==========================================================================
Ubuntu Security Notice USN-2909-2
February 27, 2016
linux-lts-utopic regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
USN-2909-1 introduced a regression in the Ubuntu 14.10 Linux kernel
backported to Ubuntu 14.04 LTS.
Software Description:
- linux-lts-utopic: Linux hardware enablement kernel from Utopic for Trusty
Details:
USN-2909-1 fixed vulnerabilities in the Ubuntu 14.10 Linux kernel
backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a
regression that broke graphics displays for Ubuntu 14.04 LTS guests
running the Ubuntu 14.10 backport kernel within VMWare virtual
machines. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,
incorrectly propagated file attributes, including setuid. A local
unprivileged attacker could use this to gain privileges. (CVE-2016-1576)
halfdog discovered that OverlayFS in the Linux kernel incorrectly
propagated security sensitive extended attributes, such as POSIX ACLs. A
local unprivileged attacker could use this to gain privileges.
(CVE-2016-1575)
It was discovered that the Linux kernel's Filesystem in Userspace (FUSE)
implementation did not handle initial zero length segments properly. A
local attacker could use this to cause a denial of service (unkillable
task). (CVE-2015-8785)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-3.16.0-62-generic 3.16.0-62.83~14.04.1
linux-image-3.16.0-62-generic-lpae 3.16.0-62.83~14.04.1
linux-image-3.16.0-62-lowlatency 3.16.0-62.83~14.04.1
linux-image-3.16.0-62-powerpc-e500mc 3.16.0-62.83~14.04.1
linux-image-3.16.0-62-powerpc-smp 3.16.0-62.83~14.04.1
linux-image-3.16.0-62-powerpc64-emb 3.16.0-62.83~14.04.1
linux-image-3.16.0-62-powerpc64-smp 3.16.0-62.83~14.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2909-2
http://www.ubuntu.com/usn/usn-2909-1
https://launchpad.net/bugs/1548587
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-utopic/3.16.0-62.83~14.04.1
Saturday, February 27, 2016
[USN-2910-2] Linux kernel (Vivid HWE) regression
==========================================================================
Ubuntu Security Notice USN-2910-2
February 27, 2016
linux-lts-vivid regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
USN-2910-1 introduced a regression in the Ubuntu 15.04 Linux kernel
backported to Ubuntu 14.04 LTS.
Software Description:
- linux-lts-vivid: Linux hardware enablement kernel from Vivid for Trusty
Details:
USN-2910-1 fixed vulnerabilities in the Ubuntu 15.04 Linux kernel
backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a
regression that broke graphics displays for Ubuntu 14.04 LTS guests
running the Ubuntu 15.04 backport kernel within VMWare virtual
machines. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,
incorrectly propagated file attributes, including setuid. A local
unprivileged attacker could use this to gain privileges. (CVE-2016-1576)
halfdog discovered that OverlayFS in the Linux kernel incorrectly
propagated security sensitive extended attributes, such as POSIX ACLs. A
local unprivileged attacker could use this to gain privileges.
(CVE-2016-1575)
It was discovered that the Linux kernel keyring subsystem contained a race
between read and revoke operations. A local attacker could use this to
cause a denial of service (system crash). (CVE-2015-7550)
郭永刚 discovered that the Linux kernel networking implementation did
not validate protocol identifiers for certain protocol families, A local
attacker could use this to cause a denial of service (system crash) or
possibly gain administrative privileges. (CVE-2015-8543)
Dmitry Vyukov discovered that the pptp implementation in the Linux kernel
did not verify an address length when setting up a socket. A local attacker
could use this to craft an application that exposed sensitive information
from kernel memory. (CVE-2015-8569)
David Miller discovered that the Bluetooth implementation in the Linux
kernel did not properly validate the socket address length for Synchronous
Connection-Oriented (SCO) sockets. A local attacker could use this to
expose sensitive information. (CVE-2015-8575)
It was discovered that the Linux kernel's Filesystem in Userspace (FUSE)
implementation did not handle initial zero length segments properly. A
local attacker could use this to cause a denial of service (unkillable
task). (CVE-2015-8785)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-3.19.0-51-generic 3.19.0-51.58~14.04.1
linux-image-3.19.0-51-generic-lpae 3.19.0-51.58~14.04.1
linux-image-3.19.0-51-lowlatency 3.19.0-51.58~14.04.1
linux-image-3.19.0-51-powerpc-e500mc 3.19.0-51.58~14.04.1
linux-image-3.19.0-51-powerpc-smp 3.19.0-51.58~14.04.1
linux-image-3.19.0-51-powerpc64-emb 3.19.0-51.58~14.04.1
linux-image-3.19.0-51-powerpc64-smp 3.19.0-51.58~14.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2910-2
http://www.ubuntu.com/usn/usn-2910-1
https://launchpad.net/bugs/1548587
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-vivid/3.19.0-51.58~14.04.1
Ubuntu Security Notice USN-2910-2
February 27, 2016
linux-lts-vivid regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
USN-2910-1 introduced a regression in the Ubuntu 15.04 Linux kernel
backported to Ubuntu 14.04 LTS.
Software Description:
- linux-lts-vivid: Linux hardware enablement kernel from Vivid for Trusty
Details:
USN-2910-1 fixed vulnerabilities in the Ubuntu 15.04 Linux kernel
backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a
regression that broke graphics displays for Ubuntu 14.04 LTS guests
running the Ubuntu 15.04 backport kernel within VMWare virtual
machines. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,
incorrectly propagated file attributes, including setuid. A local
unprivileged attacker could use this to gain privileges. (CVE-2016-1576)
halfdog discovered that OverlayFS in the Linux kernel incorrectly
propagated security sensitive extended attributes, such as POSIX ACLs. A
local unprivileged attacker could use this to gain privileges.
(CVE-2016-1575)
It was discovered that the Linux kernel keyring subsystem contained a race
between read and revoke operations. A local attacker could use this to
cause a denial of service (system crash). (CVE-2015-7550)
郭永刚 discovered that the Linux kernel networking implementation did
not validate protocol identifiers for certain protocol families, A local
attacker could use this to cause a denial of service (system crash) or
possibly gain administrative privileges. (CVE-2015-8543)
Dmitry Vyukov discovered that the pptp implementation in the Linux kernel
did not verify an address length when setting up a socket. A local attacker
could use this to craft an application that exposed sensitive information
from kernel memory. (CVE-2015-8569)
David Miller discovered that the Bluetooth implementation in the Linux
kernel did not properly validate the socket address length for Synchronous
Connection-Oriented (SCO) sockets. A local attacker could use this to
expose sensitive information. (CVE-2015-8575)
It was discovered that the Linux kernel's Filesystem in Userspace (FUSE)
implementation did not handle initial zero length segments properly. A
local attacker could use this to cause a denial of service (unkillable
task). (CVE-2015-8785)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-3.19.0-51-generic 3.19.0-51.58~14.04.1
linux-image-3.19.0-51-generic-lpae 3.19.0-51.58~14.04.1
linux-image-3.19.0-51-lowlatency 3.19.0-51.58~14.04.1
linux-image-3.19.0-51-powerpc-e500mc 3.19.0-51.58~14.04.1
linux-image-3.19.0-51-powerpc-smp 3.19.0-51.58~14.04.1
linux-image-3.19.0-51-powerpc64-emb 3.19.0-51.58~14.04.1
linux-image-3.19.0-51-powerpc64-smp 3.19.0-51.58~14.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2910-2
http://www.ubuntu.com/usn/usn-2910-1
https://launchpad.net/bugs/1548587
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-vivid/3.19.0-51.58~14.04.1
[USN-2908-5] Linux kernel (Wily HWE) regression
==========================================================================
Ubuntu Security Notice USN-2908-5
February 27, 2016
linux-lts-wily regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
USN-2908-2 introduced a regression in the Ubuntu 15.10 Linux kernel
backported to Ubuntu 14.04 LTS.
Software Description:
- linux-lts-wily: Linux hardware enablement kernel from Wily for Trusty
Details:
USN-2908-2 fixed vulnerabilities in the Ubuntu 15.10 Linux kernel
backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a
regression that broke graphics displays for Ubuntu 14.04 LTS guests
running the Ubuntu 15.10 backport kernel within VMWare virtual
machines. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,
incorrectly propagated file attributes, including setuid. A local
unprivileged attacker could use this to gain privileges. (CVE-2016-1576)
halfdog discovered that OverlayFS in the Linux kernel incorrectly
propagated security sensitive extended attributes, such as POSIX ACLs. A
local unprivileged attacker could use this to gain privileges.
(CVE-2016-1575)
It was discovered that the Linux kernel did not properly enforce rlimits
for file descriptors sent over UNIX domain sockets. A local attacker could
use this to cause a denial of service. (CVE-2013-4312)
It was discovered that the Linux kernel's Filesystem in Userspace (FUSE)
implementation did not handle initial zero length segments properly. A
local attacker could use this to cause a denial of service (unkillable
task). (CVE-2015-8785)
Andy Lutomirski discovered a race condition in the Linux kernel's
translation lookaside buffer (TLB) handling of flush events. A local
attacker could use this to cause a denial of service or possibly leak
sensitive information. (CVE-2016-2069)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-4.2.0-30-generic 4.2.0-30.36~14.04.1
linux-image-4.2.0-30-generic-lpae 4.2.0-30.36~14.04.1
linux-image-4.2.0-30-lowlatency 4.2.0-30.36~14.04.1
linux-image-4.2.0-30-powerpc-e500mc 4.2.0-30.36~14.04.1
linux-image-4.2.0-30-powerpc-smp 4.2.0-30.36~14.04.1
linux-image-4.2.0-30-powerpc64-emb 4.2.0-30.36~14.04.1
linux-image-4.2.0-30-powerpc64-smp 4.2.0-30.36~14.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2908-5
http://www.ubuntu.com/usn/usn-2908-1
https://launchpad.net/bugs/1548587
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-wily/4.2.0-30.36~14.04.1
Ubuntu Security Notice USN-2908-5
February 27, 2016
linux-lts-wily regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
USN-2908-2 introduced a regression in the Ubuntu 15.10 Linux kernel
backported to Ubuntu 14.04 LTS.
Software Description:
- linux-lts-wily: Linux hardware enablement kernel from Wily for Trusty
Details:
USN-2908-2 fixed vulnerabilities in the Ubuntu 15.10 Linux kernel
backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a
regression that broke graphics displays for Ubuntu 14.04 LTS guests
running the Ubuntu 15.10 backport kernel within VMWare virtual
machines. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,
incorrectly propagated file attributes, including setuid. A local
unprivileged attacker could use this to gain privileges. (CVE-2016-1576)
halfdog discovered that OverlayFS in the Linux kernel incorrectly
propagated security sensitive extended attributes, such as POSIX ACLs. A
local unprivileged attacker could use this to gain privileges.
(CVE-2016-1575)
It was discovered that the Linux kernel did not properly enforce rlimits
for file descriptors sent over UNIX domain sockets. A local attacker could
use this to cause a denial of service. (CVE-2013-4312)
It was discovered that the Linux kernel's Filesystem in Userspace (FUSE)
implementation did not handle initial zero length segments properly. A
local attacker could use this to cause a denial of service (unkillable
task). (CVE-2015-8785)
Andy Lutomirski discovered a race condition in the Linux kernel's
translation lookaside buffer (TLB) handling of flush events. A local
attacker could use this to cause a denial of service or possibly leak
sensitive information. (CVE-2016-2069)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-4.2.0-30-generic 4.2.0-30.36~14.04.1
linux-image-4.2.0-30-generic-lpae 4.2.0-30.36~14.04.1
linux-image-4.2.0-30-lowlatency 4.2.0-30.36~14.04.1
linux-image-4.2.0-30-powerpc-e500mc 4.2.0-30.36~14.04.1
linux-image-4.2.0-30-powerpc-smp 4.2.0-30.36~14.04.1
linux-image-4.2.0-30-powerpc64-emb 4.2.0-30.36~14.04.1
linux-image-4.2.0-30-powerpc64-smp 4.2.0-30.36~14.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2908-5
http://www.ubuntu.com/usn/usn-2908-1
https://launchpad.net/bugs/1548587
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-wily/4.2.0-30.36~14.04.1
Friday, February 26, 2016
[CentOS-announce] Release for CentOS Linux 7 Rolling media Feb 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I am pleased to announce general availability of the Feb 2016
snapshot for CentOS Linux. This release includes CentOS Linux 7 iso
based install media, Generic Cloud images, Atomic Host, Docker
containers, Vagrant images, vendor hosted cloud images.
This release set is tag'd 1602
CentOS Linux rolling builds are point in time snapshot media rebuild
from original release time, to include all updates pushed to
mirror.centos.org's repositories. This includes all security, bugfix,
enhancement and general updates for CentOS Linux. Machines installed
from this media will have all these updates pre-included and will look
no different when compared with machines installed with older media
that have been yum updated to the same point in time. All rpm/yum
repos remain on mirror.centos.org with no changes in either layout or
content.
- --------
CentOS Linux 7 / x86_64 install media is available at
http://buildlogs.centos.org/rolling/7/isos/x86_64/
File: CentOS-7-x86_64-Minimal-1602-01.iso
Sha: 741a28e3d42c40ded2e42b83eda4d8d09137b36ceef584753b94abd298d4dfed
File: CentOS-7-x86_64-Everything-1602-01.iso
Sha: 6cc79d3f3183318d0089cb04dbfd97418ff009f6fb01bce4849289ede96df45d
File: CentOS-7-x86_64-DVD-1602-01.iso
Sha: 34120f3bc02e1edd6d5b19516876c8456a1300de4b98da79fb0a7d444d1df3d8
- --------
CentOS Linux 7 / x86_64 Cloud Images are available at :
http://cloud.centos.org/centos/7/images/
File: CentOS-7-x86_64-GenericCloud-1602.qcow2
Sha: 1b777fa1ea2b2cf0be7ed6ecce54ef18ece5c6551fb291549b887e33b78d7c78
File: CentOS-7-x86_64-GenericCloud-1602.qcow2c
Sha: bc0f51d9376001f8973595b71105b9d53c8c27b3e0969676aab2ab036cc4d835
File: CentOS-7-x86_64-GenericCloud-1602.qcow2.xz
Sha: dd0f5e610e7c5ffacaca35ed7a78a19142a588f4543da77b61c1fb0d74400471
File: CentOS-7-x86_64-GenericCloud-1602.raw.tar.gz
Sha: f4e679eef79af695bd8f2cb32d37fa93c7cb4644eb79f689bde6bd86100e4af5
- --------
CentOS Atomic Host was released earlier, details for the release are
available at :
https://lists.centos.org/pipermail/centos-devel/2016-February/014446.htm
l
- --------
CentOS Linux 6 and 7 AMIs have been updated as well, as follows:
CentOS Linux 6 : https://aws.amazon.com/marketplace/pp/B00NQAYLWO/
CentOS Linux 7 : https://aws.amazon.com/marketplace/pp/B00O7WM7QW/
These images are also now enabled across all Amazon EC2 regions, and
available on all HVM instance types. This includes the Amazon AWS free
tier.
- --------
CentOS Linux 7 / x86_64 Vagrant images are updated at
https://vagrantcloud.com/centos/boxes/7 and the backing files can be
downloaded for libvirt and virtualbox providers at :
Libvirt:
http://cloud.centos.org/centos/7/vagrant/x86_64/images/CentOS-7-x86_64-V
agrant-1602_02.LibVirt.box
Virtualbox:
http://cloud.centos.org/centos/7/vagrant/x86_64/images/CentOS-7-x86_64-V
agrant-1602_02.VirtualBox.box
- --------
CentOS Linux 5 / 6 and 7 docker images are updated at
http://index.docker.io/_/centos
- --------
We welcome all feedback around these rolling builds and media updates
at the centos-devel mailing list ( http://lists.centos.org/ ).
enjoy!
- --
Karanbir Singh, Project Lead, The CentOS Project
+44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS
GnuPG Key : http://www.karan.org/publickey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAEBAgAGBQJW0O/fAAoJEI3Oi2Mx7xbt0KwH/RUBoINSas2fADErpw0HFJI+
8QmRa5sH6X5vvBodWMT5qiulkof06IgX6psrniCzYejt88OP0XUjuA0lEh9MUq4a
Ie7X5TnXIndH0eGU3UQIivXRojeSTdDjNmbdTQehxTN5WfA/tml29eppMBRt6xEi
K56/Ml2FxdU/b1EkCBO68VWcZvAl6gxmtLJv38sFn2WxepDjyrHGF+A10sJqGYt6
V7E32iZqZDwkSmuWwHdf7T0NH9DE9TxcIH/IsRUnYAcwqLcGZm+WqFoD6KRafVAM
e2KvLr/L9NwaU6C6rZVWJ1yHwBaYH87xNEGcr69mpR2HJQt3PrlkiTC4wXVKpRg=
=015B
-----END PGP SIGNATURE-----
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Hash: SHA1
I am pleased to announce general availability of the Feb 2016
snapshot for CentOS Linux. This release includes CentOS Linux 7 iso
based install media, Generic Cloud images, Atomic Host, Docker
containers, Vagrant images, vendor hosted cloud images.
This release set is tag'd 1602
CentOS Linux rolling builds are point in time snapshot media rebuild
from original release time, to include all updates pushed to
mirror.centos.org's repositories. This includes all security, bugfix,
enhancement and general updates for CentOS Linux. Machines installed
from this media will have all these updates pre-included and will look
no different when compared with machines installed with older media
that have been yum updated to the same point in time. All rpm/yum
repos remain on mirror.centos.org with no changes in either layout or
content.
