Monday, March 31, 2014

USN-2158-1: Linux kernel (Raring HWE) vulnerabilities

Ubuntu Security Notice USN-2158-1


1st April, 2014


linux-lts-raring vulnerabilities


A security issue affects these releases of Ubuntu and its derivatives:



  • Ubuntu 12.04 LTS


Summary


Several security issues were fixed in the kernel.


Software description



  • linux-lts-raring - Linux hardware enablement kernel from Raring


Details


Stephan Mueller reported an error in the Linux kernel's ansi cprng random

number generator. This flaw makes it easier for a local attacker to break

cryptographic protections. (CVE-2013-4345)


Nico Golde and Fabian Yamaguchi reported buffer underflow errors in the

implementation of the XFS filesystem in the Linux kernel. A local user with

CAP_SYS_ADMIN could exploit these flaw to cause a denial of service (memory

corruption) or possibly other unspecified issues. (CVE-2013-6382)


An information leak was discovered in the Linux kernel when built with the

NetFilter Connection Tracking (NF_CONNTRACK) support for IRC protocol

(NF_NAT_IRC). A remote attacker could exploit this flaw to obtain

potentially sensitive kernel information when communicating over a client-

to-client IRC connection(/dcc) via a NAT-ed network. (CVE-2014-1690)


Update instructions


The problem can be corrected by updating your system to the following package version:



Ubuntu 12.04 LTS:

linux-image-3.8.0-38-generic 3.8.0-38.56~precise1


To update your system, please follow these instructions: http://bit.ly/1aJDvTw.


After a standard system update you need to reboot your computer to make

all the necessary changes.


ATTENTION: Due to an unavoidable ABI change the kernel updates have

been given a new version number, which requires you to recompile and

reinstall all third party kernel modules you might have installed. If

you use linux-restricted-modules, you have to update that package as

well to get modules which work with the new kernel version. Unless you

manually uninstalled the standard kernel metapackages (e.g. linux-generic,

linux-server, linux-powerpc), a standard system upgrade will automatically

perform this as well.


References


CVE-2013-4345, CVE-2013-6382, CVE-2014-1690






via Ubuntu Security Notices http://bit.ly/1dMx34w

RSA caught again in NSA subverting of Dual EC encryption

A team of researchers has discovered that RSA's "Extended Random" TLS extension decreases encryption cracking times by a factor of up to 65,000 times.



via Latest Topic for ZDNet in Security http://zd.net/1mtbhmi

EMC’s @makitadremel talks software-defined storage, DPaas, and the Data Protection Continuum: http://bit.ly/1huf4iK






EMC logo
EMC’s @makitadremel talks software-defined storage, DPaas, and the Data Protection Continuum: http://bit.ly/1huf4iK






via EMC Feeds http://bit.ly/1iUkwLI

EMC’s @makitadremel talks software-defined storage, DPaas, and the Data Protection Continuum: http://bit.ly/1huf4iK






EMC logo
EMC’s @makitadremel talks software-defined storage, DPaas, and the Data Protection Continuum: http://bit.ly/1huf4iK






via EMC Feeds http://bit.ly/1iUkwLI

Join us on April 3rd and discover the right level of data protection for a software-defined world: http://bit.ly/1pC3Lrb






EMC logo
Join us on April 3rd and discover the right level of data protection for a software-defined world: http://bit.ly/1pC3Lrb






via EMC Feeds http://bit.ly/1pC3MLP

Join us on April 3rd and discover the right level of data protection for a software-defined world: http://bit.ly/1pC3Lrb






EMC logo
Join us on April 3rd and discover the right level of data protection for a software-defined world: http://bit.ly/1pC3Lrb






via EMC Feeds http://bit.ly/1pC3MLP

VMware vCloud Blog: Why Your Organization Needs a Cloud-Based Disaster Recovery Plan

Businesses know they need to back up their data, their workloads and their applications in the event that disaster strikes. Downtime of business-critical applications or data loss could cause a major disruption for organizations caught without a comprehensive disaster recovery (DR) plan in place. In fact, according to the U.S. Small Business Administration, approximately 25% of businesses that are affected by a disaster fail to reopen.


