总是站错位?
二、作为门店领头羊的"三种"类型
1、榜样型、教练型、导师型
2、不同门店发展阶段运用不同类型
三、由"超级导购"到"团队教练"的四个功能转换:
1、为什么头脑里只有导购思维,没有店长思维?
2、如何做好四个转变?①首要任务; ②工作关系;③角色转变;④工作范围
四、优秀店长的"五好"角色:
1、好"太太"—做好本职树榜样,如何做?
2、好"媳妇"—上司职务代理人,如何做?
3、好"妯娌"—部门协作创绩效,如何做?
4、好"妈妈"—带人带心还带性,如何做?
5、好"朋友"—刺猬取暖常跟进,如何做?
五、明确店面营运七个系统与四大目标
1、七个系统-绩效指标管理、现场管理、营销管理、账务管理、班务管理、弱项辅导管理、公关管理
2、四大目标-销售目标、盈利目标、员工满意度、顾客满意度
六、快乐的奶牛产奶多:店长的自我情绪与压力管理五大方法
七、现场测试:你属于哪一幅《店长的18张通病画像》?

第二单元:领导别人-"带人带心,带心带性"领导力
一、树立店长权威
1、威信123工程
   ①一颗公心    ②两手专业    ③三身榜样
2、店长服众由弱到强的五种权力来源
   ①头衔权    ②利益权    ③人事权    ④专业权   ⑤典范权
二、分派任务目标的方法与要领
1、任务目标到人头的月周日分解方法
2、分派任务三原则:5W2H法、承诺法、激将法
三、员工培训有效的方法
1、店面培训五大老大难问题:
   ①员工不想学习、学习之后不用、店长不会教、没有阶梯课程、没有训练员
   ②对策:导入《员工培训积分制》与《神秘顾客制》
2、员工教练技术四步法
   ①OJT教导四步骤:S1我说你听-S2我做你看-S3你做我看-S4我检查你
   ②注意教练中的3个心态细节
3、店面培训立竿见影的培训方法
   对策:建立《三洗五会培训体系》
四、有效的员工沟通方法
1、以人为本的四性沟通法
2、细节夸奖的艺术与先麻醉后开刀的批评方法
3、为什么夸奖一个人打倒一群人?为什么批评一个人,离散一团队?
   工具:导入《夸奖与批评的文化机制》
4、十种"刺头"员工的管理艺术
5、IQ高EQ低的90后店员管理沟通法
五、有效员工激励的策略
1、员工消极的6大原因
2、激励的原理:P=P-I
3、工具:思想工作五部曲
4、激励员工工作积极性的"10台发动机"
   工具:《激发员工高涨士气的"PK墙"》
六、店面现场人事问题解决的思路与方法
   工具:《PSP解决现场问题六步骤》

第三单元:建设团队-打造狼性门店的"136部队"
一、门店团队认知
    明星队与冠军队,你选谁?
二、团队协作的困难分析
1、"三个和尚"扛水过桥启示录
2、门店内为什么员工会抢单?
3、考核制度哪里有问题?
三、打造狼性门店团队战斗力的"136部队":
1、团队游戏:《报数》的深刻启示
2、136部队:①一个信念②三个特征③六个指标
四、打造狼性门店"文化"的三个来源:
1、建立团队文化就是用大帮派吃掉小帮派
2、建立《门店独特的团队文化"树"》操作工具

第四单元:抓牢运营-高效门店运作七大核心"武器"
一、武器一:店长必备的《工作待办单》操作
1、工作繁忙,怎么办?
2、最有效的管理方法:开门七件事
3、如何运用《工作待办单》,提升工作效率?
二、武器二:激情四射的《早会经营系统》操作
1、晨会氛围-"士气比武器重要!"
2、晨会内容-决定销售目标的关键
3、晨会流程-5分钟晨会推动销售的技巧
三、武器三:《班前中后巡店检查表》操作
1、谁是门店稽查专员?
2、如何利用检查结果改善工作?
四、武器四:《分析会议系统》操作
1、如何开好月周日班四种会议?
2、会后如何有效跟进?
五、武器五:《顾客客满意评价系统》操作
1、怎样衡量顾客的满意度?
2、让顾客满意的两个条件
六、武器六:《周目标纠偏表》操作
1、为什么要做目标管理?
2、如何做好员工目标追踪方法?
   ①目标分解落实
   ②学会用目标激励部属达标
3、激励部属达成业绩目标的123方法:
   ①一个中心    ②两个公式    ③三个关键会议
4、门店目标管理中应注意几个问题
5、案例分析:白云国际机场xx皮具专卖店AB两班目标PK,创造销量奇迹。
七、武器七:快速提升执行力的《同修会》操作
1、员工执行力不好的5原因
2、解决岗位相互制约的执行工具《同修会》