- --------
CentOS Linux 7 / x86_64 install media is available at
http://buildlogs.centos.org/rolling/7/isos/x86_64/
File: CentOS-7-x86_64-Minimal-1602-01.iso
Sha: 741a28e3d42c40ded2e42b83eda4d8d09137b36ceef584753b94abd298d4dfed
File: CentOS-7-x86_64-Everything-1602-01.iso
Sha: 6cc79d3f3183318d0089cb04dbfd97418ff009f6fb01bce4849289ede96df45d
File: CentOS-7-x86_64-DVD-1602-01.iso
Sha: 34120f3bc02e1edd6d5b19516876c8456a1300de4b98da79fb0a7d444d1df3d8
- --------
CentOS Linux 7 / x86_64 Cloud Images are available at :
http://cloud.centos.org/centos/7/images/
File: CentOS-7-x86_64-GenericCloud-1602.qcow2
Sha: 1b777fa1ea2b2cf0be7ed6ecce54ef18ece5c6551fb291549b887e33b78d7c78
File: CentOS-7-x86_64-GenericCloud-1602.qcow2c
Sha: bc0f51d9376001f8973595b71105b9d53c8c27b3e0969676aab2ab036cc4d835
File: CentOS-7-x86_64-GenericCloud-1602.qcow2.xz
Sha: dd0f5e610e7c5ffacaca35ed7a78a19142a588f4543da77b61c1fb0d74400471
File: CentOS-7-x86_64-GenericCloud-1602.raw.tar.gz
Sha: f4e679eef79af695bd8f2cb32d37fa93c7cb4644eb79f689bde6bd86100e4af5
- --------
CentOS Atomic Host was released earlier, details for the release are
available at :
https://lists.centos.org/pipermail/centos-devel/2016-February/014446.htm
l
- --------
CentOS Linux 6 and 7 AMIs have been updated as well, as follows:
CentOS Linux 6 : https://aws.amazon.com/marketplace/pp/B00NQAYLWO/
CentOS Linux 7 : https://aws.amazon.com/marketplace/pp/B00O7WM7QW/
These images are also now enabled across all Amazon EC2 regions, and
available on all HVM instance types. This includes the Amazon AWS free
tier.
- --------
CentOS Linux 7 / x86_64 Vagrant images are updated at
https://vagrantcloud.com/centos/boxes/7 and the backing files can be
downloaded for libvirt and virtualbox providers at :
Libvirt:
http://cloud.centos.org/centos/7/vagrant/x86_64/images/CentOS-7-x86_64-V
agrant-1602_02.LibVirt.box
Virtualbox:
http://cloud.centos.org/centos/7/vagrant/x86_64/images/CentOS-7-x86_64-V
agrant-1602_02.VirtualBox.box
- --------
CentOS Linux 5 / 6 and 7 docker images are updated at
http://index.docker.io/_/centos
- --------
We welcome all feedback around these rolling builds and media updates
at the centos-devel mailing list ( http://lists.centos.org/ ).
enjoy!
- --
Karanbir Singh, Project Lead, The CentOS Project
+44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS
GnuPG Key : http://www.karan.org/publickey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAEBAgAGBQJW0O/fAAoJEI3Oi2Mx7xbt0KwH/RUBoINSas2fADErpw0HFJI+
8QmRa5sH6X5vvBodWMT5qiulkof06IgX6psrniCzYejt88OP0XUjuA0lEh9MUq4a
Ie7X5TnXIndH0eGU3UQIivXRojeSTdDjNmbdTQehxTN5WfA/tml29eppMBRt6xEi
K56/Ml2FxdU/b1EkCBO68VWcZvAl6gxmtLJv38sFn2WxepDjyrHGF+A10sJqGYt6
V7E32iZqZDwkSmuWwHdf7T0NH9DE9TxcIH/IsRUnYAcwqLcGZm+WqFoD6KRafVAM
e2KvLr/L9NwaU6C6rZVWJ1yHwBaYH87xNEGcr69mpR2HJQt3PrlkiTC4wXVKpRg=
=015B
-----END PGP SIGNATURE-----
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[USN-2908-4] Linux kernel regression
==========================================================================
Ubuntu Security Notice USN-2908-4
February 26, 2016
linux regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
Summary:
USN-2908-1 introduced a regression in the Linux kernel.
Software Description:
- linux: Linux kernel
Details:
USN-2908-1 fixed vulnerabilities in the Linux kernel for Ubuntu
15.10. An incorrect locking fix caused a regression that broke
graphics displays for Ubuntu 15.10 guests running within VMWare
virtual machines. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,
incorrectly propagated file attributes, including setuid. A local
unprivileged attacker could use this to gain privileges. (CVE-2016-1576)
halfdog discovered that OverlayFS in the Linux kernel incorrectly
propagated security sensitive extended attributes, such as POSIX ACLs. A
local unprivileged attacker could use this to gain privileges.
(CVE-2016-1575)
It was discovered that the Linux kernel did not properly enforce rlimits
for file descriptors sent over UNIX domain sockets. A local attacker could
use this to cause a denial of service. (CVE-2013-4312)
It was discovered that the Linux kernel's Filesystem in Userspace (FUSE)
implementation did not handle initial zero length segments properly. A
local attacker could use this to cause a denial of service (unkillable
task). (CVE-2015-8785)
Andy Lutomirski discovered a race condition in the Linux kernel's
translation lookaside buffer (TLB) handling of flush events. A local
attacker could use this to cause a denial of service or possibly leak
sensitive information. (CVE-2016-2069)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
linux-image-4.2.0-30-generic 4.2.0-30.36
linux-image-4.2.0-30-generic-lpae 4.2.0-30.36
linux-image-4.2.0-30-lowlatency 4.2.0-30.36
linux-image-4.2.0-30-powerpc-e500mc 4.2.0-30.36
linux-image-4.2.0-30-powerpc-smp 4.2.0-30.36
linux-image-4.2.0-30-powerpc64-emb 4.2.0-30.36
linux-image-4.2.0-30-powerpc64-smp 4.2.0-30.36
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2908-4
http://www.ubuntu.com/usn/usn-2908-1
https://launchpad.net/bugs/1548587
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.2.0-30.36
Ubuntu Security Notice USN-2908-4
February 26, 2016
linux regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
Summary:
USN-2908-1 introduced a regression in the Linux kernel.
Software Description:
- linux: Linux kernel
Details:
USN-2908-1 fixed vulnerabilities in the Linux kernel for Ubuntu
15.10. An incorrect locking fix caused a regression that broke
graphics displays for Ubuntu 15.10 guests running within VMWare
virtual machines. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,
incorrectly propagated file attributes, including setuid. A local
unprivileged attacker could use this to gain privileges. (CVE-2016-1576)
halfdog discovered that OverlayFS in the Linux kernel incorrectly
propagated security sensitive extended attributes, such as POSIX ACLs. A
local unprivileged attacker could use this to gain privileges.
(CVE-2016-1575)
It was discovered that the Linux kernel did not properly enforce rlimits
for file descriptors sent over UNIX domain sockets. A local attacker could
use this to cause a denial of service. (CVE-2013-4312)
It was discovered that the Linux kernel's Filesystem in Userspace (FUSE)
implementation did not handle initial zero length segments properly. A
local attacker could use this to cause a denial of service (unkillable
task). (CVE-2015-8785)
Andy Lutomirski discovered a race condition in the Linux kernel's
translation lookaside buffer (TLB) handling of flush events. A local
attacker could use this to cause a denial of service or possibly leak
sensitive information. (CVE-2016-2069)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
linux-image-4.2.0-30-generic 4.2.0-30.36
linux-image-4.2.0-30-generic-lpae 4.2.0-30.36
linux-image-4.2.0-30-lowlatency 4.2.0-30.36
linux-image-4.2.0-30-powerpc-e500mc 4.2.0-30.36
linux-image-4.2.0-30-powerpc-smp 4.2.0-30.36
linux-image-4.2.0-30-powerpc64-emb 4.2.0-30.36
linux-image-4.2.0-30-powerpc64-smp 4.2.0-30.36
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2908-4
http://www.ubuntu.com/usn/usn-2908-1
https://launchpad.net/bugs/1548587
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.2.0-30.36
Thursday, February 25, 2016
Fedora 24 Mass Branching
Hi All,
Fedora 24 has been branched, please be sure to do a git pull --rebase to
pick up the new branch, as an additional reminder rawhide/f25 has been
completely isolated from previous releases, so this means that anything you
do for f24 you also have to do in the master branch and do a build there.
There has been a few issues in the transition we are still working on. There
is a Fedora 24 compose that has been pushed to
http://download.fedoraproject.org/pub/fedora/linux/development/24/
http://download.fedoraproject.org/pub/alt/development/24/
Please be sure to check it out
Release Enginnering
_______________________________________________
devel-announce mailing list
devel-announce@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel-announce@lists.fedoraproject.org
Wednesday, February 24, 2016
reallost1.fbsd2233449:学会如何考察执行力
reallost1.fbsd2233449:您好
附件中的内容希望能帮助到您的工作
给您解决工作中的烦恼!
x4em9
2016-2-2510:03:48
你-好-我-是-企-划-部-小张-
新《劳动合同法》、《社会保险法》、《工伤保险条例》实操应对策略与有效调岗调薪、裁员解雇及违纪问题员工处理技巧——课程简介
【时间地点】
01月12-13日上海(A单元) 01月15-16日北京(A单元) 01月19-20日深圳(A单元)
03月11-12日上海(B单元) 03月18-19日北京(B单元) 03月23-24日深圳(B单元)
3月31-4月1日广州(A单元) 04月08-09日上海(A单元) 04月15-16日北京(A单元)
04月22-23日深圳(A单元) 04月28--29日广州(B单元) 05月13-14日上海(B单元)
05月20-21日北京(B单元) 05月27-28日深圳(B单元) 06月03-04日上海(A单元)
06月17-18日北京(A单元) 06月24-25日深圳(A单元) 07月01-02日上海(B单元)
07月08-09日北京(B单元) 07月15-16日深圳(B单元) 07月22-23日广州(A单元)
07月29-30日上海(A单元) 08月05-06日北京(A单元) 08月12-13日深圳(A单元)
08月19-20日广州(B单元) 08月26-27日上海(B单元) 08月29-30日北京(B单元)
09月02-03日深圳(B单元) 09月23-24日上海(A单元) 09月29-30日北京(A单元)
10月21-22日深圳(A单元) 10月28-29日上海(B单元) 11月04-05日北京(B单元)
11月11-12日深圳(B单元) 11月18-19日广州(A单元) 11月25-26日上海(A单元)
12月02-03日北京(A单元) 12月09-10日深圳(A单元) 12月16-17日广州(B单元)
12月22-23日上海(B单元) 12月26-27日北京(B单元) 12月30-31日深圳(B单元)
注明:该课程2天为一个单元,A单元与B单元内容是完全独立的不分先后顺序,客户可根据自己需求选择参加A单元或者B单元,或AB单元均参加,可以参加完A单元再参加B单元或者先参加B单元再参加A单元均可,A单元与B单元内容请看下面的课程大纲!!!
【参加对象】 董事长、总经理、副总经理、人力资源总监/经理/专员及人事行政管理人员、工会干部、法务人员及相关管理人员、相关律师等。
【授课方式】 讲师讲授 + 视频演绎 + 案例研讨 +角色扮演 + 讲师点评
【学习费用】 参加A单元:2800元/1人,5000元/2人;参加B单元:2800元/1人,5000元/2人,参加AB单元:5000元/人(含学习费、资料费、午餐、茶点、发票)
【电子邮箱】 1006962648@qq.com
【值班手机】13306254949
课程背景
2008年,国家出台了《劳动合同法》、《劳动合同法实施条例》、《劳动争议调解仲裁法》、《职工带薪年休假条例》、《企业职工带薪年休假实施办法》;2009年,国家出台了《劳动人事争议仲裁办案规则》;2010年,国家出台了《劳动争议司法解释(三)》及修改了《工伤保险条例》;2011年,国家出台了《社会保险法》及《实施<社会保险法>若干规定》;2012年,国家出台了《企业民主管理规定》、《女职工劳动保护特别规定》及修改了《职业病防治法》;2013年,国家出台了《劳动争议司法解释(四)》、《劳务派遣若干规定》;2014年……
上述法律法规政策的持续实施,客观上要求企业精打细算,否则无法承受与日俱增的用工成本;客观上要求用人单位做到"精细化"管理,否则难以证明劳动者"不合格、不胜任、严重失职、严重违纪违规",也难以进行合法有效的"调岗调薪、裁员解雇"。如果用人单位依然实施"传统式、粗放式、随便式"的管理,那么用人单位必将面临巨大的用工风险和赔偿责任,其管理权威也将受到严峻的挑战!
为帮助广大企事业单位了解相关政策法律法规,掌握防范用工风险和化解劳动争议的技能技巧,以实现低风险、低成本、高绩效的人力资源管理目标,特邀请我国知名的劳动法与员工关系管理实战专家钟永棣老师主讲此课程。欢迎企事业单位积极组织相关人员参加此培训课程!
课程特色
稀缺性:此课程将劳动法体系和薪酬绩效管理体系紧密相结合,国内极少出现此类课程。
针对性:课程内容精选了过去5年来主讲老师亲自处理过的且在不少用人单位内部也曾发生过的代表性案例,这些案例完全符合中国现阶段的大环境大气候,极具参考性和启发性。
实战性:实战沙盘演练,学员深入思考与充分互动,老师毫不保留倾囊相授;学员把错误留在课堂,把正确的观点、方法、工具、技能带回去。
课程收益
1、全面了解劳动用工过程的法律风险;
2、理解与劳动用工有关的政策法律法规;
3、培养预测、分析劳动用工法律风险的思维;
4、掌握预防和应对风险的实战技能及方法工具……
新《劳动合同法》、《社会保险法》、《工伤保险条例》实操应对策略与有效调岗调薪、裁员解雇及违纪问题员工处理技巧——课程大纲
A单元内容(共2天,15个以上经典案例)
专题一:招聘入职
1.如何预防劳动者的"应聘欺诈",如何证明劳动者的"欺诈"?
2.招收应届毕业生,应注意哪些细节问题?
3.招用达到法定退休年龄的人员,应注意哪些细节问题?
4.招用待岗、内退、停薪留职的人员,应注意哪些细节问题?
5.入职体检需注意哪些细节问题?
6.入职前后用人单位应告知劳动者哪些情况,如何保留证据?
7.《入职登记表》如何设计,才能起到预防法律风险的作用?
8.劳动者无法提交《离职证明》,该怎么办?
9.企业如何书写《录用通知书》,其法律风险有哪些?
专题二:劳动合同订立
1.用人单位自行拟定的劳动合同文本是否有效,是否需要进行备案?
2.劳动者借故拖延或拒绝签订劳动合同,用人单位如何应对?
3.未签订劳动合同,需支付多长期限的双倍工资?是否受到仲裁时效的限制?
4.劳动合同期满,继续留用劳动者,但未续签合同,是否也需支付双倍工资?
5.什么时候为最佳时间,签署劳动合同、用工协议?
6.法律禁止2次约定试用期,劳动合同期限和试用期限该如何约定?
7.用人单位收购其他组织时,如何与被接收的员工签订、变更劳动合同?
8.应否与属于职业经理人的法人代表签订劳动合同?
专题三:试用期
1.可否先试用后签合同,可否单独签订试用期协议?
2.员工主动申请延长试用期,该怎样操作,才规避赔偿风险?
3.试用期满后辞退员工,最少赔2个月工资,该如何化解?
4.试用期最后一天辞退员工,赔偿概率为70%,如何化解?
5.试用期满前几天辞退员工,赔偿概率为50%,如何化解?
6.不符合录用条件的范围包括哪些,如何取证证明?
7.《试用期辞退通知书》如何书写,以避免违法解除的赔偿金?
8.出现"经济性裁员"情况,优先裁掉试用期的新员工,合法吗?
专题四:无固定期限劳动合同
1.无固定期限劳动合同到底是不是铁饭碗,会不会增加企业成本?
2.无固定期限劳动合同解除的条件、理由有哪些?
3.用人单位拒绝签订无固定期限劳动合同,有何风险?
4.签订了固定期限劳动合同的员工,期间工作累计满10年,能否要求将固定期限合同变更为无固定期限合同?
5.连续订立二次固定期限劳动合同到期,用人单位能否终止合同;员工提出签订无固定期限合同,用人单位能否拒绝?
6.合同期满劳动者由于医疗期、三期等原因续延劳动合同导致劳动者连续工作满十年,劳动者提出订立无固定期限劳动合同的,用人单位能否拒绝?
专题五:特殊用工协议
1.培训服务期与劳动合同期限有何不同,劳动合同期限与服务期限发生冲突时如何适用?
2.培训服务期未到期,而劳动合同到期,用人单位终止劳动合同的,是否属于提前解除劳动合同,如何规避?
3.劳动者严重过错被解雇,用人单位能否依据服务期约定要求劳动者支付违约金?
4.在什么情况下,可签署竞业限制协议?
5.在什么时候,企业更有主动权签署竞业限制协议?
6.无约定经济补偿的支付,竞业限制是否有效?
7.竞业限制的经济补偿的标准如何界定?
8.要求员工保密,企业需要支付保密工资吗?
专题六:劳动关系解除终止
1.双方协商解除劳动合同并约定支付适当的经济补偿,事后劳动者追讨经济补偿的差额部分,仲裁机构有可能支持劳动者的诉求,企业如何避免案件败诉?
2.能否与"三期妇女、特殊保护期间的员工"协商解除,如何规避风险?
3.员工未提前30日通知企业即自行离职,企业能否扣减其工资?
4.员工提交辞职信后的30天内,企业批准其离职,可能有风险,如何化解?
5.员工提交辞职信后的30天后,企业批准其离职,也可能有风险,如何化解?
6.对于患病员工,能否解除,如何操作才能降低法律风险?
7.实行末位淘汰制,以末位排名为由解雇员工,往往被认定非法解雇,企业该如何做,才避免案件败诉?
8.以"组织架构调整,无合适岗位安排"为由解雇员工,感觉非常符合常理,但往往被认定非法解雇,企业该如何做才避免风险?
9.以"经济性裁员"名义解雇员工,感觉非常符合常理,但往往被认定非法解雇,企业该如何操作?
10.《解除劳动合同通知书》如果表述不当,往往成为劳动者打赢官司的有力证据,企业该如何书写,才避免案件败诉而承担法律责任?
11.解除劳动合同前未通知及征求工会的意见,是否构成非法解除?
12.劳动合同到期后,经常出现该终止的忘记办理终止手续,该续签的忘记办理续签手续,其引发的风险非常大;那么企业该如何规避风险?
专题七:社会保险法
1.用人单位拖欠社保费,有什么法律责任?
2.用人单位不足额缴纳社会保险如何处理?
3.员工不愿意买社保,并与单位签有协议的情况下,该协议是否有效?