Organizations don’t need to wait for a disaster to strike to start thinking about disaster readiness. As recent natural disasters have taught us, such as Hurricane Sandy or the Fukushima earthquake, catastrophes can strike with barely a moment’s notice, and having a workable, well-thought-out disaster recovery plan is crucial to help a business get back on its feet and recover quickly following a disaster.


Today, pretty much every organization makes backups, typically every 24 hours or more. In a disaster, that means hours or days of data can be lost, and it takes hours or days to restore everything from backups. Disaster recovery protection (continuous replication) offers a much higher level of protection, allowing an organization to set a recovery point measured in minutes or hours, and the organization can quickly restart applications rather than having to restore them from different storage. Yet many small to medium sized businesses simply don’t do DR at all because implementing DR has been either too complicated, too expensive or both.


DR services have sprung up to address the complexity challenge, but in almost all cases they don’t make it any simpler – they just transfer the complexity to a managed services team, who manually manage the DR on a customer’s behalf. As a result, these services remain relatively expensive because the complexity is still there, and the customer is being billed for people time as well as the cost of the infrastructure.


We think there’s plenty of room to make DR faster, cheaper and simpler for everyone by applying to tenets of large-scale, standardized hybrid cloud computing to the problem.


The cloud is changing how IT organizations operate, and disaster recovery should not be an exception. VMware is going to be bringing cloud innovation to the world of DR. We’ll have more to say about that soon.


Be sure to subscribe to the vCloud blog, follow @vCloud on Twitter or ‘like’ us on Facebook for future updates.






via VMware Blogs http://bit.ly/1mstFM7

VMware vCloud Blog: Why Your Organization Needs a Cloud-Based Disaster Recovery Plan

Businesses know they need to back up their data, their workloads and their applications in the event that disaster strikes. Downtime of business-critical applications or data loss could cause a major disruption for organizations caught without a comprehensive disaster recovery (DR) plan in place. In fact, according to the U.S. Small Business Administration, approximately 25% of businesses that are affected by a disaster fail to reopen.


Organizations don’t need to wait for a disaster to strike to start thinking about disaster readiness. As recent natural disasters have taught us, such as Hurricane Sandy or the Fukushima earthquake, catastrophes can strike with barely a moment’s notice, and having a workable, well-thought-out disaster recovery plan is crucial to help a business get back on its feet and recover quickly following a disaster.


Today, pretty much every organization makes backups, typically every 24 hours or more. In a disaster, that means hours or days of data can be lost, and it takes hours or days to restore everything from backups. Disaster recovery protection (continuous replication) offers a much higher level of protection, allowing an organization to set a recovery point measured in minutes or hours, and the organization can quickly restart applications rather than having to restore them from different storage. Yet many small to medium sized businesses simply don’t do DR at all because implementing DR has been either too complicated, too expensive or both.


DR services have sprung up to address the complexity challenge, but in almost all cases they don’t make it any simpler – they just transfer the complexity to a managed services team, who manually manage the DR on a customer’s behalf. As a result, these services remain relatively expensive because the complexity is still there, and the customer is being billed for people time as well as the cost of the infrastructure.


We think there’s plenty of room to make DR faster, cheaper and simpler for everyone by applying to tenets of large-scale, standardized hybrid cloud computing to the problem.


The cloud is changing how IT organizations operate, and disaster recovery should not be an exception. VMware is going to be bringing cloud innovation to the world of DR. We’ll have more to say about that soon.


Be sure to subscribe to the vCloud blog, follow @vCloud on Twitter or ‘like’ us on Facebook for future updates.






via VMware Blogs http://bit.ly/1mssBbi

VMwareTV: Cisco UCS Solution with VMware Virtual SAN™ (VSAN)


















Mark Balch, Director of Cisco Product Management, discusses collaboration with VMware to bring joint UCS and Virtual SAN solutions.


