Login


 
Newsletter
Werbung
Sicherheit: Mehrere Probleme in Linux
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Linux
ID: USN-1212-1
Distribution: Ubuntu
Plattformen: Ubuntu 11.04
Datum: Mi, 21. September 2011, 16:36
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1581
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1745
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2918

Originalnachricht


--===============0324398476673019581==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-l2RdYShdT0kZuz9ItA/W"


--=-l2RdYShdT0kZuz9ItA/W
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1212-1
September 21, 2011

linux-ti-omap4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04

Summary:

Multiple kernel flaws have been fixed.

Software Description:
- linux-ti-omap4: Linux kernel for OMAP4

Details:

Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly
clear memory when writing certain file holes. A local attacker could
exploit this to read uninitialized data from the disk, leading to a loss of
privacy. (CVE-2011-0463)

Timo Warns discovered that the LDM disk partition handling code did not
correctly handle certain values. By inserting a specially crafted disk
device, a local attacker could exploit this to gain root privileges.
(CVE-2011-1017)

It was discovered that the /proc filesystem did not correctly handle
permission changes when programs executed. A local attacker could hold open
files to examine details about programs running with higher privileges,
potentially increasing the chances of exploiting additional
vulnerabilities. (CVE-2011-1020)

Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear
memory. A local attacker could exploit this to read kernel stack memory,
leading to a loss of privacy. (CVE-2011-1078)

Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check
that device name strings were NULL terminated. A local attacker could
exploit this to crash the system, leading to a denial of service, or leak
contents of kernel stack memory, leading to a loss of privacy.
(CVE-2011-1079)

Vasiliy Kulikov discovered that bridge network filtering did not check that
name fields were NULL terminated. A local attacker could exploit this to
leak contents of kernel stack memory, leading to a loss of privacy.
(CVE-2011-1080)

Peter Huewe discovered that the TPM device did not correctly initialize
memory. A local attacker could exploit this to read kernel heap memory
contents, leading to a loss of privacy. (CVE-2011-1160)

Vasiliy Kulikov discovered that the netfilter code did not check certain
strings copied from userspace. A local attacker with netfilter access could
exploit this to read kernel memory or crash the system, leading to a denial
of service. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534)

Vasiliy Kulikov discovered that the Acorn Universal Networking driver did
not correctly initialize memory. A remote attacker could send specially
crafted traffic to read kernel stack memory, leading to a loss of privacy.
(CVE-2011-1173)

Dan Rosenberg discovered that the IRDA subsystem did not correctly check
certain field sizes. If a system was using IRDA, a remote attacker could
send specially crafted traffic to crash the system or gain root privileges.
(CVE-2011-1180)

Julien Tinnes discovered that the kernel did not correctly validate the
signal structure from tkill(). A local attacker could exploit this to send
signals to arbitrary threads, possibly bypassing expected restrictions.
(CVE-2011-1182)

Dan Rosenberg discovered that the X.25 Rose network stack did not correctly
handle certain fields. If a system was running with Rose enabled, a remote
attacker could send specially crafted traffic to gain root privileges.
(CVE-2011-1493)

Dan Rosenberg discovered that MPT devices did not correctly validate
certain values in ioctl calls. If these drivers were loaded, a local
attacker could exploit this to read arbitrary kernel memory, leading to a
loss of privacy. (CVE-2011-1494, CVE-2011-1495)

Timo Warns discovered that the GUID partition parsing routines did not
correctly validate certain structures. A local attacker with physical
access could plug in a specially crafted block device to crash the system,
leading to a denial of service. (CVE-2011-1577)

Phil Oester discovered that the network bonding system did not correctly
handle large queues. On some systems, a remote attacker could send
specially crafted traffic to crash the system, leading to a denial of
service. (CVE-2011-1581)

Tavis Ormandy discovered that the pidmap function did not correctly handle
large requests. A local attacker could exploit this to crash the system,
leading to a denial of service. (CVE-2011-1593)

Oliver Hartkopp and Dave Jones discovered that the CAN network driver did
not correctly validate certain socket structures. If this driver was
loaded, a local attacker could crash the system, leading to a denial of
service. (CVE-2011-1598, CVE-2011-1748)

Vasiliy Kulikov discovered that the AGP driver did not check certain ioctl
values. A local attacker with access to the video subsystem could exploit
this to crash the system, leading to a denial of service, or possibly gain
root privileges. (CVE-2011-1745, CVE-2011-2022)

Vasiliy Kulikov discovered that the AGP driver did not check the size of
certain memory allocations. A local attacker with access to the video
subsystem could exploit this to run the system out of memory, leading to a
denial of service. (CVE-2011-1746)