4.试用期间,是否必须缴纳社会保险?
5.如果无参保,劳动者因第三方责任产生的医疗费用,能否要求单位报销?
6.企业协助辞职员工骗取失业保险金,有什么法律风险?
7.女职工未婚先孕、未婚生育争议如何处理?
8.怀孕女职工提出长期休假保胎,直至修完产假,该如何协调此问题?
专题八:劳动争议处理
1.用人单位败诉的原因主要有哪些?
2.仲裁或法院在处理案件时,如何适用法律法规?
3.如何判定政策法律法规的效力等级?
4.公开审理的开庭形式,有何风险,如何避免风险?
5.申请仲裁的时效如何计算;如何理解"劳动争议发生之日"?
6.如何书写答辩书,有哪些注意事项?
7.开庭期间,质证与辩论需要注意哪些关键问题?
8.举证责任如何分配,无法举证的后果有哪些?
B单元内容(共2天,15个以上经典案例)
专题一:绩效管理与岗位调整
1.企业单方调整岗位,员工往往可被迫解除合同并索赔经济补偿,如何规避?
2.调岗时没有书面确认,员工到新岗位工作2个月后能否要求恢复到原岗位?
3.可否对"三期内"女职工进行调岗、调薪?
4.员工认同绩效结果,为什么在"不胜任工作"引发的争议中还是败诉?
5.为什么企业根据绩效结果支付员工绩效奖金,最终被认定非法克扣工资?
6.法律上如何证明劳动者"不能胜任工作"?
7.对绩效考核不合格的员工,如何合法辞退?
8.绩效正态分布往往强制划分5%的员工为不合格者,是否合法?
专题二:劳动报酬、薪酬福利
1.工资总额包括哪些工资明细?
2.新进员工薪资管理问题及处理技巧;
3.调整工作岗位后,可以调整薪资标准吗?
4.如何通过薪酬调整处理员工失职、违纪等问题?
5.值班算不算加班?
6.加班加点工资支付常见误区?
7.用人单位如何设计工资构成以降低加班费成本?
8.未经用人单位安排,劳动者自行加班的,是否需支付加班工资?
9.劳动者主张入职以来的加班费,如何应对?
10.劳动者在工作日\法定节假日加班,能否安排补休而不予支付加班费?
11.病假、年休假、婚假、产假、丧假等的享受条件及工资待遇标准?
12.离职员工往往回头追讨年终奖,有可能得到支持,如何规避该风险?
专题三:违纪违规问题员工处理
1.劳动者往往拒绝签收处分、解雇通知书,如何应对?
2.问题员工往往拒绝提交《检讨书》或否认违纪违规事实,企业该如何收集证据?
3.对于违纪员工,应该在什么时间内处理?
4.怎样理解"严重违反用人单位的规章制度"?
5.如何在《惩罚条例》中描述"一般违纪"、"较重违纪"及"严重违纪"?
6.怎样理解"严重失职,营私舞弊,给用人单位造成重大损害"?
7.如何界定"重大损害","重大损害"是否必须体现为造成直接的经济损失?
8.如何追究"严重失职、严重违纪违规"者的法律责任?
9.能否直接规定"禁止兼职,否则视为严重违纪违规"?
10.直线部门经理擅自口头辞退员工,仲裁机构往往认定企业非法解雇,企业该如何做,才避免案件败诉?
11.劳动者不辞而别、无故旷工,却主张被企业口头解雇,往往得到仲裁机构的支持,企业该如何做,才避免案件败诉?
12."录音录象"证据,仲裁与法院是否采信;企业内部OA系统上的资料能否作为证据使用;电子邮件、手机短信能否作为证据使用?
专题四:经济补偿
1.用人单位需向劳动者支付经济补偿的情形有哪些?
2.什么情况下用人单位需支付两倍的经济补偿?
3.劳动者可否同时向用人单位主张经济补偿和赔偿金?
4.经济补偿计算的基数及标准如何确定?
5.经济补偿年限最高不超过十二年的适用范围?
6.如何计算《劳动合同法》生效前后的经济补偿年限?
7.如何理解"六个月以上不满一年的,按一年计算;不满六个月的,向劳动者支付半个月工资的经济补偿"?
8.劳动合同法环境下"50%额外经济补偿金"是否继续适用?
专题五:规章制度、员工手册
1.企业人力资源管理体系中哪些内容跟劳动法有必然联系?
2.人力资源、劳动用工管理制度应该包括哪些必备内容?
3.制定规章制度的程序要求给用人单位带来哪些风险,如何应对?
4.非国有用人单位如何组建"职工代表大会"?
5.无纸化、网络化办公下的公示,存在哪些风险?
6.如何公示或告知,更符合仲裁或诉讼的举证要求?
7.规章制度能否规定对员工进行经济处罚?
8.规章制度违反法律法规,劳动者可以被迫解除并索取经济补偿,如何防范?
专题六:工伤保险条例
1.属于工伤范围的情形有哪些?
2.不得认定为工伤的情形有哪些?
3.怎样理解"上下班途中",怎样控制期间的风险?
4.发生工伤事故,用人单位需承担哪些费用?
5.工伤员工借故拒绝复工,借故不断休假,如何处理?
6.对于第三方造成的工伤事故,劳动者能否要求用人单位支付工伤待遇又同时要求第三方支付人身伤害赔偿?
7.用人单位能否以商业保险理赔款替代职工工伤赔偿待遇?
8.发生工伤事故,双方私下和解,补偿协议该如何签订才有效?
专题七:劳务派遣
1.劳务派遣用工模式,有何利弊,利大还是弊大?
2.劳务派遣合作协议必须注意的风险细节有哪些?
3.新法下劳务派遣面临的主要风险有哪些?
4.派遣工"第三签"时,能否要求签订无固定期限劳动合同?
5.哪些岗位可以使用派遣工,辅助性、临时性、替代性如何理解与操作?
6.新规定对于同工同酬提出哪些新要求,如何规避同工同酬风险?
7.采用劳务派遣用工方式,能否异地参保?
8.用工单位如何行使对派遣员工的退还或退换权?
9.如何处理违反用工单位规章制度的派遣员工?
10.怎样规定派遣员工的辞职程序和离职责任?
11.部分劳务公司很可能面临关闭停业,原来的派遣工的劳动关系如何处理?
12.业务外包与劳务派遣的本质区别有哪些?
13.如何筛选承包方,需考察哪些细节要点?
14.用工单位如何应对派遣合作争议和劳动争议?
新《劳动合同法》、《社会保险法》、《工伤保险条例》实操应对策略与有效调岗调薪、裁员解雇及违纪问题员工处理技巧——讲师简介
钟永棣 老师
资深劳动法专家
教育背景
国内著名劳动法与员工关系管理实战专家、劳动仲裁员、企业劳动争议预防应对专家、高级人力资源管理师、高级劳动关系协调师,国内第一批倡导、传播、实施"国家劳动法与企业薪酬绩效有机整合"的先行者;国内原创型、实战型、顾问型的培训师。
现任"劳律通(中国)顾问中心"、中华创世纪培训网首席顾问,上海成通律师事务所投资合伙人;兼任时代光华管理学院、深圳外商投资企业协会、广州市劳动保障学会、广州市人力资源市场服务中心、广东省人力资源管理协会、香港工业总会、中山大学、浙江大学等100多家培训公司、行业协会、有关机构的签约讲师、特聘顾问。
讲师擅长
钟老师精通劳动政策法律法规和劳动仲裁、诉讼程序,擅长劳动用工风险的有效预防与劳动争议案件的精准应对,善于把劳动法律法规与企业人力资源管理有机整合,通晓企业劳动争议防范机制的构建和劳动用工管理体系的修正完善。钟老师经常在客户办公现场、培训现场为客户、学员即时起草、审查、修改相关制度、合同、文书,或分析具体案件的应对思路;钟老师独到的现场的专业功底,每次都赢得广大客户、学员发自内心的好评与100%的信服!
讲师经历
钟老师曾任专职劳动仲裁员,曾获"广州市优秀劳动仲裁员"称号,期间审裁劳动争议案件400多宗;多年来累积代理劳动争议500多宗,参与或主持薪酬绩效咨询项目20多个,审查完善400多家企业的人力资源管理规章制度。个人长期担任30多家(累计200多家)企业的人力资源管理法律顾问;以钟老师领衔的专家队伍,长期为企事业单位提供劳动法常年顾问及各种劳资专项咨询服务,客户满意度高达95%。
2004年开始钟老师全国各地巡讲劳动法、劳动关系课程,受益企业达30000家,直接受益学员70000多人,培训地点涉及20多个省会城市及沿海地区大城市。钟老师将枯燥的劳动政策法规溶入实际管理案例当中,将人力资源管理与劳动法有机地整合在一起;课程内容80%为真实案例、20%为必备的重点法条;学员参与讨论、互动,课程生动有趣,深入浅出,实战型超强,让学员即时学以致用!课程满意度高达95%,众多学员均表示:"第一次听到如此实战、实用、实效的劳动法课程!钟老师非常务实、不说教、没有商业味道,终于听到了让我不再后悔的精彩课程!"
钟老师先后在《广州日报》、《南方都市报》、《中国社会科学报》、《人力资源》、《香港工业总会月刊》等报刊、杂志、媒体发表专业文章或采访稿50多篇。
培训客户
曾为以下客户提供咨询、顾问、内训(非公开课)服务:中国人寿、太平人寿、华康保险、广发银行、光大银行、建设银行、农业银行、工商银行、中国邮政、国家电网、中国邮政速递、中国邮政储蓄银行、携程旅行网、华鼎担保、中铁集团、深圳机场、黄河水电开发、中烟集团、南粤物流、新南方集团、深圳爱施德股份、深圳酷动数码、合生创展、中海地产、方圆地产、珠江监理、珠江投资、蒙牛奶粉、三新地产、养生堂药业、一品红药业、晶苑集团、广州电信、国讯通信、益海集团、旺大集团、中远物流、欧时力服装、广州岭南集团、广州蔬果集团、广东交通集团、广州无线电集团、珠海口岸广场、比亚迪汽车、纵横天地旅行网、蛇口船务运输股份、北京得信佳和医疗、风神集团、中咨工程监理、广药集团、高士线业、利海集团、化建集团、深圳水务监理、深圳运发集团、深圳东部公交、新广国际集团、美的集团、江苏大全集团、沿海地产控股、深圳华侨城、信源集团、京城控股、广东华农温氏畜牧股份、国药物流集团广东公司、云南煤化工集团、浙江新大集团、云南驰宏锌锗股份、广州电力系统、信昌机器、云南鸿翔药业集团、广东广电网络股份公司、广汽部件、中国十七冶集团、中国通信服务、欧普照明、中广核集团、成都置信集团、中国移动、周大福、山东常林集团、益海嘉里集团……千余家企业。
曾参加过钟老师培训公开课的部分企业客户:中国移动、中国南方电网、中国农业大学、中山大学、中广核能源、珠江电影制片、万科地产、蒙牛乳业、珠江啤酒、中国银行、广发证卷、兴业银行、中信银行、中兴通讯、中石化、中海油、百年糊涂酒业、保利房地产、富力地产、雅居乐地产、安踏、金蝶软件、晨光乳业、广州地铁、立白集团、蓝月亮、路虎汽车、志高空调、广州电视台、白云山制药、加多宝、华为、江苏银行、广东省电影公司、北京航空院、中国旅行社、广东新华发行集团、百事(中国)、华润建筑、狮王、内蒙古西拉沐沦集团、中国海洋石油总公司、挪威国家石油公司、金宸地产、安粮控股、南京质监检验院、天正集团、深圳巴士集团、NETSFIM(北京)农业科技、内蒙古金哈达煤炭化工、中国科学院、广州汽车集团、君华集团、康佳集团、北京航空所、深圳邮政局、可口可乐、通用电气、松下电器、中南大学、安霸半导体、酒钢集团、本田汽车、一嗨租车、米其林轮胎、索尼、世纪龙信息网络、艾默生、TCL、创维电器、国药集团、吉林烟草、马士基集装箱、用友软件、建滔化工集团、富士通、三一重工……几万家企业。
[announce] NYC*BUG Upcoming
The next NYC*BUG meeting is next week.
* AsiaBSDCon registration is open. The event takes place March 10-13 in
Tokyo, Japan. (https://2016.asiabsdcon.org/)
* BSDCan is June 10-11 in Ottawa, Canada. (https://www.bsdcan.org/)
* EuroBSDCon is September 22-25 in Belgrade, Serbia
(https://2016.eurobsdcon.org/)
We are also aiming for a BSD Certification Group subject-matter expert
session in NYC after the summer. Stay tuned for details.
(http://www.bsdcertification.org/
*******************
March 2, 2016, Wednesday
BSD init(8) and rc(8): Room for Improvement?
Raul Cuza
18:45, Stone Creek Bar & Lounge: 140 E 27th St
Abstract
The current init(1) and rc(1) startup services have served BSD well for
many years. But are they long in the tooth?
There are a host of problems that it does not solve. This begs the
question of whether it is time to replace it with something better. More
importantly what could be better? This talk will look at the existing
initialization and coordination system that currently serves the major
BSD projects, what problems they solve and what problems they do not
solve. We will review alternatives and how their approaches will impact
how we work. Some of the alternatives that will be discussed include
relaunchd, nosh, and systemd.
Speaker Bio
Raul Cuza makes pretenses to being a modern hip SysAdmin, but can't
forget late nights installing Sun-3s to pull it off successfully.
He has spent most of his career in K-12 schools reminding Cupertino-
designed hardware that there is BSD somewhere under all the glitz. Many
years making OpenBSD firewalls to replace web ads with student artwork
and keeping OS X machines useful tools for learning has taught him that
the real impact of the computer age does not happen in the server room
but couldn't happen without it either.
He is currently challenged with getting meaningful work done on other
people's hardware residing in other people's server rooms distributed
around the globe. He has permission to use them.
Other upcoming meetings include:
2016-04-06 - Debugging with LLVM, John Wolfe
2016-05-04 - Urchin, Thomas Levine
2016-06-15 - Adventures in HardenedBSD, Shawn Webb
2016-07-06 - Meet the Smallest BSDs: RetroBSD and LiteBSD, Brian Callahan
2016-08-03 - BSD Installfest
2016-09-07 - Teaching FreeBSD, George Neville-Neil
_______________________________________________
announce mailing list
announce@lists.nycbug.org
http://lists.nycbug.org/mailman/listinfo/announce
* AsiaBSDCon registration is open. The event takes place March 10-13 in
Tokyo, Japan. (https://2016.asiabsdcon.org/)
* BSDCan is June 10-11 in Ottawa, Canada. (https://www.bsdcan.org/)
* EuroBSDCon is September 22-25 in Belgrade, Serbia
(https://2016.eurobsdcon.org/)
We are also aiming for a BSD Certification Group subject-matter expert
session in NYC after the summer. Stay tuned for details.
(http://www.bsdcertification.org/
*******************
March 2, 2016, Wednesday
BSD init(8) and rc(8): Room for Improvement?
Raul Cuza
18:45, Stone Creek Bar & Lounge: 140 E 27th St
Abstract
The current init(1) and rc(1) startup services have served BSD well for
many years. But are they long in the tooth?
There are a host of problems that it does not solve. This begs the
question of whether it is time to replace it with something better. More
importantly what could be better? This talk will look at the existing
initialization and coordination system that currently serves the major
BSD projects, what problems they solve and what problems they do not
solve. We will review alternatives and how their approaches will impact
how we work. Some of the alternatives that will be discussed include
relaunchd, nosh, and systemd.
Speaker Bio
Raul Cuza makes pretenses to being a modern hip SysAdmin, but can't
forget late nights installing Sun-3s to pull it off successfully.
He has spent most of his career in K-12 schools reminding Cupertino-
designed hardware that there is BSD somewhere under all the glitz. Many
years making OpenBSD firewalls to replace web ads with student artwork
and keeping OS X machines useful tools for learning has taught him that
the real impact of the computer age does not happen in the server room
but couldn't happen without it either.
He is currently challenged with getting meaningful work done on other
people's hardware residing in other people's server rooms distributed
around the globe. He has permission to use them.
Other upcoming meetings include:
2016-04-06 - Debugging with LLVM, John Wolfe
2016-05-04 - Urchin, Thomas Levine
2016-06-15 - Adventures in HardenedBSD, Shawn Webb
2016-07-06 - Meet the Smallest BSDs: RetroBSD and LiteBSD, Brian Callahan
2016-08-03 - BSD Installfest
2016-09-07 - Teaching FreeBSD, George Neville-Neil
_______________________________________________
announce mailing list
announce@lists.nycbug.org
http://lists.nycbug.org/mailman/listinfo/announce
[Guidelines change] Changes to the packaging guidelines
Here are the recent changes to the packaging guidelines.
-----
Some PHP scriptlets are now unnecessary in F24 due to the use of file
triggers.
* https://fedoraproject.org/wiki/Packaging:PHP#PECL_Modules
* https://fedorahosted.org/fpc/ticket/597
-----
A page describing the implementation of Langpacks for F23 and newer has
been added to the guidelines, and various other pages have been updated
to reference it.
* https://fedoraproject.org/wiki/Packaging:Langpacks
* https://fedorahosted.org/fpc/ticket/593
_______________________________________________
devel-announce mailing list
devel-announce@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel-announce@lists.fedoraproject.org
[USN-2913-3] OpenSSL update
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJWzerxAAoJEGVp2FWnRL6T+SgP/2yoVNLNAZ9NSA4T0VOdRAX8
gmvl6KzzgIYt2zfOnJgyuMJ8U35MZQ9QXQ1P0+m5Ga+bun3kNkjoM457oxpYX52W
WtxokE8a30c7TpfoS2Mq8yJHO09hPvpoG/2e6pnogT2XDDItA8P3bYyMOmU4Q/UL
6d9bX0Sc7LZ8uKGl1jEgps8xp3J51pUVUKQ/eZDy0tl+Qqq2p5XnHSA4Ff3c3Lb3
f4BIVkmDE3oUcbI1gRRmtM3ywTcZRRvY45NZ74QgSNJoc/BnIelcTeqf1o3GEuQa
ffeQKQAjJ7SUThPSqnPo6EdL5DZt+C8J/xTGCiBdOXU8hgtLKiW170fh3f8A3OoM
w2ONz0GLNnI3iot9pGF7SRqROQwtkLxTEliJDBGwnrbS8Fq6w+BRj+lUUJK5XBx2
n9cY8z8f8lekPumpu0y3dlMCETrxUNpTyRXh0zckY2oXVM3FsCRZBww08htTSk1g
gmskLRheH5bk6pttAEWm/YUVVgkkXJDiWP1itwBgJgOJBOQm9JksQvmmYUJGg2+X
xxdvyCUM7WZAY2ovGWqVRreXAu9zsNTYqfoHffY8t7XBTi38hLLmBMvQ9K2Tx9Ri
0+6TP/BvD720Cw4wj/0qSnp+WmYwY3uHpSudJ0zo8FXmzS5rQfsN+tKNWpqOM5b2
ixVYoQPAtkRzjrEcPSDP
=2ZjM
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2913-3
February 24, 2016
openssl update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Updated OpenSSL packages are required for the USN-2913-1 update.
