Hackin9
LinuxSecurity.com: Update to latest upstream stable release, Linux v4.0.5. Wide variety of fixes across the tree.
 
LinuxSecurity.com: Security fix for CVE-2015-2694Security fix for CVE-2014-5353(this was fixed in an older build but the announcement was lost)
 
LinuxSecurity.com: - Release 3.11 is a security fix release- Upstream changelog is at https://www.drupal.org/node/2480259
 
LinuxSecurity.com: - Release 3.11 is a security fix release- Upstream changelog is at https://www.drupal.org/node/2480259
 
LinuxSecurity.com: - Release 3.11 is a security fix release- Upstream changelog is at https://www.drupal.org/node/2480259
 
LinuxSecurity.com: New upstream bug-fix release.
 

Government officials have been vague in their testimony about the data breaches—there was apparently more than one—at the Office of Personnel Management. But on Thursday, officials from OPM, the Department of Homeland Security, and the Department of the Interior revealed new information that indicates at least two separate systems were compromised by attackers within OPM's and Interior's networks. The first was the Electronic Official Personnel Folder (eOPF) system, an entity hosted for OPM at the Department of the Interior's shared service data center. The second was the central database behind EPIC, the suite of software used by OPM's Federal Investigative Service in order to collect data for government employee and contractor background investigations.

OPM has not yet revealed the full extent of the data exposed by the attack, but initial actions by the agency in response to the breaches indicate information g as many as 3.2 million federal employees (both current federal employees and retirees) was exposed. However, new estimates in light of this week's revelations have soared, estimating as many as 14 million people in and outside government will be affected by the breach—including uniformed military and intelligence personnel. It is, essentially, the biggest potential "doxing" in history. And if true, personal details from nearly everyone who works for the government in some capacity may now be in the hands of a foreign government. This fallout is the culmination of years of issues such as reliance on outdated software and contracting large swaths of security work elsewhere (including China).

The OPM breaches themselves are cause for major concerns, but there are signs that these are not isolated incidents. "We see supporting evidence that these attacks are related to the group that launched the attack on Anthem [the large health insurer breached earlier this year]," said Tom Parker, chief technology officer of the information security company FusionX. "And there was a breach at United Airlines that's potentially correlated as well." When pulled together into an analytical database, the information could essentially become a LinkedIn for spies, providing a foreign intelligence organization with a way to find individuals with the right job titles, the right connections, and traits that might make them more susceptible to recruitment or compromise.

Read 46 remaining paragraphs | Comments

 
LinuxSecurity.com: Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code.
 
LinuxSecurity.com: This update fixed 2 security flaws.
 
LinuxSecurity.com: Security fixes for:* CVE-2015-3315* CVE-2015-3142* CVE-2015-1869* CVE-2015-1870* CVE-2015-3151* CVE-2015-3150* CVE-2015-3159abrt:- Move the default dump location from /var/tmp/abrt to /var/spool/abrt - Use root for owner of all dump directories- Stop reading hs_error.log from /tmp- Don not save the system logs by default- Don not save dmesg if kernel.dmesg_restrict=1libreport:- Harden the code against directory traversal, symbolic and hard link attacks- Fix a bug causing that the first value of AlwaysExcludedElements was ignored- Fix missing icon for the "Stop" button icon name- Improve development documentation- Translations updatesgnome-abrt:- Enabled the Details also for the System problems- Do not crash in the testing of availabitlity of XServer- Fix 'Open problem's data directory'- Quit Application on Ctrl+Q- Translation updatessatyr:- New kernel taint flags- More secure core stacktraces from core hook
 
LinuxSecurity.com: Security fixes for:* CVE-2015-3315* CVE-2015-3142* CVE-2015-1869* CVE-2015-1870* CVE-2015-3151* CVE-2015-3150* CVE-2015-3159abrt:- Move the default dump location from /var/tmp/abrt to /var/spool/abrt - Use root for owner of all dump directories- Stop reading hs_error.log from /tmp- Don not save the system logs by default- Don not save dmesg if kernel.dmesg_restrict=1libreport:- Harden the code against directory traversal, symbolic and hard link attacks- Fix a bug causing that the first value of AlwaysExcludedElements was ignored- Fix missing icon for the "Stop" button icon name- Improve development documentation- Translations updatesgnome-abrt:- Enabled the Details also for the System problems- Do not crash in the testing of availabitlity of XServer- Fix 'Open problem's data directory'- Quit Application on Ctrl+Q- Translation updatessatyr:- New kernel taint flags- More secure core stacktraces from core hook
 
LinuxSecurity.com: Security fixes for:* CVE-2015-3315* CVE-2015-3142* CVE-2015-1869* CVE-2015-1870* CVE-2015-3151* CVE-2015-3150* CVE-2015-3159abrt:- Move the default dump location from /var/tmp/abrt to /var/spool/abrt - Use root for owner of all dump directories- Stop reading hs_error.log from /tmp- Don not save the system logs by default- Don not save dmesg if kernel.dmesg_restrict=1libreport:- Harden the code against directory traversal, symbolic and hard link attacks- Fix a bug causing that the first value of AlwaysExcludedElements was ignored- Fix missing icon for the "Stop" button icon name- Improve development documentation- Translations updatesgnome-abrt:- Enabled the Details also for the System problems- Do not crash in the testing of availabitlity of XServer- Fix 'Open problem's data directory'- Quit Application on Ctrl+Q- Translation updatessatyr:- New kernel taint flags- More secure core stacktraces from core hook
 
LinuxSecurity.com: Security fixes for:* CVE-2015-3315* CVE-2015-3142* CVE-2015-1869* CVE-2015-1870* CVE-2015-3151* CVE-2015-3150* CVE-2015-3159abrt:- Move the default dump location from /var/tmp/abrt to /var/spool/abrt - Use root for owner of all dump directories- Stop reading hs_error.log from /tmp- Don not save the system logs by default- Don not save dmesg if kernel.dmesg_restrict=1libreport:- Harden the code against directory traversal, symbolic and hard link attacks- Fix a bug causing that the first value of AlwaysExcludedElements was ignored- Fix missing icon for the "Stop" button icon name- Improve development documentation- Translations updatesgnome-abrt:- Enabled the Details also for the System problems- Do not crash in the testing of availabitlity of XServer- Fix 'Open problem's data directory'- Quit Application on Ctrl+Q- Translation updatessatyr:- New kernel taint flags- More secure core stacktraces from core hook
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

There was a vulnerability released earlier this week that has quite the potential to be a biggie. It is worth noting mainly because Ubuntu is quite prevalent and the propensity to patch systems is quite low, or at least slow. Ubuntu is also used as part of the underlying infrastructure for many a VPS provider.

The issue was discovered by Philip Pettersson and the details can be found here -- http://seclists.org/oss-sec/2015/q2/717

What it boils down to is an issue in overlayfs and permissions checking.
One use for overlayfs is to present a writable files system when the underlying file system is read only. When a file needs to be writable it is copied from the lower directory (real file system) to the upper file system where it can be modified. Philip worked out that the permission needed is that of the original file owner rather than the user triggering the copy_up.

The POC shows a number of things that can be done using this vulnerability.

The patch is out, so that should be the first choice. If you cant patch you may be able to blacklist the module on your system (modify /etc/modprobe.d/blacklist or /etc/modprobe.d/blacklist.conf) on your system.

POC: https://www.exploit-db.com/exploits/37292/ and 37293

Mark H - Shearwater

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Internet Storm Center Infocon Status