Sicherheit: Mehrere Probleme in Linux

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============4927594367185254107==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="------------enig9FAB3809515DE2B82746D6AE"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig9FAB3809515DE2B82746D6AE
Content-Type: multipart/mixed;
boundary="------------020405060703060003020508"

This is a multi-part message in MIME format.
--------------020405060703060003020508
Content-Type: text/plain; charset=ISO-8859-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1774-1
March 21, 2013

linux-ti-omap4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-ti-omap4: Linux kernel for OMAP4

Details:

Andrew Cooper of Citrix reported a Xen stack corruption in the Linux
kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest
kernel to crash, or operate erroneously. (CVE-2013-0190)

A failure to validate input was discovered in the Linux kernel's Xen
netback (network backend) driver. A user in a guest OS may exploit this
flaw to cause a denial of service to the guest OS and other guest domains.
(CVE-2013-0216)

A memory leak was discovered in the Linux kernel's Xen netback (network
backend) driver. A user in a guest OS could trigger this flaw to cause a
denial of service on the system. (CVE-2013-0217)

A flaw was discovered in the Linux kernel Xen PCI backend driver. If a PCI
device is assigned to the guest OS, the guest OS could exploit this flaw to
cause a denial of service on the host. (CVE-2013-0231)

Tommi Rantala discovered a flaw in the a flaw the Linux kernels handling of
datagrams packets when the MSG_PEEK flag is specified. An unprivileged
local user could exploit this flaw to cause a denial of service (system
hang). (CVE-2013-0290)

A flaw was discovered in the Linux kernel's vhost driver used to accelerate
guest networking in KVM based virtual machines. A privileged guest user
could exploit this flaw to crash the host system. (CVE-2013-0311)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
linux-image-3.5.0-221-omap4 3.5.0-221.31

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-1774-1
CVE-2013-0190, CVE-2013-0216, CVE-2013-0217, CVE-2013-0231,
CVE-2013-0290, CVE-2013-0311

Package Information:
https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.5.0-221.31

--------------020405060703060003020508
Content-Type: text/plain; charset=UTF-8;
name="Attached Message Part"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="Attached Message Part"

--------------020405060703060003020508--

--------------enig9FAB3809515DE2B82746D6AE
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRSwfRAAoJEAUvNnAY1cPYx+gP/2/HqsgxS+1ZAIqQIa5NwLAy
mifXYDXxSWaBR+XiBPdZN3RK3voQsptEVc8+AexM7jTlq707QdsCvCbk5+pk8Z1A
pG8q+nGJe8EXkpcGp/L5CUJzfG9KuArWFYcUE2nuOVbFnLRlizUxmtuCDwAm+0FO
yDj364PkKupWxDc21w1gGKkIVAkSH1TQ0OzC3a0vsTfbTh8od489OlbR+fipg+k7
0x9lgrUSxb9UUqb2Hy8M0I7d0+Wp7C9igjS+l0v+M9wDWx8HtpIlGsuZcj4YWHpu
c7StWsulhgXCkEI/m5E1QblGGqoUqzMRC5ZeiAjtZLpwQByQRIS1yxCAFLmm1nc1
hSxdxPDh2y3CTw7u2KAfAxbEr4T885BqdBkK/ikdesYg0ePKvcQ59se7A6+sT+wL
yfXqdS4oIkKrTzvTyboxosVapMZqN5F5MCTAw5L0CRk3XeZA6sTLuJKjXviH4bRQ
kqrk065yB67O5LmsclskhRyyls1VIzejFDGSf9RMRFjlrhqo2FcFK00f2hkYiOL+
yDxUPTTOk/bpvmCF7pb1PHLHmGmQu7+gE2hULyazRhpJ5qQ81IrxIrKqUtDdSYZb
kQX3plimRnuFOXWeEOCsKKnyakO9tiRmA3koZ1J6xJDS8O6o6juvK2pNNc7f6I5G
OZWyMyi8ROQTLlB1jRet
=AtJr
-----END PGP SIGNATURE-----

--------------enig9FAB3809515DE2B82746D6AE--

--===============4927594367185254107==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============4927594367185254107==--