Software Description:
- openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates
package. This update adds support for alternate certificate chains to the
OpenSSL package to properly handle the removal.
Original advisory details:
The ca-certificates package contained outdated CA certificates. This update
refreshes the included certificates to those contained in the 20160104
package, including the removal of the SPI CA and CA certificates with
1024-bit RSA keys.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
libssl1.0.0 1.0.1f-1ubuntu2.17
Ubuntu 12.04 LTS:
libssl1.0.0 1.0.1-4ubuntu5.34
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2913-3
http://www.ubuntu.com/usn/usn-2913-1
https://launchpad.net/bugs/1528645
Package Information:
https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.17
https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.34
Version: GnuPG v2
iQIcBAEBCgAGBQJWzerxAAoJEGVp2FWnRL6T+SgP/2yoVNLNAZ9NSA4T0VOdRAX8
gmvl6KzzgIYt2zfOnJgyuMJ8U35MZQ9QXQ1P0+m5Ga+bun3kNkjoM457oxpYX52W
WtxokE8a30c7TpfoS2Mq8yJHO09hPvpoG/2e6pnogT2XDDItA8P3bYyMOmU4Q/UL
6d9bX0Sc7LZ8uKGl1jEgps8xp3J51pUVUKQ/eZDy0tl+Qqq2p5XnHSA4Ff3c3Lb3
f4BIVkmDE3oUcbI1gRRmtM3ywTcZRRvY45NZ74QgSNJoc/BnIelcTeqf1o3GEuQa
ffeQKQAjJ7SUThPSqnPo6EdL5DZt+C8J/xTGCiBdOXU8hgtLKiW170fh3f8A3OoM
w2ONz0GLNnI3iot9pGF7SRqROQwtkLxTEliJDBGwnrbS8Fq6w+BRj+lUUJK5XBx2
n9cY8z8f8lekPumpu0y3dlMCETrxUNpTyRXh0zckY2oXVM3FsCRZBww08htTSk1g
gmskLRheH5bk6pttAEWm/YUVVgkkXJDiWP1itwBgJgOJBOQm9JksQvmmYUJGg2+X
xxdvyCUM7WZAY2ovGWqVRreXAu9zsNTYqfoHffY8t7XBTi38hLLmBMvQ9K2Tx9Ri
0+6TP/BvD720Cw4wj/0qSnp+WmYwY3uHpSudJ0zo8FXmzS5rQfsN+tKNWpqOM5b2
ixVYoQPAtkRzjrEcPSDP
=2ZjM
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2913-3
February 24, 2016
openssl update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Updated OpenSSL packages are required for the USN-2913-1 update.
Software Description:
- openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates
package. This update adds support for alternate certificate chains to the
OpenSSL package to properly handle the removal.
Original advisory details:
The ca-certificates package contained outdated CA certificates. This update
refreshes the included certificates to those contained in the 20160104
package, including the removal of the SPI CA and CA certificates with
1024-bit RSA keys.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
libssl1.0.0 1.0.1f-1ubuntu2.17
Ubuntu 12.04 LTS:
libssl1.0.0 1.0.1-4ubuntu5.34
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2913-3
http://www.ubuntu.com/usn/usn-2913-1
https://launchpad.net/bugs/1528645
Package Information:
https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.17
https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.34
[USN-2913-4] GnuTLS update
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJWzesFAAoJEGVp2FWnRL6TJQYP/3NB8rYX2uRQGf/0oR5Vgfr9
BsQDfwOabKXpBVyWyjyBggqU6KX8GPAA5ldJ+myHIXJaILM/EWwZZBjuczchDrLc
R/WMs33IdloA0ne49M5NL48rhuWN+BPmF5mveDi4f7IPv2pLTRbsoNkl5SZpXZ91
3zcG133WQbOFGYEQ+oyRp/qCnXVcqnQ6k0okHICzMIVwrSQTPbdTIyvJed/ZcopL
ZpA2JQ+fLaXoNYrA7MCicpRlI6M/DCm/SpRwQwFCoIJyNJTiv7sz5jsunBcxC7cU
Q757s+EflK83xDui4dtqYzE9GZPIFNl89QfF2ZqZBcA0cg77/Btk5n9UlTsWGP3c
fsiwVHM3XWsOO4vdSGrBQmFOS4e+vpp2Zwbb7SJ5VIpb2R6f8V5anFKIkBSNY/5h
j+Il+HIGNdCM4pXXhXU+Yi9jeBF9FGiGwxqLWG3yHrPMcH+selsDe8Nf8LfNWFYU
mPdnhdXNtP8Bz+ty25vJmLYtDWrxLfJoxLPMMJkfo3+u4oort+6SRziReCl0VEE8
R72ZQ/q8vvxD4Jd4GaK0xTvexJYime+VwIqj1L2WrJwzQ4/O8mn5ZEarm3H3992N
rGZuPhBMTIRGYezS2Lsj0CajD7eAWcVO2tUV5NlfnUDMNI+XORpjCxKUWXAPNMAg
vf4GGN0WdXR6PzZ4U3BR
=Dlu4
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2913-4
February 24, 2016
gnutls26 update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Updated GnuTLS packages are required for the USN-2913-1 update.
Software Description:
- gnutls26: GNU TLS library
Details:
USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates
package. This update adds support for alternate certificate chains to the
GnuTLS package to properly handle the removal.
Original advisory details:
The ca-certificates package contained outdated CA certificates. This update
refreshes the included certificates to those contained in the 20160104
package, including the removal of the SPI CA and CA certificates with
1024-bit RSA keys.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
libgnutls26 2.12.23-12ubuntu2.5
Ubuntu 12.04 LTS:
libgnutls26 2.12.14-5ubuntu3.12
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2913-4
http://www.ubuntu.com/usn/usn-2913-1
https://launchpad.net/bugs/1528645
Package Information:
https://launchpad.net/ubuntu/+source/gnutls26/2.12.23-12ubuntu2.5
https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu3.12
Version: GnuPG v2
iQIcBAEBCgAGBQJWzesFAAoJEGVp2FWnRL6TJQYP/3NB8rYX2uRQGf/0oR5Vgfr9
BsQDfwOabKXpBVyWyjyBggqU6KX8GPAA5ldJ+myHIXJaILM/EWwZZBjuczchDrLc
R/WMs33IdloA0ne49M5NL48rhuWN+BPmF5mveDi4f7IPv2pLTRbsoNkl5SZpXZ91
3zcG133WQbOFGYEQ+oyRp/qCnXVcqnQ6k0okHICzMIVwrSQTPbdTIyvJed/ZcopL
ZpA2JQ+fLaXoNYrA7MCicpRlI6M/DCm/SpRwQwFCoIJyNJTiv7sz5jsunBcxC7cU
Q757s+EflK83xDui4dtqYzE9GZPIFNl89QfF2ZqZBcA0cg77/Btk5n9UlTsWGP3c
fsiwVHM3XWsOO4vdSGrBQmFOS4e+vpp2Zwbb7SJ5VIpb2R6f8V5anFKIkBSNY/5h
j+Il+HIGNdCM4pXXhXU+Yi9jeBF9FGiGwxqLWG3yHrPMcH+selsDe8Nf8LfNWFYU
mPdnhdXNtP8Bz+ty25vJmLYtDWrxLfJoxLPMMJkfo3+u4oort+6SRziReCl0VEE8
R72ZQ/q8vvxD4Jd4GaK0xTvexJYime+VwIqj1L2WrJwzQ4/O8mn5ZEarm3H3992N
rGZuPhBMTIRGYezS2Lsj0CajD7eAWcVO2tUV5NlfnUDMNI+XORpjCxKUWXAPNMAg
vf4GGN0WdXR6PzZ4U3BR
=Dlu4
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2913-4
February 24, 2016
gnutls26 update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Updated GnuTLS packages are required for the USN-2913-1 update.
Software Description:
- gnutls26: GNU TLS library
Details:
USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates
package. This update adds support for alternate certificate chains to the
GnuTLS package to properly handle the removal.
Original advisory details:
The ca-certificates package contained outdated CA certificates. This update
refreshes the included certificates to those contained in the 20160104
package, including the removal of the SPI CA and CA certificates with
1024-bit RSA keys.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
libgnutls26 2.12.23-12ubuntu2.5
Ubuntu 12.04 LTS:
libgnutls26 2.12.14-5ubuntu3.12
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2913-4
http://www.ubuntu.com/usn/usn-2913-1
https://launchpad.net/bugs/1528645
Package Information:
https://launchpad.net/ubuntu/+source/gnutls26/2.12.23-12ubuntu2.5
https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu3.12
[USN-2913-1] ca-certificates update
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJWzerNAAoJEGVp2FWnRL6Ty5MQAK97kcxQc7+0Z82eeUO5FmWb
0KiCNHvRZkRlrz1K3Ez/vjvyJe/OoufTNA8sI1ul3+GPcVt62RINOX8mY5ijtzoI
nyJSTTFj5YYwUqLhUdl//9SzHUBhnzhY0th9rV1mxFqrChJ5i1hxYkzKpOM4t6GU
+o+rH9BsrUIi0KE58dqI4hMDrWpPJ/x3GOXYMJLogZlOJyCCqpJgquTitRlK0r4E
JZRKH+6NybvYFWYLZbfQkM7F5XyvgUgcfkfcG1UeF3Zkr/D2DDILTqGPvC3qW1HF
hYK0P61zyhcq+2/rNc1Q2eviNaEsBEHrXFiVINGAyHsDiMvBXU5xwkLiOc1Wjn/A
t4QDjC0uGddvahOCdVaCImXn6zu3RKljdvnzfDAt+p+uRJbgSYuuL63JQHSZ/gJT
1dldVGHzAwfpdMPPjGzF3E6+LTjMbPx+7Mg02td02UfeewVMyIKQVJD7d7gVYMhW
kJbQjMceGTyvxt4dcTUAEphxmJNTSMb3dWvWrUmrckmz7uZRBT3eeiW7S1fGbDRV
Y1EsQqof8yaGEkWrc1lPwqVX4QBz0oUOBrKhCXt9GHTrFg5v34oaqnWsGAYcynPm
LcRqXQOEjyECatOcXT0hd1kyHoCyEDFpWK8ir3QAt5D9DNbmtgfku3K/+/TrCRP3
ISD3WMZHBQPdSWre5a/T
=h7Iv
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2913-1
February 24, 2016
ca-certificates update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
ca-certificates was updated to the 20160104 package.
Software Description:
- ca-certificates: Common CA certificates
Details:
The ca-certificates package contained outdated CA certificates. This update
refreshes the included certificates to those contained in the 20160104
package, including the removal of the SPI CA and CA certificates with
1024-bit RSA keys.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
ca-certificates 20160104ubuntu0.15.10.1
Ubuntu 14.04 LTS:
ca-certificates 20160104ubuntu0.14.04.1
Ubuntu 12.04 LTS:
ca-certificates 20160104ubuntu0.12.04.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2913-1
https://launchpad.net/bugs/1528645
Package Information:
https://launchpad.net/ubuntu/+source/ca-certificates/20160104ubuntu0.15.10.1
https://launchpad.net/ubuntu/+source/ca-certificates/20160104ubuntu0.14.04.1
https://launchpad.net/ubuntu/+source/ca-certificates/20160104ubuntu0.12.04.1
Version: GnuPG v2
iQIcBAEBCgAGBQJWzerNAAoJEGVp2FWnRL6Ty5MQAK97kcxQc7+0Z82eeUO5FmWb
0KiCNHvRZkRlrz1K3Ez/vjvyJe/OoufTNA8sI1ul3+GPcVt62RINOX8mY5ijtzoI
nyJSTTFj5YYwUqLhUdl//9SzHUBhnzhY0th9rV1mxFqrChJ5i1hxYkzKpOM4t6GU
+o+rH9BsrUIi0KE58dqI4hMDrWpPJ/x3GOXYMJLogZlOJyCCqpJgquTitRlK0r4E
JZRKH+6NybvYFWYLZbfQkM7F5XyvgUgcfkfcG1UeF3Zkr/D2DDILTqGPvC3qW1HF
hYK0P61zyhcq+2/rNc1Q2eviNaEsBEHrXFiVINGAyHsDiMvBXU5xwkLiOc1Wjn/A
t4QDjC0uGddvahOCdVaCImXn6zu3RKljdvnzfDAt+p+uRJbgSYuuL63JQHSZ/gJT
1dldVGHzAwfpdMPPjGzF3E6+LTjMbPx+7Mg02td02UfeewVMyIKQVJD7d7gVYMhW
kJbQjMceGTyvxt4dcTUAEphxmJNTSMb3dWvWrUmrckmz7uZRBT3eeiW7S1fGbDRV
Y1EsQqof8yaGEkWrc1lPwqVX4QBz0oUOBrKhCXt9GHTrFg5v34oaqnWsGAYcynPm
LcRqXQOEjyECatOcXT0hd1kyHoCyEDFpWK8ir3QAt5D9DNbmtgfku3K/+/TrCRP3
ISD3WMZHBQPdSWre5a/T
=h7Iv
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2913-1
February 24, 2016
ca-certificates update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
ca-certificates was updated to the 20160104 package.
Software Description:
- ca-certificates: Common CA certificates
Details:
The ca-certificates package contained outdated CA certificates. This update
refreshes the included certificates to those contained in the 20160104
package, including the removal of the SPI CA and CA certificates with
1024-bit RSA keys.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
ca-certificates 20160104ubuntu0.15.10.1
Ubuntu 14.04 LTS:
ca-certificates 20160104ubuntu0.14.04.1
Ubuntu 12.04 LTS:
ca-certificates 20160104ubuntu0.12.04.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2913-1
https://launchpad.net/bugs/1528645
Package Information:
https://launchpad.net/ubuntu/+source/ca-certificates/20160104ubuntu0.15.10.1
https://launchpad.net/ubuntu/+source/ca-certificates/20160104ubuntu0.14.04.1
https://launchpad.net/ubuntu/+source/ca-certificates/20160104ubuntu0.12.04.1
[USN-2913-2] glib-networking update
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJWzerhAAoJEGVp2FWnRL6TL+sP/R08sj79kJltIXZuLfjziB7k
zVPBxV6jqMg3JUocEdcsdXPsSG2Rr/ZdfEjtvUURhzKmmHIekpzfZpdv8ERIoovy
E6T7DX7t8Hygz7nsRRUgOUB1OrVeHNpIokCa/7AM3L2D0v/0jEHeGfVJNeM72iAh
zUWi0ppWc9Pn49FXWhqAjWju9F4qPOsHQMsebd7/4V6UM8QcQkkd/ZdNCobi0NqD
6aB7Z+ouunpFr6T3/M/8bYw7eKG+IhPOCJ7Tr9yE/wF94PSLWnZCjpQdROdkS186
vfeSz0Jf2vXRm0LRQs27+J4AapzzTNQuI97xLxVuAg9dkHiPoKlQjaw+kVpL/dZO
qSy8Bs+IwwnSiA/citFTgVRnKn9dBwSu8uIVLoCQLhpPMkaw1MVV+/Btu3xYoNKI
caL7Udj0brf0o+haYf6im8B008hPk1V6Oxm5SKnpqJwsCLjxJXPCMfHNgfHYRJN1
SfnO7Q8R/N4jSi0iBEKEjIYLmZj4HjPwgEHVcS/PN1AujiSCpMNNQeSKOLBVNLRZ
eGYUC9SNIcu1KD+Nvf31mhXAuIQcg2JrKTebEy8cuuMl16wmcxex/aa29TTWGYIU
D0njO8JlbNd+n19atK6eG2vtK6ooUwTt1xkEc7SbP/QCA1OrYTtQcSW3uoS1Fe3L
iRsrMucymM1rs0LX441M
=0uMO
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2913-2
February 24, 2016
glib-networking update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Updated glib-networking packages are required for the USN-2913-1 update.
Software Description:
- glib-networking: network-related giomodules for GLib
Details:
USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates
package. This update adds support for alternate certificate chains to the
glib-networking package to properly handle the removal.