第五单元:超越顾客-创新优质服务,激活"睡美人"
一、服务的理念
1、谁是我们的顾客?
2、顾客的分类
二、顾客的价值
1、失去一个顾客的代价
2、不满意的顾客怎么做?
3、满意顾客带来的价值
4、店面服务中的四类明星与四大恶人
5、抓住顾客服务的
   MOT关键时刻,创造价值
三、顾客抱怨处理与"五步消气法"
1、处理投诉的五个策略
2、用"三转法"搞定史上最不讲理的顾客
3、如何把抱怨顾客变成忠诚顾客的三大策略?
4、落地工具:《顾客投诉处理跟进系统》操作
四、创新VIP顾客服务,激活"睡美人":
1、VIP对门店发展的战略意义
2、如何建立优质VIP顾客有效服务计划?
3、小组讨论与发表:激活VIP顾客的十大策略

第三阶段:金牌店长高阶篇---经营型店长
第一单元:如何快速提升门店毛利额?
一、正确理解盈利才是硬道理
1、利润=收入-支出
2、每天一开门,门店就产生十大费用支出,如何分析对策?
二、培养成本控制的意识
1、控制成本的有效方法:干毛巾再扭扭看!
2、区分有效成本与无效成本
3、如何象老板一样思考经营成本?

第二单元:如何学会门店数据分析,读懂财务报表?
一、数字是店铺的温度计:
1、数字是快速诊断店铺问题的关键
2、店铺的基本数字:
营业额、库存、订货额、毛利、回转周数、坪效率、人效率、入店率、搭配率、市场占有率、SKU数
二、如何根据门店数据分析,有效进行货品调整,降低库存?
1、门店的8个主要表现指标,分析发现病因,如何采取销售行动方案?
总销售额
分类货品销售额
坪效
畅销款/滞销款
连带率:销售件数/交易次数
客单价:销售额/交易次数
平均单价:销售额/销售件数
2、案例分析:某运动服饰《销售周报表数据分析》心得
三、店长用数据分析读懂财务报表,《数据分析四部曲》操作
1、数据分析四部曲
2、运用分析工具读懂财务报表
3、案例分析:三分钟教会你看懂财务报表

[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:03.freebsd-update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-EN-15:03.freebsd-update Errata Notice
The FreeBSD Project

Topic: freebsd-update updates libraries in suboptimal order

Category: base
Module: freebsd-update
Announced: 2015-02-25
Credits: Brooks Davis
Affects: All supported versions of FreeBSD.
Corrected: 2015-02-09 09:22:47 UTC (stable/10, 10.1-STABLE)
2015-02-25 05:56:16 UTC (releng/10.1, 10.1-RELEASE-p6)
2015-02-25 05:56:16 UTC (releng/10.0, 10.0-RELEASE-p18)
2015-02-09 09:45:58 UTC (stable/9, 9.3-STABLE)
2015-02-25 05:56:54 UTC (releng/9.3, 9.3-RELEASE-p10)
2015-02-09 10:09:46 UTC (stable/8, 8.4-STABLE)
2015-02-25 05:56:54 UTC (releng/8.4, 8.4-RELEASE-p24)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.freebsd.org/>.

I. Background

The freebsd-update(8) utility is used to apply binary patches to FreeBSD
systems installed from official release images, as an alternative to
rebuilding from source. A freebsd-update(8) build server generates the
signed update packages, consisting of an index of files and directories
with checksums before the update, a set of binary patches, and an
index of files and directories with checksums after the update. The
client downloads the indexes, verifies the signatures and checksums,
then downloads and applies the required patches.