Dan Rosenberg discovered that the DCCP stack did not correctly handle
certain packet structures. A remote attacker could exploit this to crash
the system, leading to a denial of service. (CVE-2011-1770)

Ben Greear discovered that CIFS did not correctly handle direct I/O. A
local attacker with access to a CIFS partition could exploit this to crash
the system, leading to a denial of service. (CVE-2011-1771)

Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not
correctly check the origin of mount points. A local attacker could exploit
this to trick the system into unmounting arbitrary mount points, leading to
a denial of service. (CVE-2011-1833)

Vasiliy Kulikov discovered that taskstats listeners were not correctly
handled. A local attacker could expoit this to exhaust memory and CPU
resources, leading to a denial of service. (CVE-2011-2484)

It was discovered that Bluetooth l2cap and rfcomm did not correctly
initialize structures. A local attacker could exploit this to read portions
of the kernel stack, leading to a loss of privacy. (CVE-2011-2492)

Sami Liedes discovered that ext4 did not correctly handle missing root
inodes. A local attacker could trigger the mount of a specially crafted
filesystem to cause the system to crash, leading to a denial of service.
(CVE-2011-2493)

It was discovered that GFS2 did not correctly check block sizes. A local
attacker could exploit this to crash the system, leading to a denial of
service. (CVE-2011-2689)

Fernando Gont discovered that the IPv6 stack used predictable fragment
identification numbers. A remote attacker could exploit this to exhaust
network resources, leading to a denial of service. (CVE-2011-2699)

The performance counter subsystem did not correctly handle certain
counters. A local attacker could exploit this to crash the system, leading
to a denial of service. (CVE-2011-2918)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
linux-image-2.6.38-1209-omap4 2.6.38-1209.15

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1212-1
CVE-2011-0463, CVE-2011-1017, CVE-2011-1020, CVE-2011-1078,
CVE-2011-1079, CVE-2011-1080, CVE-2011-1160, CVE-2011-1170,
CVE-2011-1171, CVE-2011-1172, CVE-2011-1173, CVE-2011-1180,
CVE-2011-1182, CVE-2011-1493, CVE-2011-1494, CVE-2011-1495,
CVE-2011-1577, CVE-2011-1581, CVE-2011-1593, CVE-2011-1598,
CVE-2011-1745, CVE-2011-1746, CVE-2011-1748, CVE-2011-1770,
CVE-2011-1771, CVE-2011-1833, CVE-2011-2022, CVE-2011-2484,
CVE-2011-2492, CVE-2011-2493, CVE-2011-2534, CVE-2011-2689,
CVE-2011-2699, CVE-2011-2918

Package Information:
https://launchpad.net/ubuntu/+source/linux-ti-omap4/2.6.38-1209.15



--Õ2RdYShdT0kZuz9ItA/W
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABCgAGBQJOed72AAoJEGVp2FWnRL6THUEP/iJGGSk6lqqBXlEEX+BOJL3x
cM3ecATGK+0/vDckKiOOnFGRY7e0KQtVj+tcEt+b7LnerpPoEZVcQHliTN+tPeqS
VOrAQM4iA0yhKCVigFgbGBQhU4y9RgHNNeh/AYJV52lOY/KXwhFz8TUJuan4ZK9l
S3tC3FQWUsFvsQTqDJc/nUg8CUjJs58WwD+RNCGPOr1cnMptvi3hXMd5JrXFGrby
9gLT5bivCIrbf3x9au5kSrJIrIHJtzJF6CNOw6ZMjo4p3GtPLiSHukSoPZw0O+HZ
Jhsv2Eiv9SxcQ2BJXGgfndnnzZZpBdSq0Y/5vT5Tek4p/1xWvIlIerDKNNctLL+y
3LF4ruaW81dEpyIrV7UwwfCImctZhFDBqgriaBPuEj3GJjCTqoSnuQkeI55bP4Lw
6wRvkKmzm0U+b6+AaD3pbT6sek4edJ4DGzOY2sOnZ8R7e/i3hhNeudHeib014Xqo
a+4cU0YMdGiMm5YUzLBt6kbIUvXOo8LKTLq/wtX+iVHg0so5jhWULSD/utlSkhWc
9C3LqRaTSISD69V/EQ8zDjauOxkWpvobGXz4bdefmbTU/IzuBL788Y5P4Id52DY3
+9hhknSylB3V32a2EB6Fd2XgeC4SaDB3a0q22hoOKiqD3zBpDNF3siEb7dnpT6El
OMn7xXt1xyfDHLtAjy5z
=8RW1
-----END PGP SIGNATURE-----

--=-l2RdYShdT0kZuz9ItA/W--



--===============0324398476673019581==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============0324398476673019581==--
Pro-Linux
Frohe Ostern
Neue Nachrichten
Werbung