Original advisory details:
The ca-certificates package contained outdated CA certificates. This update
refreshes the included certificates to those contained in the 20160104
package, including the removal of the SPI CA and CA certificates with
1024-bit RSA keys.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
glib-networking 2.46.0-1ubuntu0.1
Ubuntu 14.04 LTS:
glib-networking 2.40.0-1ubuntu0.1
Ubuntu 12.04 LTS:
glib-networking 2.32.1-1ubuntu2.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2913-2
http://www.ubuntu.com/usn/usn-2913-1
https://launchpad.net/bugs/1528645
Package Information:
https://launchpad.net/ubuntu/+source/glib-networking/2.46.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/glib-networking/2.40.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/glib-networking/2.32.1-1ubuntu2.1
Version: GnuPG v2
iQIcBAEBCgAGBQJWzerhAAoJEGVp2FWnRL6TL+sP/R08sj79kJltIXZuLfjziB7k
zVPBxV6jqMg3JUocEdcsdXPsSG2Rr/ZdfEjtvUURhzKmmHIekpzfZpdv8ERIoovy
E6T7DX7t8Hygz7nsRRUgOUB1OrVeHNpIokCa/7AM3L2D0v/0jEHeGfVJNeM72iAh
zUWi0ppWc9Pn49FXWhqAjWju9F4qPOsHQMsebd7/4V6UM8QcQkkd/ZdNCobi0NqD
6aB7Z+ouunpFr6T3/M/8bYw7eKG+IhPOCJ7Tr9yE/wF94PSLWnZCjpQdROdkS186
vfeSz0Jf2vXRm0LRQs27+J4AapzzTNQuI97xLxVuAg9dkHiPoKlQjaw+kVpL/dZO
qSy8Bs+IwwnSiA/citFTgVRnKn9dBwSu8uIVLoCQLhpPMkaw1MVV+/Btu3xYoNKI
caL7Udj0brf0o+haYf6im8B008hPk1V6Oxm5SKnpqJwsCLjxJXPCMfHNgfHYRJN1
SfnO7Q8R/N4jSi0iBEKEjIYLmZj4HjPwgEHVcS/PN1AujiSCpMNNQeSKOLBVNLRZ
eGYUC9SNIcu1KD+Nvf31mhXAuIQcg2JrKTebEy8cuuMl16wmcxex/aa29TTWGYIU
D0njO8JlbNd+n19atK6eG2vtK6ooUwTt1xkEc7SbP/QCA1OrYTtQcSW3uoS1Fe3L
iRsrMucymM1rs0LX441M
=0uMO
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2913-2
February 24, 2016
glib-networking update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Updated glib-networking packages are required for the USN-2913-1 update.
Software Description:
- glib-networking: network-related giomodules for GLib
Details:
USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates
package. This update adds support for alternate certificate chains to the
glib-networking package to properly handle the removal.
Original advisory details:
The ca-certificates package contained outdated CA certificates. This update
refreshes the included certificates to those contained in the 20160104
package, including the removal of the SPI CA and CA certificates with
1024-bit RSA keys.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
glib-networking 2.46.0-1ubuntu0.1
Ubuntu 14.04 LTS:
glib-networking 2.40.0-1ubuntu0.1
Ubuntu 12.04 LTS:
glib-networking 2.32.1-1ubuntu2.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2913-2
http://www.ubuntu.com/usn/usn-2913-1
https://launchpad.net/bugs/1528645
Package Information:
https://launchpad.net/ubuntu/+source/glib-networking/2.46.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/glib-networking/2.40.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/glib-networking/2.32.1-1ubuntu2.1
Tuesday, February 23, 2016
[USN-2903-2] NSS regression
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJWzIR5AAoJEGVp2FWnRL6TQRwP/AoqCxWRZ3NzT0wmuW4wSCVr
X4nySQc3zJDAP3LD7h+XV9ZgH3tvpZrhJdgKGESmfX7Tg970tqov1YI4J/rccSFh
V9Rn8Ge2tBdeU2Bhd1yaR/KI4jhn1TO0Q4Ssf/9kvm+ASMnv6/LA7iN1mEWSgbi2
nyhODHtaUlmn/Ydtkg9N8ITAHVyqEXal7Mq/W9GMzxmtccJfsFHKMV3pG1pup+Gz
8nZyDVEY4rQTuRo6FT4ReeYkqCtK+PihFq+G9srYuxyZezdW47HeLso7h7Eu4ELO
4N7+NGh+QJ5wXzNjbwi2o959YFQEXaqwUbHmUlSpusMQHoVJzIZ9ynAYn+NgARK0
FuGx71LeySKoGc9LSbERn5bUU+IXXubryZvJH1MO363krD6B8nryXBZ06PLwVNph
NCZyGtoOZ6lpCGEst5/4XDZopEVxjgFmJQ6NAYetkqvyftp1TnhBEmBroLIm9qCd
bxWCOXoW3EXCoPfsHPalo6uwxIf8MgSI1nCXJSpLF5c5xi9sQ7g1De+sLZWA311z
hqPf9QJN21ju7mireNPQstiOVvxpgh1PeDaM3DuafBVQmQGh1iuK7e/rR9a+gbgB
oF1lvL1Cww6DJo7dPTAndcrTxmNdmTFO2tuTIL0fJdekx5pQVp0GbrPN+/ajaBie
FP20iLnjQc8HW93ZrsOR
=ftP5
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2903-2
February 23, 2016
nss regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
USN-2903-1 introduced a regression in NSS.
Software Description:
- nss: Network Security Service library
Details:
USN-2903-1 fixed a vulnerability in NSS. An incorrect package versioning
change in Ubuntu 12.04 LTS caused a regression when building software
against NSS. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Hanno Böck discovered that NSS incorrectly handled certain division
functions, possibly leading to cryptographic weaknesses. (CVE-2016-1938)
This update also refreshes the NSS package to version 3.21 which includes
the latest CA certificate bundle, and removes the SPI CA.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
libnss3-dev 2:3.21-0ubuntu0.12.04.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2903-2
http://www.ubuntu.com/usn/usn-2903-1
https://launchpad.net/bugs/1547147
Package Information:
https://launchpad.net/ubuntu/+source/nss/2:3.21-0ubuntu0.12.04.2
Version: GnuPG v2
iQIcBAEBCgAGBQJWzIR5AAoJEGVp2FWnRL6TQRwP/AoqCxWRZ3NzT0wmuW4wSCVr
X4nySQc3zJDAP3LD7h+XV9ZgH3tvpZrhJdgKGESmfX7Tg970tqov1YI4J/rccSFh
V9Rn8Ge2tBdeU2Bhd1yaR/KI4jhn1TO0Q4Ssf/9kvm+ASMnv6/LA7iN1mEWSgbi2
nyhODHtaUlmn/Ydtkg9N8ITAHVyqEXal7Mq/W9GMzxmtccJfsFHKMV3pG1pup+Gz
8nZyDVEY4rQTuRo6FT4ReeYkqCtK+PihFq+G9srYuxyZezdW47HeLso7h7Eu4ELO
4N7+NGh+QJ5wXzNjbwi2o959YFQEXaqwUbHmUlSpusMQHoVJzIZ9ynAYn+NgARK0
FuGx71LeySKoGc9LSbERn5bUU+IXXubryZvJH1MO363krD6B8nryXBZ06PLwVNph
NCZyGtoOZ6lpCGEst5/4XDZopEVxjgFmJQ6NAYetkqvyftp1TnhBEmBroLIm9qCd
bxWCOXoW3EXCoPfsHPalo6uwxIf8MgSI1nCXJSpLF5c5xi9sQ7g1De+sLZWA311z
hqPf9QJN21ju7mireNPQstiOVvxpgh1PeDaM3DuafBVQmQGh1iuK7e/rR9a+gbgB
oF1lvL1Cww6DJo7dPTAndcrTxmNdmTFO2tuTIL0fJdekx5pQVp0GbrPN+/ajaBie
FP20iLnjQc8HW93ZrsOR
=ftP5
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2903-2
February 23, 2016
nss regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
USN-2903-1 introduced a regression in NSS.
Software Description:
- nss: Network Security Service library
Details:
USN-2903-1 fixed a vulnerability in NSS. An incorrect package versioning
change in Ubuntu 12.04 LTS caused a regression when building software
against NSS. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Hanno Böck discovered that NSS incorrectly handled certain division
functions, possibly leading to cryptographic weaknesses. (CVE-2016-1938)
This update also refreshes the NSS package to version 3.21 which includes
the latest CA certificate bundle, and removes the SPI CA.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
libnss3-dev 2:3.21-0ubuntu0.12.04.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2903-2
http://www.ubuntu.com/usn/usn-2903-1
https://launchpad.net/bugs/1547147
Package Information:
https://launchpad.net/ubuntu/+source/nss/2:3.21-0ubuntu0.12.04.2
[USN-2912-1] libssh vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJWzHTgAAoJEGVp2FWnRL6TbJYQAIudxpcJOk3j95hj5r0ceCvB
INPN6b9XR22l0bCA/Mv3rQJSVK7K8JN2idY5RsU+jAzM96ZwJHidJtcHgacF6QkT
98kByRp2ZJECYbtqLeqR62/jxG44EBcZzIAWqYvYxDy/bKOqaBsLiHc8ANzkvxRr
G70ygy+maKA4djaPSKbBr9qFRRK1jgpouA8qbR9Uo6aS9A6ei4LTD1iajd50Xx+J
AtFnUp017GQOX8lUiCe+GGA+Sc7YfMlARRl5mMy0yXBoReWHJ8yYc7iN5QECF5y2
OuAef2XSvobjfOIYfRdRYXvJntAVdxCndx87fpvLnda3/0Jxc44wcq5+nTp+jWwc
dbuHANQtW96DT7Fwb+b7y1hkWThqh4TjsvBHVO0M412dk7OVQ5fAzM9kBrZ/VpS1
KdA517UNh2hLa9X2lESZoIG9ggGUeZLIHpfcsjMBGH3NjpHGzJ0DW/hgS2T+eboj
HVeUfnFuWH7kR5RLyA+106hyZgJLPtcuTWVS9UeTbSIgQ2uyKmr2YfsuZX4PcNJ5
tYVEJKUKhLOmEyJpLGs6BK+23Qq0I3Osm8mLaizNe2+5H4qdgVNtWsrrEc8PZcsS
2Trv3+fg5sRewT2RRr5Pc3rRzA/FGvrOqcSJOL4acOed4q/SadskyDl77LnCpVUb
CEnWOITjPFIEx5KWHUXJ
=Z9sI
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2912-1
February 23, 2016
libssh vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in libssh.
Software Description:
- libssh: A tiny C SSH library
Details:
Mariusz Ziulek discovered that libssh incorrectly handled certain packets.
A remote attacker could possibly use this issue to cause libssh to crash,
resulting in a denial of service.
(CVE-2015-3146)
Aris Adamantiadis discovered that libssh incorrectly generated ephemeral
secret keys of 128 bits instead of the recommended 1024 or 2048 bits when
using the diffie-hellman-group1 and diffie-hellman-group14 methods. If a
remote attacker were able to perform a man-in-the-middle attack, this flaw
could be exploited to view sensitive information. (CVE-2016-0739)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
libssh-4 0.6.3-3ubuntu3.2
Ubuntu 14.04 LTS:
libssh-4 0.6.1-0ubuntu3.3
Ubuntu 12.04 LTS:
libssh-4 0.5.2-1ubuntu0.12.04.6
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2912-1
CVE-2015-3146, CVE-2016-0739
Package Information:
https://launchpad.net/ubuntu/+source/libssh/0.6.3-3ubuntu3.2
https://launchpad.net/ubuntu/+source/libssh/0.6.1-0ubuntu3.3
https://launchpad.net/ubuntu/+source/libssh/0.5.2-1ubuntu0.12.04.6
Version: GnuPG v2
iQIcBAEBCgAGBQJWzHTgAAoJEGVp2FWnRL6TbJYQAIudxpcJOk3j95hj5r0ceCvB
INPN6b9XR22l0bCA/Mv3rQJSVK7K8JN2idY5RsU+jAzM96ZwJHidJtcHgacF6QkT
98kByRp2ZJECYbtqLeqR62/jxG44EBcZzIAWqYvYxDy/bKOqaBsLiHc8ANzkvxRr
G70ygy+maKA4djaPSKbBr9qFRRK1jgpouA8qbR9Uo6aS9A6ei4LTD1iajd50Xx+J
AtFnUp017GQOX8lUiCe+GGA+Sc7YfMlARRl5mMy0yXBoReWHJ8yYc7iN5QECF5y2
OuAef2XSvobjfOIYfRdRYXvJntAVdxCndx87fpvLnda3/0Jxc44wcq5+nTp+jWwc
dbuHANQtW96DT7Fwb+b7y1hkWThqh4TjsvBHVO0M412dk7OVQ5fAzM9kBrZ/VpS1
KdA517UNh2hLa9X2lESZoIG9ggGUeZLIHpfcsjMBGH3NjpHGzJ0DW/hgS2T+eboj
HVeUfnFuWH7kR5RLyA+106hyZgJLPtcuTWVS9UeTbSIgQ2uyKmr2YfsuZX4PcNJ5
tYVEJKUKhLOmEyJpLGs6BK+23Qq0I3Osm8mLaizNe2+5H4qdgVNtWsrrEc8PZcsS
2Trv3+fg5sRewT2RRr5Pc3rRzA/FGvrOqcSJOL4acOed4q/SadskyDl77LnCpVUb
CEnWOITjPFIEx5KWHUXJ
=Z9sI
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2912-1
February 23, 2016
libssh vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in libssh.
Software Description:
- libssh: A tiny C SSH library
Details:
Mariusz Ziulek discovered that libssh incorrectly handled certain packets.
A remote attacker could possibly use this issue to cause libssh to crash,
resulting in a denial of service.
(CVE-2015-3146)
Aris Adamantiadis discovered that libssh incorrectly generated ephemeral
secret keys of 128 bits instead of the recommended 1024 or 2048 bits when
using the diffie-hellman-group1 and diffie-hellman-group14 methods. If a
remote attacker were able to perform a man-in-the-middle attack, this flaw
could be exploited to view sensitive information. (CVE-2016-0739)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
libssh-4 0.6.3-3ubuntu3.2
Ubuntu 14.04 LTS:
libssh-4 0.6.1-0ubuntu3.3
Ubuntu 12.04 LTS:
libssh-4 0.5.2-1ubuntu0.12.04.6
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2912-1
CVE-2015-3146, CVE-2016-0739
Package Information:
https://launchpad.net/ubuntu/+source/libssh/0.6.3-3ubuntu3.2
https://launchpad.net/ubuntu/+source/libssh/0.6.1-0ubuntu3.3
https://launchpad.net/ubuntu/+source/libssh/0.5.2-1ubuntu0.12.04.6
[USN-2905-1] Oxide vulnerability
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJWzFVyAAoJEGEfvezVlG4Pi7AIAIHl+bGeF9JCCzgC78xf9BBm
ZblnBU2JfflGPhEiB+/LjJyq7SVGNap8uQR6fNE1wY064Yc+Jwx7SHnNd8i0+ffI
zLO7IEs9NcjltvWvEUcDE/g5Zy8vnuVs7Zk54u5ZRjYTzpWOxjYC6zJOuCTBEcZI
+YyoXlS7Ags2pKYxcZ1A8LHoonCkhnFwG5NHWql77hEo04nhAgCschwnxOdH/RTI
ozWTQrLUcTITyFk0C9P5c/9rnfUtxJenFk639n/mks5NWH1LIHQm1gpQD7MSTlDc
uBO0X05IIVbgztuXbdAaYhNA7Atwp93BH1NXXos51yWq1ATPqIM8V4xHPMMIS7Q=
=jNtT
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2905-1
February 23, 2016
oxide-qt vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
Summary:
Oxide could be made to bypass same-origin restrictions.
Software Description:
- oxide-qt: Web browser engine library for Qt (QML plugin)
Details:
A security issue was discovered in Chromium. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to bypass same-origin restrictions or a sandbox protection mechanism.
(CVE-2016-1629)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
liboxideqtcore0 1.12.7-0ubuntu0.15.10.1
Ubuntu 14.04 LTS:
liboxideqtcore0 1.12.7-0ubuntu0.14.04.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2905-1
CVE-2016-1629
Package Information:
https://launchpad.net/ubuntu/+source/oxide-qt/1.12.7-0ubuntu0.15.10.1
https://launchpad.net/ubuntu/+source/oxide-qt/1.12.7-0ubuntu0.14.04.1
Version: GnuPG v2
iQEcBAEBCAAGBQJWzFVyAAoJEGEfvezVlG4Pi7AIAIHl+bGeF9JCCzgC78xf9BBm
ZblnBU2JfflGPhEiB+/LjJyq7SVGNap8uQR6fNE1wY064Yc+Jwx7SHnNd8i0+ffI
zLO7IEs9NcjltvWvEUcDE/g5Zy8vnuVs7Zk54u5ZRjYTzpWOxjYC6zJOuCTBEcZI
+YyoXlS7Ags2pKYxcZ1A8LHoonCkhnFwG5NHWql77hEo04nhAgCschwnxOdH/RTI
ozWTQrLUcTITyFk0C9P5c/9rnfUtxJenFk639n/mks5NWH1LIHQm1gpQD7MSTlDc
uBO0X05IIVbgztuXbdAaYhNA7Atwp93BH1NXXos51yWq1ATPqIM8V4xHPMMIS7Q=
=jNtT
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2905-1
February 23, 2016
oxide-qt vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
Summary:
Oxide could be made to bypass same-origin restrictions.
Software Description:
- oxide-qt: Web browser engine library for Qt (QML plugin)
Details:
A security issue was discovered in Chromium. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to bypass same-origin restrictions or a sandbox protection mechanism.
(CVE-2016-1629)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
liboxideqtcore0 1.12.7-0ubuntu0.15.10.1
Ubuntu 14.04 LTS:
liboxideqtcore0 1.12.7-0ubuntu0.14.04.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2905-1
CVE-2016-1629
Package Information:
https://launchpad.net/ubuntu/+source/oxide-qt/1.12.7-0ubuntu0.15.10.1
https://launchpad.net/ubuntu/+source/oxide-qt/1.12.7-0ubuntu0.14.04.1
Monday, February 22, 2016
reallost1.fbsd2233449:企业需要怎样的中层干部?
当今中国企业的中层干部,很多是半路出家。原先是业务骨干、技术能手,后来时势造化被推到"管理"这个位置,从业务一把好手,到承上启下、带领一帮人把一摊子事情做好,这个角色转换并不容易。10:59:03
我们需要怎样的中层干部?这个课程给出了答案。
zcook
2016/2/23 星期二10:59:03
[USN-2911-2] Linux kernel (OMAP4) vulnerability
==========================================================================
Ubuntu Security Notice USN-2911-2
February 22, 2016
linux-ti-omap4 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
The system could be made to crash under certain conditions.
Software Description:
- linux-ti-omap4: Linux kernel for OMAP4
Details:
It was discovered that the Linux kernel keyring subsystem contained a race
between read and revoke operations. A local attacker could use this to
cause a denial of service (system crash).
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
linux-image-3.2.0-1477-omap4 3.2.0-1477.100
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-2911-2
http://www.ubuntu.com/usn/usn-2911-1
CVE-2015-7550
Package Information:
https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.2.0-1477.100
Ubuntu Security Notice USN-2911-2
February 22, 2016
linux-ti-omap4 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
The system could be made to crash under certain conditions.
