Security Warnings for Linux

Back to 28: Grub2 Authentication 0-Day
http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html


Analysis and Exploitation of a Linux Kernel Vulnerability (CVE-2016-0728)
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/

CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow
https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html

Beware of hacked ISOs if you downloaded Linux Mint on February 20th!
http://blog.linuxmint.com/?p=2994

server and client side remote code execution through a buffer overflow in all git versions before 2.7.1
http://seclists.org/oss-sec/2016/q1/645

Circumventing Ubuntu Snap Confinement
https://mjg59.dreamwidth.org/42320.html

USN-2956-1: ubuntu-core-launcher vulnerability
http://www.ubuntu.com/usn/usn-2956-1/

Chinese ARM vendor left developer backdoor in kernel for Android, other devices
http://arstechnica.com/security/2016/05/chinese-arm-vendor-left-developer-backdoor-in-kernel-for-android-pi-devices/
http://forum.armbian.com/index.php/topic/1108-security-alert-for-allwinner-sun8i-h3a83th8/
https://twitter.com/DaveManouchehri/status/729453383799738369/photo/1

Notice of Ubuntu Forums breach; user passwords not compromised
https://insights.ubuntu.com/2016/07/15/notice-of-security-breach-on-ubuntu-forums/

Study Highlights Serious Security Threat to Many Internet Users
https://ucrtoday.ucr.edu/39030
http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf

Entropy Loss and Output Predictability in the Libgcrypt PRNG
http://formal.iti.kit.edu/~klebanov/pubs/libgcrypt-cve-2016-6313.pdf
https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html

Linux/Mirai ELF, when malware is recycled could be still dangerous
http://securityaffairs.co/wordpress/50929/malware/linux-mirai-elf.html

MySQL Exploit Remote Root-Code Execution Privesc CVE-2016-6662
http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html

Dirty COW (CVE-2016-5195)
http://dirtycow.ninja/
https://access.redhat.com/security/cve/cve-2016-5195
https://security-tracker.debian.org/tracker/CVE-2016-5195
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619

Linux users urged to protect against ‘Dirty COW’ security flaw
http://www.v3.co.uk/v3-uk/news/2474845/linux-users-urged-to-protect-against-dirty-cow-security-flaw

CVE-2016-4484: Cryptsetup Initrd root Shell
http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html

[0day] [PoC] Risky design decisions in Google Chrome and Fedora desktop enable drive-by downloads
https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-risky-design-decisions-in.html

CVE-2016-8655 Linux af_packet.c race condition (local root)
http://seclists.org/oss-sec/2016/q4/607
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c
https://www.ubuntu.com/usn/usn-3151-1/

McAfee Virus Scan for Linux - Vulnerability Writeup by Andrew Fasano
https://nation.state.actor/mcafee.html

Reliably compromising Ubuntu desktops by attacking the crash reporter
https://donncha.is/2016/12/compromising-ubuntu-desktop/