Login


 
Newsletter
Werbung
Sicherheit: Mehrere Probleme in Linux
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Linux
ID: USN-1390-1
Distribution: Ubuntu
Plattformen: Ubuntu 8.04 LTS
Datum: Di, 6. März 2012, 22:45
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0028

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============5331054609025982098==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="------------enigA00660403A82665AFD6E54DE"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigA00660403A82665AFD6E54DE
Content-Type: multipart/mixed;
boundary="------------060800020502030703040500"

This is a multi-part message in MIME format.
--------------060800020502030703040500
Content-Type: text/plain; charset=ISO-8859-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1390-1
March 06, 2012

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 8.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

Dan Rosenberg reported errors in the OSS (Open Sound System) MIDI
interface. A local attacker on non-x86 systems might be able to cause a
denial of service. (CVE-2011-1476)

Dan Rosenberg reported errors in the kernel's OSS (Open Sound System)
driver for Yamaha FM synthesizer chips. A local user can exploit this to
cause memory corruption, causing a denial of service or privilege
escalation. (CVE-2011-1477)

Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM
partitions. A local user could exploit this to cause a denial of service or
escalate privileges. (CVE-2011-2182)

A flaw was discovered in the Linux kernel's NFSv4 (Network File System
version 4) file system. A local, unprivileged user could use this flaw to
cause a denial of service by creating a file in a NFSv4 filesystem.
(CVE-2011-4324)

A flaw was found in how the linux kernel handles user-space held futexs. An
unprivileged user could exploit this flaw to cause a denial of service or
possibly elevate privileges. (CVE-2012-0028)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 8.04 LTS:
linux-image-2.6.24-31-386 2.6.24-31.99
linux-image-2.6.24-31-generic 2.6.24-31.99
linux-image-2.6.24-31-hppa32 2.6.24-31.99
linux-image-2.6.24-31-hppa64 2.6.24-31.99
linux-image-2.6.24-31-itanium 2.6.24-31.99
linux-image-2.6.24-31-lpia 2.6.24-31.99
linux-image-2.6.24-31-lpiacompat 2.6.24-31.99
linux-image-2.6.24-31-mckinley 2.6.24-31.99
linux-image-2.6.24-31-openvz 2.6.24-31.99
linux-image-2.6.24-31-powerpc 2.6.24-31.99
linux-image-2.6.24-31-powerpc-smp 2.6.24-31.99
linux-image-2.6.24-31-powerpc64-smp 2.6.24-31.99
linux-image-2.6.24-31-rt 2.6.24-31.99
linux-image-2.6.24-31-server 2.6.24-31.99
linux-image-2.6.24-31-sparc64 2.6.24-31.99
linux-image-2.6.24-31-sparc64-smp 2.6.24-31.99
linux-image-2.6.24-31-virtual 2.6.24-31.99
linux-image-2.6.24-31-xen 2.6.24-31.99

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-1390-1
CVE-2011-1476, CVE-2011-1477, CVE-2011-2182, CVE-2011-4324,
CVE-2012-0028

Package Information:
https://launchpad.net/ubuntu/+source/linux/2.6.24-31.99


--------------060800020502030703040500
Content-Type: text/plain; charset=UTF-8;
name="Attached Message Part"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="Attached Message Part"


--------------060800020502030703040500--

--------------enigA00660403A82665AFD6E54DE
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCgAGBQJPVmbsAAoJEAUvNnAY1cPYyCoP/2oOSj16oxtVeK4pewpje+ki
9W3QLRs4xw/G5ONryU0NawSHD57IUglyArP1kPA02AFDW284Rqqsu/Y5Nk+kJVSc
JbPz9Rm5sWWrO5XbfuMbNp9bXJNa8khsaiRHxOjpscya1TBcPviL5FTySnhZ5r4P
wYvloBL8gSIpQLlFK8GPu6S40AL3X0hBrIF9DBm+uk08fVmlNlSF0Py3ZNTssJaK
RIElgtPufuv73z6+CwpVxceW+1Bb36yJQZUCTml+MUOrycmin7oAjj8mHOzpLx8+
6ObcMkQWpnLEqb2g8PFkJ3GxV+fGt0/w504hdextLfeigPbxiTW3LF4ohJ+50hAJ
RDbMd/kRY8kCCmpfHFzLRc9otj2Nk6GQP2MQP6wmY84PAKqmZR3Rl1SwopoLWWqG
E/O03dAm9L9RJfS6fkxYB6oDuO/g9+c5qhagvj0CXtOp0Mm+pRuzn9C/aGydh03r
jTNGGmr3faEk5tlJe6gpdoGh0tlWZ7SnCMbfZPCA2OO6jg7nkrTR1VlvMS0gA7xk
K6jLE331rVb2Cbzqqd554cuEOgDV8XR0ADYY5jiMHtWdC2glQU32drl6RSf1+rKc
RqIN+zr66KOK35oEWcoJQnWl8bveBv+44A6ElGa1S/H4G+kBbMes/Tz7nMNwSQ0F
uzJMl/yvOqYzvVC7LL3m
=mpn/
-----END PGP SIGNATURE-----

--------------enigA00660403A82665AFD6E54DE--


--===============5331054609025982098==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============5331054609025982098==--
Pro-Linux
Forum
Neue Nachrichten
Werbung