Software Description:
- linux-ti-omap4: Linux kernel for OMAP4
Details:
It was discovered that the Linux kernel keyring subsystem contained a race
between read and revoke operations. A local attacker could use this to
cause a denial of service (system crash).
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
linux-image-3.2.0-1477-omap4 3.2.0-1477.100
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-2911-2
http://www.ubuntu.com/usn/usn-2911-1
CVE-2015-7550
Package Information:
https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.2.0-1477.100
[USN-2911-1] Linux kernel vulnerability
==========================================================================
Ubuntu Security Notice USN-2911-1
February 22, 2016
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
The system could be made to crash under certain conditions.
Software Description:
- linux: Linux kernel
Details:
It was discovered that the Linux kernel keyring subsystem contained a race
between read and revoke operations. A local attacker could use this to
cause a denial of service (system crash).
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
linux-image-3.2.0-99-generic 3.2.0-99.139
linux-image-3.2.0-99-generic-pae 3.2.0-99.139
linux-image-3.2.0-99-highbank 3.2.0-99.139
linux-image-3.2.0-99-omap 3.2.0-99.139
linux-image-3.2.0-99-powerpc-smp 3.2.0-99.139
linux-image-3.2.0-99-powerpc64-smp 3.2.0-99.139
linux-image-3.2.0-99-virtual 3.2.0-99.139
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-2911-1
CVE-2015-7550
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.2.0-99.139
Ubuntu Security Notice USN-2911-1
February 22, 2016
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
The system could be made to crash under certain conditions.
Software Description:
- linux: Linux kernel
Details:
It was discovered that the Linux kernel keyring subsystem contained a race
between read and revoke operations. A local attacker could use this to
cause a denial of service (system crash).
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
linux-image-3.2.0-99-generic 3.2.0-99.139
linux-image-3.2.0-99-generic-pae 3.2.0-99.139
linux-image-3.2.0-99-highbank 3.2.0-99.139
linux-image-3.2.0-99-omap 3.2.0-99.139
linux-image-3.2.0-99-powerpc-smp 3.2.0-99.139
linux-image-3.2.0-99-powerpc64-smp 3.2.0-99.139
linux-image-3.2.0-99-virtual 3.2.0-99.139
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-2911-1
CVE-2015-7550
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.2.0-99.139
[USN-2910-1] Linux kernel (Vivid HWE) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-2910-1
February 22, 2016
linux-lts-vivid vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-lts-vivid: Linux hardware enablement kernel from Vivid
Details:
halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,
incorrectly propagated file attributes, including setuid. A local
unprivileged attacker could use this to gain privileges. (CVE-2016-1576)
halfdog discovered that OverlayFS in the Linux kernel incorrectly
propagated security sensitive extended attributes, such as POSIX ACLs. A
local unprivileged attacker could use this to gain privileges.
(CVE-2016-1575)
It was discovered that the Linux kernel keyring subsystem contained a race
between read and revoke operations. A local attacker could use this to
cause a denial of service (system crash). (CVE-2015-7550)
郭永刚 discovered that the Linux kernel networking implementation did
not validate protocol identifiers for certain protocol families, A local
attacker could use this to cause a denial of service (system crash) or
possibly gain administrative privileges. (CVE-2015-8543)
Dmitry Vyukov discovered that the pptp implementation in the Linux kernel
did not verify an address length when setting up a socket. A local attacker
could use this to craft an application that exposed sensitive information
from kernel memory. (CVE-2015-8569)
David Miller discovered that the Bluetooth implementation in the Linux
kernel did not properly validate the socket address length for Synchronous
Connection-Oriented (SCO) sockets. A local attacker could use this to
expose sensitive information. (CVE-2015-8575)
It was discovered that the Linux kernel's Filesystem in Userspace (FUSE)
implementation did not handle initial zero length segments properly. A
local attacker could use this to cause a denial of service (unkillable
task). (CVE-2015-8785)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-3.19.0-51-generic 3.19.0-51.57~14.04.1
linux-image-3.19.0-51-generic-lpae 3.19.0-51.57~14.04.1
linux-image-3.19.0-51-lowlatency 3.19.0-51.57~14.04.1
linux-image-3.19.0-51-powerpc-e500mc 3.19.0-51.57~14.04.1
linux-image-3.19.0-51-powerpc-smp 3.19.0-51.57~14.04.1
linux-image-3.19.0-51-powerpc64-emb 3.19.0-51.57~14.04.1
linux-image-3.19.0-51-powerpc64-smp 3.19.0-51.57~14.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-2910-1
CVE-2015-7550, CVE-2015-8543, CVE-2015-8569, CVE-2015-8575,
CVE-2015-8785, CVE-2016-1575, CVE-2016-1576
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-vivid/3.19.0-51.57~14.04.1
Ubuntu Security Notice USN-2910-1
February 22, 2016
linux-lts-vivid vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-lts-vivid: Linux hardware enablement kernel from Vivid
Details:
halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,
incorrectly propagated file attributes, including setuid. A local
unprivileged attacker could use this to gain privileges. (CVE-2016-1576)
halfdog discovered that OverlayFS in the Linux kernel incorrectly
propagated security sensitive extended attributes, such as POSIX ACLs. A
local unprivileged attacker could use this to gain privileges.
(CVE-2016-1575)
It was discovered that the Linux kernel keyring subsystem contained a race
between read and revoke operations. A local attacker could use this to
cause a denial of service (system crash). (CVE-2015-7550)
郭永刚 discovered that the Linux kernel networking implementation did
not validate protocol identifiers for certain protocol families, A local
attacker could use this to cause a denial of service (system crash) or
possibly gain administrative privileges. (CVE-2015-8543)
Dmitry Vyukov discovered that the pptp implementation in the Linux kernel
did not verify an address length when setting up a socket. A local attacker
could use this to craft an application that exposed sensitive information
from kernel memory. (CVE-2015-8569)
David Miller discovered that the Bluetooth implementation in the Linux
kernel did not properly validate the socket address length for Synchronous
Connection-Oriented (SCO) sockets. A local attacker could use this to
expose sensitive information. (CVE-2015-8575)
It was discovered that the Linux kernel's Filesystem in Userspace (FUSE)
implementation did not handle initial zero length segments properly. A
local attacker could use this to cause a denial of service (unkillable
task). (CVE-2015-8785)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-3.19.0-51-generic 3.19.0-51.57~14.04.1
linux-image-3.19.0-51-generic-lpae 3.19.0-51.57~14.04.1
linux-image-3.19.0-51-lowlatency 3.19.0-51.57~14.04.1
linux-image-3.19.0-51-powerpc-e500mc 3.19.0-51.57~14.04.1
linux-image-3.19.0-51-powerpc-smp 3.19.0-51.57~14.04.1
linux-image-3.19.0-51-powerpc64-emb 3.19.0-51.57~14.04.1
linux-image-3.19.0-51-powerpc64-smp 3.19.0-51.57~14.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-2910-1
CVE-2015-7550, CVE-2015-8543, CVE-2015-8569, CVE-2015-8575,
CVE-2015-8785, CVE-2016-1575, CVE-2016-1576
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-vivid/3.19.0-51.57~14.04.1
[USN-2909-1] Linux kernel (Utopic HWE) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-2909-1
February 22, 2016
linux-lts-utopic vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-lts-utopic: Linux hardware enablement kernel from Utopic
Details:
halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,
incorrectly propagated file attributes, including setuid. A local
unprivileged attacker could use this to gain privileges. (CVE-2016-1576)
halfdog discovered that OverlayFS in the Linux kernel incorrectly
propagated security sensitive extended attributes, such as POSIX ACLs. A
local unprivileged attacker could use this to gain privileges.
(CVE-2016-1575)
It was discovered that the Linux kernel's Filesystem in Userspace (FUSE)
implementation did not handle initial zero length segments properly. A
local attacker could use this to cause a denial of service (unkillable
task). (CVE-2015-8785)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-3.16.0-62-generic 3.16.0-62.82~14.04.1
linux-image-3.16.0-62-generic-lpae 3.16.0-62.82~14.04.1
linux-image-3.16.0-62-lowlatency 3.16.0-62.82~14.04.1
linux-image-3.16.0-62-powerpc-e500mc 3.16.0-62.82~14.04.1
linux-image-3.16.0-62-powerpc-smp 3.16.0-62.82~14.04.1
linux-image-3.16.0-62-powerpc64-emb 3.16.0-62.82~14.04.1
linux-image-3.16.0-62-powerpc64-smp 3.16.0-62.82~14.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-2909-1
CVE-2015-8785, CVE-2016-1575, CVE-2016-1576
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-utopic/3.16.0-62.82~14.04.1
Ubuntu Security Notice USN-2909-1
February 22, 2016
linux-lts-utopic vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-lts-utopic: Linux hardware enablement kernel from Utopic
Details:
halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,
incorrectly propagated file attributes, including setuid. A local
unprivileged attacker could use this to gain privileges. (CVE-2016-1576)
halfdog discovered that OverlayFS in the Linux kernel incorrectly
propagated security sensitive extended attributes, such as POSIX ACLs. A
local unprivileged attacker could use this to gain privileges.
(CVE-2016-1575)
It was discovered that the Linux kernel's Filesystem in Userspace (FUSE)
implementation did not handle initial zero length segments properly. A
local attacker could use this to cause a denial of service (unkillable
task). (CVE-2015-8785)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-3.16.0-62-generic 3.16.0-62.82~14.04.1
linux-image-3.16.0-62-generic-lpae 3.16.0-62.82~14.04.1
linux-image-3.16.0-62-lowlatency 3.16.0-62.82~14.04.1
linux-image-3.16.0-62-powerpc-e500mc 3.16.0-62.82~14.04.1
linux-image-3.16.0-62-powerpc-smp 3.16.0-62.82~14.04.1
linux-image-3.16.0-62-powerpc64-emb 3.16.0-62.82~14.04.1
linux-image-3.16.0-62-powerpc64-smp 3.16.0-62.82~14.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-2909-1
CVE-2015-8785, CVE-2016-1575, CVE-2016-1576
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-utopic/3.16.0-62.82~14.04.1
[USN-2908-3] Linux kernel (Raspberry Pi 2) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-2908-3
February 22, 2016
linux-raspi2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-raspi2: Linux kernel for Raspberry Pi 2
Details:
halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,
incorrectly propagated file attributes, including setuid. A local
unprivileged attacker could use this to gain privileges. (CVE-2016-1576)
halfdog discovered that OverlayFS in the Linux kernel incorrectly
propagated security sensitive extended attributes, such as POSIX ACLs. A
local unprivileged attacker could use this to gain privileges.
(CVE-2016-1575)
It was discovered that the Linux kernel did not properly enforce rlimits
for file descriptors sent over UNIX domain sockets. A local attacker could
use this to cause a denial of service. (CVE-2013-4312)
It was discovered that the Linux kernel's Filesystem in Userspace (FUSE)
implementation did not handle initial zero length segments properly. A
local attacker could use this to cause a denial of service (unkillable
task). (CVE-2015-8785)
Andy Lutomirski discovered a race condition in the Linux kernel's
translation lookaside buffer (TLB) handling of flush events. A local
attacker could use this to cause a denial of service or possibly leak
sensitive information. (CVE-2016-2069)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
linux-image-4.2.0-1025-raspi2 4.2.0-1025.32
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-2908-3
http://www.ubuntu.com/usn/usn-2908-1
CVE-2013-4312, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576,
CVE-2016-2069
Package Information:
https://launchpad.net/ubuntu/+source/linux-raspi2/4.2.0-1025.32
Ubuntu Security Notice USN-2908-3
February 22, 2016
linux-raspi2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-raspi2: Linux kernel for Raspberry Pi 2
Details:
halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,
incorrectly propagated file attributes, including setuid. A local
unprivileged attacker could use this to gain privileges. (CVE-2016-1576)
halfdog discovered that OverlayFS in the Linux kernel incorrectly
propagated security sensitive extended attributes, such as POSIX ACLs. A
local unprivileged attacker could use this to gain privileges.
(CVE-2016-1575)
It was discovered that the Linux kernel did not properly enforce rlimits
for file descriptors sent over UNIX domain sockets. A local attacker could
use this to cause a denial of service. (CVE-2013-4312)
It was discovered that the Linux kernel's Filesystem in Userspace (FUSE)
implementation did not handle initial zero length segments properly. A
local attacker could use this to cause a denial of service (unkillable
task). (CVE-2015-8785)
Andy Lutomirski discovered a race condition in the Linux kernel's
translation lookaside buffer (TLB) handling of flush events. A local
attacker could use this to cause a denial of service or possibly leak
sensitive information. (CVE-2016-2069)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
linux-image-4.2.0-1025-raspi2 4.2.0-1025.32
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-2908-3
http://www.ubuntu.com/usn/usn-2908-1
CVE-2013-4312, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576,
CVE-2016-2069
Package Information:
https://launchpad.net/ubuntu/+source/linux-raspi2/4.2.0-1025.32
[USN-2908-2] Linux kernel (Wily HWE) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-2908-2
February 22, 2016
linux-lts-wily vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-lts-wily: Linux hardware enablement kernel from Wily
Details:
halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,
incorrectly propagated file attributes, including setuid. A local
unprivileged attacker could use this to gain privileges. (CVE-2016-1576)
halfdog discovered that OverlayFS in the Linux kernel incorrectly
propagated security sensitive extended attributes, such as POSIX ACLs. A
local unprivileged attacker could use this to gain privileges.
(CVE-2016-1575)
It was discovered that the Linux kernel did not properly enforce rlimits
for file descriptors sent over UNIX domain sockets. A local attacker could
use this to cause a denial of service. (CVE-2013-4312)
It was discovered that the Linux kernel's Filesystem in Userspace (FUSE)
implementation did not handle initial zero length segments properly. A
local attacker could use this to cause a denial of service (unkillable
task). (CVE-2015-8785)
Andy Lutomirski discovered a race condition in the Linux kernel's
translation lookaside buffer (TLB) handling of flush events. A local
attacker could use this to cause a denial of service or possibly leak
sensitive information. (CVE-2016-2069)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-4.2.0-30-generic 4.2.0-30.35~14.04.1
linux-image-4.2.0-30-generic-lpae 4.2.0-30.35~14.04.1
linux-image-4.2.0-30-lowlatency 4.2.0-30.35~14.04.1
linux-image-4.2.0-30-powerpc-e500mc 4.2.0-30.35~14.04.1
linux-image-4.2.0-30-powerpc-smp 4.2.0-30.35~14.04.1
linux-image-4.2.0-30-powerpc64-emb 4.2.0-30.35~14.04.1
linux-image-4.2.0-30-powerpc64-smp 4.2.0-30.35~14.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-2908-2
http://www.ubuntu.com/usn/usn-2908-1
CVE-2013-4312, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576,
CVE-2016-2069
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-wily/4.2.0-30.35~14.04.1
Ubuntu Security Notice USN-2908-2
February 22, 2016
linux-lts-wily vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-lts-wily: Linux hardware enablement kernel from Wily
Details:
halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,
incorrectly propagated file attributes, including setuid. A local
unprivileged attacker could use this to gain privileges. (CVE-2016-1576)
halfdog discovered that OverlayFS in the Linux kernel incorrectly
propagated security sensitive extended attributes, such as POSIX ACLs. A
local unprivileged attacker could use this to gain privileges.
(CVE-2016-1575)
It was discovered that the Linux kernel did not properly enforce rlimits
for file descriptors sent over UNIX domain sockets. A local attacker could
use this to cause a denial of service. (CVE-2013-4312)
It was discovered that the Linux kernel's Filesystem in Userspace (FUSE)
implementation did not handle initial zero length segments properly. A
local attacker could use this to cause a denial of service (unkillable
task). (CVE-2015-8785)
Andy Lutomirski discovered a race condition in the Linux kernel's
translation lookaside buffer (TLB) handling of flush events. A local
attacker could use this to cause a denial of service or possibly leak
sensitive information. (CVE-2016-2069)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-4.2.0-30-generic 4.2.0-30.35~14.04.1
linux-image-4.2.0-30-generic-lpae 4.2.0-30.35~14.04.1
linux-image-4.2.0-30-lowlatency 4.2.0-30.35~14.04.1
linux-image-4.2.0-30-powerpc-e500mc 4.2.0-30.35~14.04.1
linux-image-4.2.0-30-powerpc-smp 4.2.0-30.35~14.04.1
linux-image-4.2.0-30-powerpc64-emb 4.2.0-30.35~14.04.1
linux-image-4.2.0-30-powerpc64-smp 4.2.0-30.35~14.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-2908-2
http://www.ubuntu.com/usn/usn-2908-1
CVE-2013-4312, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576,
CVE-2016-2069
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-wily/4.2.0-30.35~14.04.1
[USN-2908-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-2908-1
February 22, 2016
linux vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux: Linux kernel
Details:
halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,
incorrectly propagated file attributes, including setuid. A local
unprivileged attacker could use this to gain privileges. (CVE-2016-1576)
halfdog discovered that OverlayFS in the Linux kernel incorrectly
propagated security sensitive extended attributes, such as POSIX ACLs. A
local unprivileged attacker could use this to gain privileges.
(CVE-2016-1575)
It was discovered that the Linux kernel did not properly enforce rlimits
for file descriptors sent over UNIX domain sockets. A local attacker could
use this to cause a denial of service. (CVE-2013-4312)
It was discovered that the Linux kernel's Filesystem in Userspace (FUSE)
implementation did not handle initial zero length segments properly. A
local attacker could use this to cause a denial of service (unkillable
task). (CVE-2015-8785)
Andy Lutomirski discovered a race condition in the Linux kernel's
translation lookaside buffer (TLB) handling of flush events. A local
attacker could use this to cause a denial of service or possibly leak
sensitive information. (CVE-2016-2069)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
linux-image-4.2.0-30-generic 4.2.0-30.35
linux-image-4.2.0-30-generic-lpae 4.2.0-30.35
linux-image-4.2.0-30-lowlatency 4.2.0-30.35
linux-image-4.2.0-30-powerpc-e500mc 4.2.0-30.35
linux-image-4.2.0-30-powerpc-smp 4.2.0-30.35
linux-image-4.2.0-30-powerpc64-emb 4.2.0-30.35
linux-image-4.2.0-30-powerpc64-smp 4.2.0-30.35
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-2908-1
CVE-2013-4312, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576,
CVE-2016-2069
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.2.0-30.35
Ubuntu Security Notice USN-2908-1
February 22, 2016
linux vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux: Linux kernel
Details:
halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,
incorrectly propagated file attributes, including setuid. A local
unprivileged attacker could use this to gain privileges. (CVE-2016-1576)
halfdog discovered that OverlayFS in the Linux kernel incorrectly
propagated security sensitive extended attributes, such as POSIX ACLs. A
local unprivileged attacker could use this to gain privileges.