From: VMware

Views: 2


0 ratings

Time: 01:57 More in Science & Technology






via VMware Blogs http://bit.ly/1htx4Kf

VMwareTV: Cisco UCS Solution with VMware Virtual SAN™ (VSAN)


















Mark Balch, Director of Cisco Product Management, discusses collaboration with VMware to bring joint UCS and Virtual SAN solutions.


From: VMware

Views: 2


0 ratings

Time: 01:57 More in Science & Technology






via VMware Blogs http://bit.ly/1htx4Kf

Sustainability: EMC's Global Product Operations









EMC logo


















Learn how EMC's Global Product Operations is cutting costs, material waste, and greenhouse gas emissions, managing social and environmental risks, and exceed...


From: EMC

Views: 0


0 ratings

Time: 04:45 More in Science & Technology








via EMC Feeds http://bit.ly/1htrLKC

Sustainability: EMC's Global Product Operations









EMC logo


















Learn how EMC's Global Product Operations is cutting costs, material waste, and greenhouse gas emissions, managing social and environmental risks, and exceed...


From: EMC

Views: 0


0 ratings

Time: 04:45 More in Science & Technology








via EMC Feeds http://bit.ly/1htrLKC

We’re accelerating data protection as a service. Interested? Join us on April 3rd for a special webcast: http://bit.ly/1jDbsOA






EMC logo
We’re accelerating data protection as a service. Interested? Join us on April 3rd for a special webcast: http://bit.ly/1jDbsOA






via EMC Feeds http://bit.ly/O9z4eR

We’re accelerating data protection as a service. Interested? Join us on April 3rd for a special webcast: http://bit.ly/1jDbsOA






EMC logo
We’re accelerating data protection as a service. Interested? Join us on April 3rd for a special webcast: http://bit.ly/1jDbsOA






via EMC Feeds http://bit.ly/O9z4eR

@linkages thanks for the tweet! Our handle is @EMCcorp so you can tweet us here. We may be biased, but we think @EMCProven is awesome






EMC logo
@linkages thanks for the tweet! Our handle is @EMCcorp so you can tweet us here. We may be biased, but we think @EMCProven is awesome






via EMC Feeds http://bit.ly/1iTiRWI

@linkages thanks for the tweet! Our handle is @EMCcorp so you can tweet us here. We may be biased, but we think @EMCProven is awesome






EMC logo
@linkages thanks for the tweet! Our handle is @EMCcorp so you can tweet us here. We may be biased, but we think @EMCProven is awesome






via EMC Feeds http://bit.ly/1iTiRWI

Facebook Builds its Own Threat Information Framework

Keeping ahead of web-based threats requires a mechanism to continually search for new types of attacks while understanding existing ones. However, data fragmentation and threat complexity plagues efforts to keep track of all the data related to malware, phishing and other risks – differences in how threats are discussed, categorized or even named vary from platform to platform and vendor to vendor. Facebook is taking steps to solve the issue for itself with the release of ThreatData.



via Infosecurity - Latest News http://bit.ly/Pb7Rty

Tax Phishes Spawn on Both Sides of Atlantic

Tax season in both the US and the UK is upon us and it looks like cybercriminals are once more trolling for unwitting victims with thematic phishing emails aimed to those preparing to render unto Caesar.



via Infosecurity - Latest News http://bit.ly/1mr3Z2u

Joe Tucci, Chairman and CEO of EMC, discusses the EMC Federation: http://bit.ly/1hVz5Lw http://bit.ly/1rZkdE6






EMC logo
Joe Tucci, Chairman and CEO of EMC, discusses the EMC Federation: http://bit.ly/1hVz5Lw http://bit.ly/1rZkdE6






via EMC Feeds http://bit.ly/1hVz7TQ

Joe Tucci, Chairman and CEO of EMC, discusses the EMC Federation: http://bit.ly/1hVz5Lw http://bit.ly/1rZkdE6






EMC logo
Joe Tucci, Chairman and CEO of EMC, discusses the EMC Federation: http://bit.ly/1hVz5Lw http://bit.ly/1rZkdE6






via EMC Feeds http://bit.ly/1hVz7TQ