drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Linux
Name: |
Mehrere Probleme in Linux |
|
ID: |
USN-2691-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 15.04 |
|
Datum: |
Di, 28. Juli 2015, 12:01 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5157 |
|
Applikationen: |
Linux |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============4888572192764370134== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="utaXFduWM8sSo7AaGhD45vPN7IBdibU6C"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --utaXFduWM8sSo7AaGhD45vPN7IBdibU6C Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2691-1 July 28, 2015
linux vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
Summary:
Several security issues were fixed in the kernel.
Software Description: - linux: Linux kernel
Details:
Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. (CVE-2015-3290)
Colin King discovered a flaw in the add_key function of the Linux kernel's keyring subsystem. A local user could exploit this flaw to cause a denial of service (memory exhaustion). (CVE-2015-1333)
Andy Lutomirski discovered a flaw that allows user to cause the Linux kernel to ignore some NMIs (non-maskable interrupts). A local unprivileged user could exploit this flaw to potentially cause the system to miss important NMIs resulting in unspecified effects. (CVE-2015-3291)
Andy Lutomirski and Petr Matousek discovered that an NMI (non-maskable interrupt) that interrupts userspace and encounters an IRET fault is incorrectly handled by the Linux kernel. An unprivileged local user could exploit this flaw to cause a denial of service (kernel OOPs), corruption, or potentially escalate privileges on the system. (CVE-2015-5157)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.04: linux-image-3.19.0-25-generic 3.19.0-25.26 linux-image-3.19.0-25-generic-lpae 3.19.0-25.26 linux-image-3.19.0-25-lowlatency 3.19.0-25.26 linux-image-3.19.0-25-powerpc-e500mc 3.19.0-25.26 linux-image-3.19.0-25-powerpc-smp 3.19.0-25.26 linux-image-3.19.0-25-powerpc64-emb 3.19.0-25.26 linux-image-3.19.0-25-powerpc64-smp 3.19.0-25.26
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: http://www.ubuntu.com/usn/usn-2691-1 CVE-2015-1333, CVE-2015-3290, CVE-2015-3291, CVE-2015-5157
Package Information: https://launchpad.net/ubuntu/+source/linux/3.19.0-25.26
--utaXFduWM8sSo7AaGhD45vPN7IBdibU6C Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJVt0pMAAoJEAUvNnAY1cPYdK4P/0il6XKeIX2IzEsydOYT4RdR hwFZl6/6oESO2tgWawCB6NPWAnPryJDjQwKSgXu+TSLjX5wDbX3MDEw2moYIw9NM NB1YWeUJ+CUq7rw0cfdGNUESaaSWJ6soIoJfl7PMjCj90LvoDnmu5CqMje7Rv8Tt ax8rFKU5MPdaCf6/GYz6kT29JhjQLGxQyA0g1+XJ/49n47imN4wYI+1QAYsG15F/ hPmgBJJXhGb8mq745RcPslA0OqXddvCzAuWQwMkyxJaEq8xCXTnQb9XFaoAAn3Zw 73XhmOgiv0SXyPpfdgF8R5J80Uwdk6CTgFvNxF6d8f/c7y6/xHQreJWJKNDdthsY iCnuobI8aOVV0obbz54E/f6xsrnipZQChPTcPts+TRIuTwYN8wf7KYAhePp9qhiA ga4931NBOSqjXxY4ibFxmx3K5xmLBR954DMiVyPNBHfRKCCWMJfMUVyE5fl9Cx1j c15qRtgdAGmkIcmhU/EBmfvaKH9d0i8DQLA7r0lj5RKgVEcfqi3uU763jlFqgbfw oblqsy6IKtCoS6gZlo3561Yh0l+bMyW3QfKIo9pCYM7J3BATxN/E02dDIVoYc6+H dHA0VITN/fvBO26SKmnuA6CNVJRsAFBXHh8sCNCRx8qhpvGIxqvH4SKZXAlncqOb 8+RvhXQhPtZemWdz6OYv =Spy7 -----END PGP SIGNATURE-----
--utaXFduWM8sSo7AaGhD45vPN7IBdibU6C--
--===============4888572192764370134== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============4888572192764370134==--
|
|
|
|