(CVE-2016-1575)
It was discovered that the Linux kernel did not properly enforce rlimits
for file descriptors sent over UNIX domain sockets. A local attacker could
use this to cause a denial of service. (CVE-2013-4312)
It was discovered that the Linux kernel's Filesystem in Userspace (FUSE)
implementation did not handle initial zero length segments properly. A
local attacker could use this to cause a denial of service (unkillable
task). (CVE-2015-8785)
Andy Lutomirski discovered a race condition in the Linux kernel's
translation lookaside buffer (TLB) handling of flush events. A local
attacker could use this to cause a denial of service or possibly leak
sensitive information. (CVE-2016-2069)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
linux-image-4.2.0-30-generic 4.2.0-30.35
linux-image-4.2.0-30-generic-lpae 4.2.0-30.35
linux-image-4.2.0-30-lowlatency 4.2.0-30.35
linux-image-4.2.0-30-powerpc-e500mc 4.2.0-30.35
linux-image-4.2.0-30-powerpc-smp 4.2.0-30.35
linux-image-4.2.0-30-powerpc64-emb 4.2.0-30.35
linux-image-4.2.0-30-powerpc64-smp 4.2.0-30.35
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-2908-1
CVE-2013-4312, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576,
CVE-2016-2069
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.2.0-30.35
[USN-2907-2] Linux kernel (Trusty HWE) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-2907-2
February 22, 2016
linux-lts-trusty vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-lts-trusty: Linux hardware enablement kernel from Trusty
Details:
halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,
incorrectly propagated file attributes, including setuid. A local
unprivileged attacker could use this to gain privileges. (CVE-2016-1576)
halfdog discovered that OverlayFS in the Linux kernel incorrectly
propagated security sensitive extended attributes, such as
POSIX ACLs. A local unprivileged attacker could use this to gain
privileges. (CVE-2016-1575)
It was discovered that the Linux kernel keyring subsystem contained a race
between read and revoke operations. A local attacker could use this to
cause a denial of service (system crash). (CVE-2015-7550)
郭永刚 discovered that the Linux kernel networking implementation did
not validate protocol identifiers for certain protocol families, A local
attacker could use this to cause a denial of service (system crash) or
possibly gain administrative privileges. (CVE-2015-8543)
Dmitry Vyukov discovered that the pptp implementation in the Linux kernel
did not verify an address length when setting up a socket. A local attacker
could use this to craft an application that exposed sensitive information
from kernel memory. (CVE-2015-8569)
David Miller discovered that the Bluetooth implementation in the Linux
kernel did not properly validate the socket address length for Synchronous
Connection-Oriented (SCO) sockets. A local attacker could use this to
expose sensitive information. (CVE-2015-8575)
It was discovered that the Linux kernel's Filesystem in Userspace (FUSE)
implementation did not handle initial zero length segments properly. A
local attacker could use this to cause a denial of service (unkillable
task). (CVE-2015-8785)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
linux-image-3.13.0-79-generic 3.13.0-79.123~precise1
linux-image-3.13.0-79-generic-lpae 3.13.0-79.123~precise1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-2907-2
http://www.ubuntu.com/usn/usn-2907-1
CVE-2015-7550, CVE-2015-8543, CVE-2015-8569, CVE-2015-8575,
CVE-2015-8785, CVE-2016-1575, CVE-2016-1576
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-79.123~precise1
Ubuntu Security Notice USN-2907-2
February 22, 2016
linux-lts-trusty vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-lts-trusty: Linux hardware enablement kernel from Trusty
Details:
halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,
incorrectly propagated file attributes, including setuid. A local
unprivileged attacker could use this to gain privileges. (CVE-2016-1576)
halfdog discovered that OverlayFS in the Linux kernel incorrectly
propagated security sensitive extended attributes, such as
POSIX ACLs. A local unprivileged attacker could use this to gain
privileges. (CVE-2016-1575)
It was discovered that the Linux kernel keyring subsystem contained a race
between read and revoke operations. A local attacker could use this to
cause a denial of service (system crash). (CVE-2015-7550)
郭永刚 discovered that the Linux kernel networking implementation did
not validate protocol identifiers for certain protocol families, A local
attacker could use this to cause a denial of service (system crash) or
possibly gain administrative privileges. (CVE-2015-8543)
Dmitry Vyukov discovered that the pptp implementation in the Linux kernel
did not verify an address length when setting up a socket. A local attacker
could use this to craft an application that exposed sensitive information
from kernel memory. (CVE-2015-8569)
David Miller discovered that the Bluetooth implementation in the Linux
kernel did not properly validate the socket address length for Synchronous
Connection-Oriented (SCO) sockets. A local attacker could use this to
expose sensitive information. (CVE-2015-8575)
It was discovered that the Linux kernel's Filesystem in Userspace (FUSE)
implementation did not handle initial zero length segments properly. A
local attacker could use this to cause a denial of service (unkillable
task). (CVE-2015-8785)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
linux-image-3.13.0-79-generic 3.13.0-79.123~precise1
linux-image-3.13.0-79-generic-lpae 3.13.0-79.123~precise1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-2907-2
http://www.ubuntu.com/usn/usn-2907-1
CVE-2015-7550, CVE-2015-8543, CVE-2015-8569, CVE-2015-8575,
CVE-2015-8785, CVE-2016-1575, CVE-2016-1576
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-79.123~precise1
[USN-2907-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-2907-1
February 22, 2016
linux vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux: Linux kernel
Details:
halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,
incorrectly propagated file attributes, including setuid. A local
unprivileged attacker could use this to gain privileges. (CVE-2016-1576)
halfdog discovered that OverlayFS in the Linux kernel incorrectly
propagated security sensitive extended attributes, such as
POSIX ACLs. A local unprivileged attacker could use this to gain
privileges. (CVE-2016-1575)
It was discovered that the Linux kernel keyring subsystem contained a race
between read and revoke operations. A local attacker could use this to
cause a denial of service (system crash). (CVE-2015-7550)
郭永刚 discovered that the Linux kernel networking implementation did
not validate protocol identifiers for certain protocol families, A local
attacker could use this to cause a denial of service (system crash) or
possibly gain administrative privileges. (CVE-2015-8543)
Dmitry Vyukov discovered that the pptp implementation in the Linux kernel
did not verify an address length when setting up a socket. A local attacker
could use this to craft an application that exposed sensitive information
from kernel memory. (CVE-2015-8569)
David Miller discovered that the Bluetooth implementation in the Linux
kernel did not properly validate the socket address length for Synchronous
Connection-Oriented (SCO) sockets. A local attacker could use this to
expose sensitive information. (CVE-2015-8575)
It was discovered that the Linux kernel's Filesystem in Userspace (FUSE)
implementation did not handle initial zero length segments properly. A
local attacker could use this to cause a denial of service (unkillable
task). (CVE-2015-8785)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-3.13.0-79-generic 3.13.0-79.123
linux-image-3.13.0-79-generic-lpae 3.13.0-79.123
linux-image-3.13.0-79-lowlatency 3.13.0-79.123
linux-image-3.13.0-79-powerpc-e500 3.13.0-79.123
linux-image-3.13.0-79-powerpc-e500mc 3.13.0-79.123
linux-image-3.13.0-79-powerpc-smp 3.13.0-79.123
linux-image-3.13.0-79-powerpc64-emb 3.13.0-79.123
linux-image-3.13.0-79-powerpc64-smp 3.13.0-79.123
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-2907-1
CVE-2015-7550, CVE-2015-8543, CVE-2015-8569, CVE-2015-8575,
CVE-2015-8785, CVE-2016-1575, CVE-2016-1576
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-79.123
Ubuntu Security Notice USN-2907-1
February 22, 2016
linux vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux: Linux kernel
Details:
halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,
incorrectly propagated file attributes, including setuid. A local
unprivileged attacker could use this to gain privileges. (CVE-2016-1576)
halfdog discovered that OverlayFS in the Linux kernel incorrectly
propagated security sensitive extended attributes, such as
POSIX ACLs. A local unprivileged attacker could use this to gain
privileges. (CVE-2016-1575)
It was discovered that the Linux kernel keyring subsystem contained a race
between read and revoke operations. A local attacker could use this to
cause a denial of service (system crash). (CVE-2015-7550)
郭永刚 discovered that the Linux kernel networking implementation did
not validate protocol identifiers for certain protocol families, A local
attacker could use this to cause a denial of service (system crash) or
possibly gain administrative privileges. (CVE-2015-8543)
Dmitry Vyukov discovered that the pptp implementation in the Linux kernel
did not verify an address length when setting up a socket. A local attacker
could use this to craft an application that exposed sensitive information
from kernel memory. (CVE-2015-8569)
David Miller discovered that the Bluetooth implementation in the Linux
kernel did not properly validate the socket address length for Synchronous
Connection-Oriented (SCO) sockets. A local attacker could use this to
expose sensitive information. (CVE-2015-8575)
It was discovered that the Linux kernel's Filesystem in Userspace (FUSE)
implementation did not handle initial zero length segments properly. A
local attacker could use this to cause a denial of service (unkillable
task). (CVE-2015-8785)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-3.13.0-79-generic 3.13.0-79.123
linux-image-3.13.0-79-generic-lpae 3.13.0-79.123
linux-image-3.13.0-79-lowlatency 3.13.0-79.123
linux-image-3.13.0-79-powerpc-e500 3.13.0-79.123
linux-image-3.13.0-79-powerpc-e500mc 3.13.0-79.123
linux-image-3.13.0-79-powerpc-smp 3.13.0-79.123
linux-image-3.13.0-79-powerpc64-emb 3.13.0-79.123
linux-image-3.13.0-79-powerpc64-smp 3.13.0-79.123
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-2907-1
CVE-2015-7550, CVE-2015-8543, CVE-2015-8569, CVE-2015-8575,
CVE-2015-8785, CVE-2016-1575, CVE-2016-1576
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-79.123
[USN-2906-1] GNU cpio vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJWy1oYAAoJEGVp2FWnRL6T4cgP/1/XkwB75IJu2jsR/BNy7rbm
QYfOtGomXSGATXjU348HNdYcxn48K3Y50ZrdoMA0txjNgZy9XHsH2yU+jBrmWspA
PVT+KC+l/LdLGcdm1BAmAGM3mvpQryDPs8FfuUEG5c0Xxg738rvi0X0qcTobMAF+
3abKdTI+Tj+yPqTFP3QnAckuv3ot6hhNnx4+3Phfzef/sWPpfyZ1T7GbRhPr7edM
GKfrjQ8EZcGQCY48PzgbfXYQQog5XHFGdtYVEKmByiVeeFCLjDwM34hpw/vd5xfo
PgvY1jk85DcD0tPfFuLHOVJRlUYFfynEayOm+l3+4FjCK9yp9apofFDBJB8EGsUx
TH/Wz3Ic/NOQmDuBntBdLSljLS4NNzu95ac8r58D79dvJyXtToIkAV66WU+CvGVM
SoG7JrN43wWNxaUKiaB0wKFcCBLQIGDW0pCnoplCIgKo6jQGIXr2UTEHZJKmsGt+
GC2Cl+aWbDzPe4dPpygv71wIT1etf6gLLBcv0coLWWatfqI+Y/qJu+nWYaFNM79x
rrxMSzpCQey6uJ2GsEsEAeFrINPY+goz4rDsl1pQdqlKUqlTf3/UmuQPuDM5b8NL
eT3PUF5YJq6M26Y6fD8xqksFvY/kCY2gM9pYlSuVdkE+M1w4VUl3CqEbeBwBtP7U
XIL1ke8XXX7xkRdCgRdS
=t2hp
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2906-1
February 22, 2016
cpio vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in GNU cpio.
Software Description:
- cpio: a tool to manage archives of files
Details:
Alexander Cherepanov discovered that GNU cpio incorrectly handled symbolic
links when used with the --no-absolute-filenames option. If a user or
automated system were tricked into extracting a specially-crafted cpio
archive, a remote attacker could possibly use this issue to write arbitrary
files. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2015-1197)
Gustavo Grieco discovered that GNU cpio incorrectly handled memory when
extracting archive files. If a user or automated system were tricked into
extracting a specially-crafted cpio archive, a remote attacker could use
this issue to cause GNU cpio to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2016-2037)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
cpio 2.11+dfsg-4.1ubuntu1.1
Ubuntu 14.04 LTS:
cpio 2.11+dfsg-1ubuntu1.2
Ubuntu 12.04 LTS:
cpio 2.11-7ubuntu3.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2906-1
CVE-2015-1197, CVE-2016-2037
Package Information:
https://launchpad.net/ubuntu/+source/cpio/2.11+dfsg-4.1ubuntu1.1
https://launchpad.net/ubuntu/+source/cpio/2.11+dfsg-1ubuntu1.2
https://launchpad.net/ubuntu/+source/cpio/2.11-7ubuntu3.2
Version: GnuPG v2
iQIcBAEBCgAGBQJWy1oYAAoJEGVp2FWnRL6T4cgP/1/XkwB75IJu2jsR/BNy7rbm
QYfOtGomXSGATXjU348HNdYcxn48K3Y50ZrdoMA0txjNgZy9XHsH2yU+jBrmWspA
PVT+KC+l/LdLGcdm1BAmAGM3mvpQryDPs8FfuUEG5c0Xxg738rvi0X0qcTobMAF+
3abKdTI+Tj+yPqTFP3QnAckuv3ot6hhNnx4+3Phfzef/sWPpfyZ1T7GbRhPr7edM
GKfrjQ8EZcGQCY48PzgbfXYQQog5XHFGdtYVEKmByiVeeFCLjDwM34hpw/vd5xfo
PgvY1jk85DcD0tPfFuLHOVJRlUYFfynEayOm+l3+4FjCK9yp9apofFDBJB8EGsUx
TH/Wz3Ic/NOQmDuBntBdLSljLS4NNzu95ac8r58D79dvJyXtToIkAV66WU+CvGVM
SoG7JrN43wWNxaUKiaB0wKFcCBLQIGDW0pCnoplCIgKo6jQGIXr2UTEHZJKmsGt+
GC2Cl+aWbDzPe4dPpygv71wIT1etf6gLLBcv0coLWWatfqI+Y/qJu+nWYaFNM79x
rrxMSzpCQey6uJ2GsEsEAeFrINPY+goz4rDsl1pQdqlKUqlTf3/UmuQPuDM5b8NL
eT3PUF5YJq6M26Y6fD8xqksFvY/kCY2gM9pYlSuVdkE+M1w4VUl3CqEbeBwBtP7U
XIL1ke8XXX7xkRdCgRdS
=t2hp
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2906-1
February 22, 2016
cpio vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in GNU cpio.
Software Description:
- cpio: a tool to manage archives of files
Details:
Alexander Cherepanov discovered that GNU cpio incorrectly handled symbolic
links when used with the --no-absolute-filenames option. If a user or
automated system were tricked into extracting a specially-crafted cpio
archive, a remote attacker could possibly use this issue to write arbitrary
files. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2015-1197)
Gustavo Grieco discovered that GNU cpio incorrectly handled memory when
extracting archive files. If a user or automated system were tricked into
extracting a specially-crafted cpio archive, a remote attacker could use
this issue to cause GNU cpio to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2016-2037)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
cpio 2.11+dfsg-4.1ubuntu1.1
Ubuntu 14.04 LTS:
cpio 2.11+dfsg-1ubuntu1.2
Ubuntu 12.04 LTS:
cpio 2.11-7ubuntu3.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2906-1
CVE-2015-1197, CVE-2016-2037
Package Information:
https://launchpad.net/ubuntu/+source/cpio/2.11+dfsg-4.1ubuntu1.1
https://launchpad.net/ubuntu/+source/cpio/2.11+dfsg-1ubuntu1.2
https://launchpad.net/ubuntu/+source/cpio/2.11-7ubuntu3.2
Friday, February 19, 2016
[lfs-announce] LFS-7.9-rc2 is released
The Linux From Scratch community is pleased to announce the release of LFS
Version 7.9-rc2. This is the second release candidate on the road to
LFS-7.9. It is a major release with toolchain updates to binutils. glibc,
and gcc. In total, 25 packages were updated from LFS-7.8 and changes to
text has been made throughout the book.
Version 7.9-rc2. This is the second release candidate on the road to
LFS-7.9. It is a major release with toolchain updates to binutils. glibc,
and gcc. In total, 25 packages were updated from LFS-7.8 and changes to
text has been made throughout the book.
Changes from LFS-7.9-rc1 include updates to glibc-2.23 and linux-4.4.2.
We encourage all users to read through this release of the book and test
the instructions so that we can make the final release as good as possible.
You can read the book online at
http://www.linuxfromscratch.org/lfs/view/7.9-rc2/, or download from
http://www.linuxfromscratch.org/lfs/downloads/7.9-rc2/ to read locally.
In coordination with this release, a new version of LFS using the systemd
package is also being released. This package implements the newer systemd
style of system initialization and control and is consistent with LFS in
most packages.
You can read the systemd version of the book online at
http://www.linuxfromscratch.org/lfs/view/7.9-systemd-rc2/, or download
http://www.linuxfromscratch.org/lfs/downloads/7.9-systemd-rc2/ to read
locally.