II. Problem Description

In general, the runtime linker needs to be updated before all other
libraries, including the standard C library (libc) and the threading
library (libthr), because these libraries depend on functionality of
the runtime linker.

Before this update, the freebsd-update(8) utility did not enforce
this ordering requirement and would replace libthr (and all other
libraries) before updating the runtime linker.

A recent change to the FreeBSD threading library that would prevent
a deadlock in a child process requires a NULL pointer test in the
runtime linker (/libexec/ld-elf.so.1) be in place. Since previous
versions of the runtime linker do not have this test, processes will
crash due to a NULL pointer deference.

III. Impact

If a name-service switch module linked to the threading library -- such
as ldap or winbind -- was configured to provide passwd or group services
in /etc/nsswitch.conf, then all attempts to look up a user or group by
name after the threading library was updated would result in a crash.
Most obviously, all further install(1) invocations by freebsd-update(8)
will crash, leaving the system partially updated and largely unusable.

IV. Workaround

Disabling any name-service switch modules linked to libthr prior to
running the freebsd-update(8) 'upgrade' command works around the issue.
These modules include, but are not limited to, ldap and winbind.

V. Solution

The freebsd-update(8) utility has been updated to install the runtime
linker before any libraries.

You MUST upgrade systems prior to 10.1 to address this errata notice before
updating to 10.1 or later using freebsd-update(8).

Perform one of the following:

1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.

2) To update your present system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

3) To update your present system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

[FreeBSD 9.3]
# fetch https://security.FreeBSD.org/patches/EN-15:03/freebsd-update.patch
# fetch https://security.FreeBSD.org/patches/EN-15:03/freebsd-update.patch.asc
# gpg --verify freebsd-update.patch.asc

b) Apply the patch. Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.

VI. Correction details

The following list contains the correction revision numbers for each
affected branch.

Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r278446
releng/8.4/ r279265
stable/9/ r278444
releng/9.3/ r279265
stable/10/ r278443
releng/10.0/ r279264
releng/10.1/ r279264
- -------------------------------------------------------------------------

To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:

# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>

VII. References

The latest revision of this Errata Notice is available at
https://security.FreeBSD.org/advisories/FreeBSD-EN-15:03.freebsd-update.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.1 (FreeBSD)

iQIcBAEBCgAGBQJU7WjDAAoJEO1n7NZdz2rnkNkQAOJU6l5aKWWwvxU+Bxwc/zV5
DcmGnL+7b/dN2zKdRVz6N54vuFnoUsXMd5EobxdC5MX31Yn/GnL5dQMbJDNAEL8D
I6jYdqf7PQL3v+EBiOFNazjeRbx5EM2gNLfwozv5LHKxER5ggmalmmf168Se4cRX
V+v2i28lCvAgOu3hXLd5gKQ3s8dNh2t/uxWI+fS3Sl6bitC0xVsXFEpTc8qIaJEu
cbVmedRQEoSnQPLdpoSgbmQpjp6/45l/UtLZpK7Cr7h8BHS9wtKdWjjkNL/wyF5j
3p2yanr6koT3P1iAhBJFE/3Dw4h5PlvWH56LP4PJmACuxU02AYrjc/ZVX1IL6bLt
9AuO8W28DTi6q9q8xy+XHcYXuDS4PF3oCDZ92m2iZMHcO747q8UQdKkgCEUfIZ2n
L79Dfkkx0uSmp4FIc1f/T6gDiBkZFRfs4stHRrm9K6nbyvFCAczj8wTUQPDjDUGw
zGH1jN9r/I3mHi3FREd0+w++BYZproepf4yfv5c/UJN9P88vCBAZZqlS1kkxYGUz
jOwzsF/MkpMWW16Xp58f7uwGTVZNTLzoq0r2GTln2R9fQAoQNrJYcBiW48MPSlQe
wef9nRhC8BPOSI70dl5r16/lOu4IuBqwBFiY8QzzDc/DABmaDUQrhLRp+VDHqFeL
taJCUogXb0n1CFub4f9P
=J5C+
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"