How to fix Linux Kernel from Dirty COW (CVE-2016-5195) – Debian/Ubuntu

  Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability that Linux Kernel has and exists since 2005. CVE stands for Common Vulnerabilities and Exposures). The explanation why this can be referred as Dirty COW is as a result of a race condition that was found in Linux kernels memory subsystem, handled the copy-on-write (COW) breakage of private read-only memory mappings. That means that a local user that did not have the privilege, could use this flaw for gaining access to read only memory mappings.

OpenSSL Vulnerabilities Critical Patch released by Canonical

Canonical recently released a critical security patch for OpenSSL Vulnerabilities. This release addresses an openssl – Secure Socket Layer (SSL) cryptographic library and tools and its affects the following releases of Ubuntu and its derivatives: Ubuntu 15.10, Ubuntu 15.04, Ubuntu 14.04 LTS, Ubuntu 12.04 LTS. Details: Guy Leaver discovered that OpenSSL incorrectly handled a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.

NVIDIA graphics drivers vulnerability update for Ubuntu OS

It was recently discovered that the NVIDIA graphics drivers incorrectly sanitized user mode inputs. A local attacker could use this issue to possibly gain root privileges. What this means in summary is that NVIDIA graphics drivers could be made to run programs as an administrator. This vulnerability affects the following drivers: nvidia-graphics-drivers-304 nvidia-graphics-drivers-304-updates nvidia-graphics-drivers-340 nvidia-graphics-drivers-340-updates nvidia-graphics-drivers-352 nvidia-graphics-drivers-352-updates vulnerability A security issue affects these releases of Ubuntu and its derivatives:

libxml2 vulnerabilities found in Ubuntu 15.10, Ubuntu 15.04, Ubuntu 14.04 LTS, Ubuntu 12.04 LTS

Details of a number of libxml2 vulnerabilities that have been found and fixed in Ubuntu 15.10, Ubuntu 15.04, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS have been published Ubuntu security notice blog. According to the summary – “Several security issues were fixed in libxml2.“ libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service.

Heartbleed bug in OpenSSL

A serious vulnerability has been detected in the popular OpenSSL cryptographic software, the open-source software package broadly used to encrypt Web communications. The flaw allows attackers to steal the information that is normally protected by SSL/TLS encryption, which is used to protect Web applications, e-mail communications, instant messaging (IM) and some virtual private networks (VPNs). Update: For those using the Amazon Linux AMI, you can simply run “sudo yum update openssl”, and then restart any services using OpenSSL to protect any at-risk instances.