-- Bruce Dubbs
linuxfromscratch.org
--
http://lists.linuxfromscratch.org/listinfo/lfs-announce
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
Thursday, February 18, 2016
[CentOS-announce] CEBA-2016:0268 CentOS 6 ptlib FASTTRACK BugFix Update
CentOS Errata and Bugfix Advisory 2016:0268
Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-0268.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
0348146563840e96432128fce8893e5c1e052b8c7a04731580b71ef6ec88d928 ptlib-2.6.5-5.el6.i686.rpm
f15fb5b00ef80df31948e084c9746c4d38af9b8f6f17f435ee35a2a420a1805b ptlib-devel-2.6.5-5.el6.i686.rpm
x86_64:
0348146563840e96432128fce8893e5c1e052b8c7a04731580b71ef6ec88d928 ptlib-2.6.5-5.el6.i686.rpm
9591b407f7f281255041138bea978c25fa450d4db068cc267396eef5f47e82d4 ptlib-2.6.5-5.el6.x86_64.rpm
f15fb5b00ef80df31948e084c9746c4d38af9b8f6f17f435ee35a2a420a1805b ptlib-devel-2.6.5-5.el6.i686.rpm
16d22c5bd3e7e1f8c2030c3c9cfedbb8d8163bd079d91fa284e299ec4d2f9e77 ptlib-devel-2.6.5-5.el6.x86_64.rpm
Source:
77f35943cb9f218305dad4478269b10bc9b932a7376710c6a4ad147b6aeeab52 ptlib-2.6.5-5.el6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-0268.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
0348146563840e96432128fce8893e5c1e052b8c7a04731580b71ef6ec88d928 ptlib-2.6.5-5.el6.i686.rpm
f15fb5b00ef80df31948e084c9746c4d38af9b8f6f17f435ee35a2a420a1805b ptlib-devel-2.6.5-5.el6.i686.rpm
x86_64:
0348146563840e96432128fce8893e5c1e052b8c7a04731580b71ef6ec88d928 ptlib-2.6.5-5.el6.i686.rpm
9591b407f7f281255041138bea978c25fa450d4db068cc267396eef5f47e82d4 ptlib-2.6.5-5.el6.x86_64.rpm
f15fb5b00ef80df31948e084c9746c4d38af9b8f6f17f435ee35a2a420a1805b ptlib-devel-2.6.5-5.el6.i686.rpm
16d22c5bd3e7e1f8c2030c3c9cfedbb8d8163bd079d91fa284e299ec4d2f9e77 ptlib-devel-2.6.5-5.el6.x86_64.rpm
Source:
77f35943cb9f218305dad4478269b10bc9b932a7376710c6a4ad147b6aeeab52 ptlib-2.6.5-5.el6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2016:0258 Important CentOS 5 thunderbird Security Update
CentOS Errata and Security Advisory 2016:0258 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0258.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
fc47e7fd94bd3079266b27f1307d954fd5a9f9442a91c3a2cb6172e86faa9224 thunderbird-38.6.0-1.el5.centos.i386.rpm
x86_64:
ec8dcb696078c89e8aa535036e750f5e4e06e40dbcd883e255287ea6b69bd61e thunderbird-38.6.0-1.el5.centos.x86_64.rpm
Source:
2e6c718b8d5ce3cf2919e8c44995d1048ae923f32159b06cfc6f0dd06caa2088 thunderbird-38.6.0-1.el5.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0258.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
fc47e7fd94bd3079266b27f1307d954fd5a9f9442a91c3a2cb6172e86faa9224 thunderbird-38.6.0-1.el5.centos.i386.rpm
x86_64:
ec8dcb696078c89e8aa535036e750f5e4e06e40dbcd883e255287ea6b69bd61e thunderbird-38.6.0-1.el5.centos.x86_64.rpm
Source:
2e6c718b8d5ce3cf2919e8c44995d1048ae923f32159b06cfc6f0dd06caa2088 thunderbird-38.6.0-1.el5.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Ubuntu 14.04.4 LTS released
The Ubuntu team is pleased to announce the release of Ubuntu 14.04.4 LTS
(Long-Term Support) for its Desktop, Server, Cloud, and Core products,
as well as other flavours of Ubuntu with long-term support.
We have expanded our hardware enablement offering since 12.04, and with
14.04.4, this point release contains an updated kernel and X stack for
new installations to support new hardware across all our supported
architectures, not just x86.
As usual, this point release includes many updates, and updated
installation media has been provided so that fewer updates will need to
be downloaded after installation. These include security updates and
corrections for other high-impact bugs, with a focus on maintaining
stability and compatibility with Ubuntu 14.04 LTS.
Kubuntu 14.04.4 LTS, Edubuntu 14.04.4 LTS, Xubuntu 14.04.4 LTS,
Mythbuntu 14.04.4 LTS, Ubuntu GNOME 14.04.4 LTS, Lubuntu 14.04.4 LTS,
Ubuntu Kylin 14.04.4 LTS, and Ubuntu Studio 14.04.4 LTS are also now
available. More details can be found in their individual release notes:
https://wiki.ubuntu.com/TrustyTahr/ReleaseNotes#Official_flavours
Maintenance updates will be provided for 5 years for Ubuntu Desktop,
Ubuntu Server, Ubuntu Cloud, Ubuntu Core, Ubuntu Kylin, Edubuntu, and
Kubuntu. All the remaining flavours will be supported for 3 years.
To get Ubuntu 14.04.4
---------------------
In order to download Ubuntu 14.04.4, visit:
http://www.ubuntu.com/download
Users of Ubuntu 12.04 will be offered an automatic upgrade to
14.04.4 via Update Manager. For further information about upgrading,
see:
https://help.ubuntu.com/community/TrustyUpgrades
As always, upgrades to the latest version of Ubuntu are entirely free of
charge.
We recommend that all users read the 14.04.4 release notes, which
document caveats and workarounds for known issues, as well as more
in-depth notes on the release itself. They are available at:
https://wiki.ubuntu.com/TrustyTahr/ReleaseNotes
If you have a question, or if you think you may have found a bug but
aren't sure, you can try asking in any of the following places:
#ubuntu on irc.freenode.net
http://lists.ubuntu.com/mailman/listinfo/ubuntu-users
http://www.ubuntuforums.org
http://askubuntu.com
Help Shape Ubuntu
-----------------
If you would like to help shape Ubuntu, take a look at the list of ways
you can participate at:
http://www.ubuntu.com/community/get-involved
About Ubuntu
------------
Ubuntu is a full-featured Linux distribution for desktops, laptops,
clouds and servers, with a fast and easy installation and regular
releases. A tightly-integrated selection of excellent applications is
included, and an incredible variety of add-on software is just a few
clicks away.
Professional services including support are available from Canonical and
hundreds of other companies around the world. For more information
about support, visit:
http://www.ubuntu.com/support
More Information
----------------
You can learn more about Ubuntu and about this release on our website
listed below:
http://www.ubuntu.com/
To sign up for future Ubuntu announcements, please subscribe to Ubuntu's
very low volume announcement list at:
http://lists.ubuntu.com/mailman/listinfo/ubuntu-announce
On behalf of the Ubuntu Release Team,
... Adam Conrad
--
ubuntu-announce mailing list
ubuntu-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-announce
(Long-Term Support) for its Desktop, Server, Cloud, and Core products,
as well as other flavours of Ubuntu with long-term support.
We have expanded our hardware enablement offering since 12.04, and with
14.04.4, this point release contains an updated kernel and X stack for
new installations to support new hardware across all our supported
architectures, not just x86.
As usual, this point release includes many updates, and updated
installation media has been provided so that fewer updates will need to
be downloaded after installation. These include security updates and
corrections for other high-impact bugs, with a focus on maintaining
stability and compatibility with Ubuntu 14.04 LTS.
Kubuntu 14.04.4 LTS, Edubuntu 14.04.4 LTS, Xubuntu 14.04.4 LTS,
Mythbuntu 14.04.4 LTS, Ubuntu GNOME 14.04.4 LTS, Lubuntu 14.04.4 LTS,
Ubuntu Kylin 14.04.4 LTS, and Ubuntu Studio 14.04.4 LTS are also now
available. More details can be found in their individual release notes:
https://wiki.ubuntu.com/TrustyTahr/ReleaseNotes#Official_flavours
Maintenance updates will be provided for 5 years for Ubuntu Desktop,
Ubuntu Server, Ubuntu Cloud, Ubuntu Core, Ubuntu Kylin, Edubuntu, and
Kubuntu. All the remaining flavours will be supported for 3 years.
To get Ubuntu 14.04.4
---------------------
In order to download Ubuntu 14.04.4, visit:
http://www.ubuntu.com/download
Users of Ubuntu 12.04 will be offered an automatic upgrade to
14.04.4 via Update Manager. For further information about upgrading,
see:
https://help.ubuntu.com/community/TrustyUpgrades
As always, upgrades to the latest version of Ubuntu are entirely free of
charge.
We recommend that all users read the 14.04.4 release notes, which
document caveats and workarounds for known issues, as well as more
in-depth notes on the release itself. They are available at:
https://wiki.ubuntu.com/TrustyTahr/ReleaseNotes
If you have a question, or if you think you may have found a bug but
aren't sure, you can try asking in any of the following places:
#ubuntu on irc.freenode.net
http://lists.ubuntu.com/mailman/listinfo/ubuntu-users
http://www.ubuntuforums.org
http://askubuntu.com
Help Shape Ubuntu
-----------------
If you would like to help shape Ubuntu, take a look at the list of ways
you can participate at:
http://www.ubuntu.com/community/get-involved
About Ubuntu
------------
Ubuntu is a full-featured Linux distribution for desktops, laptops,
clouds and servers, with a fast and easy installation and regular
releases. A tightly-integrated selection of excellent applications is
included, and an incredible variety of add-on software is just a few
clicks away.
Professional services including support are available from Canonical and
hundreds of other companies around the world. For more information
about support, visit:
http://www.ubuntu.com/support
More Information
----------------
You can learn more about Ubuntu and about this release on our website
listed below:
http://www.ubuntu.com/
To sign up for future Ubuntu announcements, please subscribe to Ubuntu's
very low volume announcement list at:
http://lists.ubuntu.com/mailman/listinfo/ubuntu-announce
On behalf of the Ubuntu Release Team,
... Adam Conrad
--
ubuntu-announce mailing list
ubuntu-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-announce
reallost1.fbsd2233449:如何成为优秀的新任经理?
新任经理、部门经理全面管理技能提升训练
【时间地点】 2016年03月11-12日深圳 03月18-19日上海 04月15-16日广州
【参加对象】 新上任主管、经理,储备人员,部门经理/主管,职能经理,技术经理,企业中高层...
【学习费用】 3200 /人, (含课程讲义、午餐、茶点等)
垂·询·热·线:北京:010-5129-9910,深圳:0755-6128-0006 ,上海:021-3100-6787
在·线·QQ:320588808 189-1787 0808许先生
注:如不需此类信件信息,请转发送"删除"至wytuixin@163.com,我们会及时处理,谢谢您的理解。
课程背景:
企业的发展壮大,需要管理干部的快速成长;面对越来越激烈的市场竞争,需要管理干部的管理水平快上台阶。许多企业的中层管理干部,尤其是新任的主管经理,从专业岗位转换为主管经理后,对管理工作及管理角色的认识不到位,管理工作片面而被动,没有真正把管理的责任担当起来。有些中层管理干部虽然具有管理意识,但缺思路,缺方法,缺动作,管事带人效果不佳,事情没做好,人员没留住,团队不成型,积极性不高,凝聚力不够,归属感不强,干部自身忙而累,累而烦,久而久之麻木倦怠!
新任经理全面管理技能提升训练培训帮助新任经理、主管等企业管理干部,系统理解管理的逻辑性,站在整体角度,把握管理角色,理解人事管理的相辅相成,分析问题,梳理思路,探讨方法,演练工具,帮助缩短中层干部的成长周期,减少管理失误,提高管理效率,以适应市场竞争形势和企业的快速发展!
培训收益:
1、建立对管理的整体和系统思维,理解从问题,思路,系统,方法,到动作的管理线索
2、理解中层管理者在企业里应承担的责任,角色身份,应表现出的态度和意识
3、掌握把工作管好的方法和技巧 – 计划,组织,控制,创新
4、掌握带人带团队的方法 – 培养训练,沟通互动,团队氛围营造,激励设计
5、促进自我提升 – 有效管理时间,职业认识,个人修炼
讲师介绍:【曹礼明】
强调落地的动作化训练导师!
中山大学MBA,中国首批PMP认证资格人员,知名企业管理培训导师。
20多年的企业工作与管理实践经验,先后在国企、合资、外资、民企担任研发经理、部门经理、人力资源总监、生产及运营总监、常务副总等职。
从事企业管理咨询顾问5年,帮助企业进行管 理变革和管理干部队伍训练。曹老师融合中西方管理理念和方法,擅长将西方管理理论与中国企业实际相结合,以结果和管理有效性为导向,注重方法、策略、措施与实际情况相结合,追求对企业产生实际效果。
曹礼明老师认为企业管理干部管理知识和思维固然重要,如果不能落地,不能应用在工作中解决问题,那么价值有限,事倍功半!
企业要解决管理上的"最后一公里"问题,必须在如何落地,如何做管理动作上下工夫!曹老师的训练强调找问题,做动作,追求学用结合!
曹礼明老师在企业执行力提升,中高层领导力,团队打造,团队文化建设,干部管理技能训练等方面有丰富经验。他曾主持了多家企业的管理咨询辅导,使企业从管理混乱失控、业绩停滞不前、人员自由涣散的状态,逐步改变成制度规范、流程控制有效、企业业绩显著提升、企业凝聚力增强的崭新企业。
曹礼明老师自从事企业管理培训以来,内外训课程数百场,受训人数上万人,其中《新任经理全面管理技能提升训练》公开课二百余期,《MTP中层管理训练》内 训上百期,内训结合企业实际情况和解决学员问题而深受好评。
老师特点:
强调务实,不夸大,不作秀,不刻意宣传。
讲求实战,实用,实效,注重动作化;
注重管理的整体性和逻辑性,提倡打组合拳。
课堂风格:
欢迎学员现场提问,带着问题来,带着答案走
问题导向,引导启发思考和解决问题
演讲,互动,问题讨论,现场演练,案例分享相结合
主要课程:
《新任经理全面管理技能提升训练》、《中层管 理MTP训练》、《中高层领导力》、《中层执行力》、《中层选用育留》、《中层带团队》、《管理沟通与协调》、《中层核心工作能力提升》、《团队管理与人员激励》、《生产经理、主管实战管理技能提升训练》等课程。
课程大纲:
第一部分 自我管理
一、管理与角色认知
从专业走向管理后,如何实现角色转换?
管理的目的是什么?
中基层管理者,要承担哪些管理责任?
中基层管理者如何确立自己对上,对下,对中的身份定位?
中层管理者如何避免角色行为误区?
【讨论互动】: 你是如何理解管理及角色的?
二、管理者工作方法
时间管理与工作统筹
时间分析:我的时间用的有效吗?
时间管理的四个象限
四个象限的策略和目标
管理者如何识别轻重缓急?
好钢用在刀刃上 – 如何抓住工作的重中之重?
管理者如何做好工作统筹?
其他常用工作方法
结构分解法
项目管理法
目标管理法
PDCA
5W3H
SMART
第二部分 工作管理
一、工作管理 – 工作计划
计划为何重要?
制定计划的步骤
如何做工作分解?
工作评估与安排
【工具演练】:用WBS工具做工作策划与分解
【工具模板】:WBS参考模板
二、工作管理 – 工作组织
什么是工作组织?组织的目的是什么?
企业组织设计
企业工作组织
企业工作组织中的问题
工作组织原则
三、工作管理 – 执行控制
企业执行力差的管理因素
【讨论互动】:执行不力的管理因素
工作执行控制的策略
工作控制方法与工具
分段控制法
三要素控制法
稽核控制法
【工具演练】:控制卡设计练习
【参考工具】:三要素控制卡
【案例分析】: 三要素控制卡工具的应用
【案例分析】: 分段控制法应用
【案例分析】:稽核控制法应用
目标管理与绩效考核法
什么是目标管理?
目标来自哪里?
结果可衡量性?
考核规则?
目标共识性?
绩效考核的关键问题
数据的真实准确性?
考核与面谈注意事项
奖惩合理性
四、工作管理 – 工作改善
改进,变革与创新意识
建立创新机制
第三部分 人员与团队管理
一、沟通技能
对上沟通
了解上司
接受命令,请示建议,汇报工作
如何配合上司?
平行沟通协调
案例分析:工作协作协调中的首要问题是什么?
平级关系沟通中应切记的三条原则
如何应对办公室政治?
沟通方法技巧
沟通如何准备?
倾听的技巧
表达的技巧
赞美的技巧
二、团队管理 – 领导力发挥
什么是领导力?
领导与管理的区别
领导力来源于什么?
管理者如何提升领导力素质,发挥领导作用?
什么样的品质更受下属敬重?
什么样的行为要以身作则?
哪些能力必须修炼?
心智修炼
三、团队管理 – 员工管理
员工管理策略
打破盲人摸象式的员工管理思维!
管不住事能管好人吗?
如何应用原则性与灵活性结合?
推拉帮管组合拳
什么是德主刑辅的管理思维?
员工管理案例分析讨论:
新任主管的挑战?
个性专家员工?
老油条,有后台?
如何处理法不责众?
在下属面前没有威信怎么办?
四、团队管理 – 员工培育
1、抓思想
如何使员工认同企业?
工作中的意识问题?
引导员工的职业观,企业观,人生价值观?
调整员工心态与情绪?
2、带作风
如何带出一支雷厉风行,敢打硬仗的队伍?
如何训练良好的行为习惯?
3、提升能力
如何帮助员工建立职业理想?
管不住事能管好人吗?
如何让员工在工作中成长?
【案例分析】:华为,海尔的晋升通道与任职资格体系
【模板参考】:岗位能力分析
五、团队管理 -- 团队环境建设
1、团队环境建设与团队文化建设
2、环境对人的影响
3、优秀团队的环境特征
4、如何塑造团队环境?
价值观宣传
领导骨干的作用
制度与平台
环境建设的管理策略
六、员工管理 – 员工激励
马斯洛需求层次理论在员工需求中的体现?
如何把握员工需求?
激励员工的方法措施
物质激励是基础 – 公正评价,合理报酬,帮助员工增加收入!
让员工成长 – 个性化的培养
放大感受价值 – 关注感受与感情!
【案例分析】:企业员工激励方案和措施若干
如何激发员工 – 激励员工的12剧场
【模板工具】:12剧场激励设计方法
Subscribe to:
Posts (Atom)