Sicherheit: Mehrere Probleme in Linux

Lesezeichen hinzufügen

--===============0358008955756592640==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="qMm9M+Fa2AknHoGS"
Content-Disposition: inline

--qMm9M+Fa2AknHoGS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-1189-1
August 19, 2011

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 8.04 LTS

Summary:

Multiple kernel flaws were fixed.

Software Description:
- linux: Linux kernel

Details:

It was discovered that the /proc filesystem did not correctly handle
permission changes when programs executed. A local attacker could hold open
files to examine details about programs running with higher privileges,
potentially increasing the chances of exploiting additional
vulnerabilities. (CVE-2011-1020)

Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear
memory. A local attacker could exploit this to read kernel stack memory,
leading to a loss of privacy. (CVE-2011-1078)

Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check
that device name strings were NULL terminated. A local attacker could
exploit this to crash the system, leading to a denial of service, or leak
contents of kernel stack memory, leading to a loss of privacy.
(CVE-2011-1079)

Vasiliy Kulikov discovered that bridge network filtering did not check that
name fields were NULL terminated. A local attacker could exploit this to
leak contents of kernel stack memory, leading to a loss of privacy.
(CVE-2011-1080)

Johan Hovold discovered that the DCCP network stack did not correctly
handle certain packet combinations. A remote attacker could send specially
crafted network traffic that would crash the system, leading to a denial of
service. (CVE-2011-1093)

Peter Huewe discovered that the TPM device did not correctly initialize
memory. A local attacker could exploit this to read kernel heap memory
contents, leading to a loss of privacy. (CVE-2011-1160)

Dan Rosenberg discovered that the IRDA subsystem did not correctly check
certain field sizes. If a system was using IRDA, a remote attacker could
send specially crafted traffic to crash the system or gain root privileges.
(CVE-2011-1180)

Dan Rosenberg discovered that the X.25 Rose network stack did not correctly
handle certain fields. If a system was running with Rose enabled, a remote
attacker could send specially crafted traffic to gain root privileges.
(CVE-2011-1493)

It was discovered that Bluetooth l2cap and rfcomm did not correctly
initialize structures. A local attacker could exploit this to read portions
of the kernel stack, leading to a loss of privacy. (CVE-2011-2492)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 8.04 LTS:
linux-image-2.6.24-29-386 2.6.24-29.93
linux-image-2.6.24-29-generic 2.6.24-29.93
linux-image-2.6.24-29-hppa32 2.6.24-29.93
linux-image-2.6.24-29-hppa64 2.6.24-29.93
linux-image-2.6.24-29-itanium 2.6.24-29.93
linux-image-2.6.24-29-lpia 2.6.24-29.93
linux-image-2.6.24-29-lpiacompat 2.6.24-29.93
linux-image-2.6.24-29-mckinley 2.6.24-29.93
linux-image-2.6.24-29-openvz 2.6.24-29.93
linux-image-2.6.24-29-powerpc 2.6.24-29.93
linux-image-2.6.24-29-powerpc-smp 2.6.24-29.93
linux-image-2.6.24-29-powerpc64-smp 2.6.24-29.93
linux-image-2.6.24-29-rt 2.6.24-29.93
linux-image-2.6.24-29-server 2.6.24-29.93
linux-image-2.6.24-29-sparc64 2.6.24-29.93
linux-image-2.6.24-29-sparc64-smp 2.6.24-29.93
linux-image-2.6.24-29-virtual 2.6.24-29.93
linux-image-2.6.24-29-xen 2.6.24-29.93

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1189-1
CVE-2011-1020, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080,
CVE-2011-1093, CVE-2011-1160, CVE-2011-1180, CVE-2011-1493,
CVE-2011-2492

Package Information:
https://launchpad.net/ubuntu/+source/linux/2.6.24-29.93

--qMm9M+Fa2AknHoGS
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Kees Cook <kees@outflux.net>

iQIcBAEBCgAGBQJOTpJyAAoJEIly9N/cbcAmJggQAK1QjBLdAqXVKPRPUtZKPek9
uPDfr82Qu1sAaPpUSaU45IduJt1PD55qgyS8Ij0mpywup6YiZvUbH+rZSALDE76Z
5b+A/GEg5qMWPqRbIQDQq6rVFGdxWdmQ3B0wSdMr2bgS57oxHj5Ay/Y5sz4uli5h
k2nzYKfdv/icuSPqbPf1zJDEpQNw+xOQwOAPrxn2Oxw03PXfVh1+JOIOAIW7kjRa
kwtLtbVhpRtwqI6wlcXDqgHtQH7ZA+rAsvMBxCrQKZRNGdn46Q1hpVZwE9dF2gfk
mgHbaALlng9LNasS7jglnQHWhb2bI5zzSQzkDT8hlLzT5u7tok/s18QyFZUNDiDk
Njf0ujTOAbHUxc4qaaIcH8u37P6A5XnC6BWr9iuR6ZPx6oO1n5DI3ByPrKhNKqqj
Toms7zaghn+f+wWAZg9q2iPbSNCtT8379Up8pnTsN+Yt5PyLSmvPD8CiONOkFc2R
+D4PZaGAH7uzjXaqHD9IT4nMERokyhAal+eTn1cCyKatKeyooDBjowAmzgr2mCAo
+2tVERQCLqE/kp5wRHpOeF69EqzeSaLWiBP6aeN+A2WMEVuBdoZkXgsxtzbvGgh8
kzn3EqmcDo53GK38qRtEDRzLr+qPSKa+7GFTTUmrPjeWHElI4qn8DyhECN/9Iq+8
L7A2MAqcEqy3OzDimI8j
=aqKI
-----END PGP SIGNATURE-----

--qMm9M+Fa2AknHoGS--

--===============0358008955756592640==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============0358008955756592640==--