Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in Linux (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Linux (Aktualisierung)
ID: USN-3169-2
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 LTS
Datum: Mi, 11. Januar 2017, 11:54
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9793
Applikationen: Linux
Update von: Mehrere Probleme in Linux

Originalnachricht

 

--===============2094734160052827450==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature";
 boundary="1Ow488MNN9B9o/ov"
Content-Disposition: inline


--1Ow488MNN9B9o/ov
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-3169-2
January 11, 2017

linux-lts-xenial vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

USN-3169-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel
did not properly initialize the Code Segment (CS) in certain error cases. A
local attacker could use this to expose sensitive information (kernel
memory). (CVE-2016-9756)

Andrey Konovalov discovered that signed integer overflows existed in the
setsockopt() system call when handling the SO_SNDBUFFORCE and
SO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability
could use this to cause a denial of service (system crash or memory
corruption). (CVE-2016-9793)

Baozeng Ding discovered a race condition that could lead to a use-after-
free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash). (CVE-2016-9794)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  linux-image-4.4.0-59-generic    4.4.0-59.80~14.04.1
  linux-image-4.4.0-59-generic-lpae  4.4.0-59.80~14.04.1
  linux-image-4.4.0-59-lowlatency  4.4.0-59.80~14.04.1
  linux-image-4.4.0-59-powerpc-e500mc  4.4.0-59.80~14.04.1
  linux-image-4.4.0-59-powerpc-smp  4.4.0-59.80~14.04.1
  linux-image-4.4.0-59-powerpc64-emb  4.4.0-59.80~14.04.1
  linux-image-4.4.0-59-powerpc64-smp  4.4.0-59.80~14.04.1
  linux-image-generic-lpae-lts-xenial  4.4.0.59.46
  linux-image-generic-lts-xenial  4.4.0.59.46
  linux-image-lowlatency-lts-xenial  4.4.0.59.46
  linux-image-powerpc-e500mc-lts-xenial  4.4.0.59.46
  linux-image-powerpc-smp-lts-xenial  4.4.0.59.46
  linux-image-powerpc64-emb-lts-xenial  4.4.0.59.46
  linux-image-powerpc64-smp-lts-xenial  4.4.0.59.46

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  http://www.ubuntu.com/usn/usn-3169-2
  http://www.ubuntu.com/usn/usn-3169-1
  CVE-2016-9756, CVE-2016-9793, CVE-2016-9794

Package Information:
  https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-59.80~14.04.1


--1Ow488MNN9B9o/ov
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJYdfoKAAoJEC8Jno0AXoH0u0QP/2bmK/L19dJhUFi1cEneqHGy
8iGxMGDhd0YIEtvlL0RWua5QQaE5cwMIDDtENrqH1HXxToQwx09Zht+JU855yjrc
aSOdOY/fAcpH61TdshgCCaJv8lLi3ITg9IAsCwymu4ZCPPkQhUPY/LaKquqRLctm
LMaKCw8Tzn8nTJVVPDpOD9uGWSwr7u4uXKTpBbWiYHmVVeSoshD1OxvpKO21kYdo
Y7uVNsnEXpxzz7HbML41s+d2qCuXLed4FJ4hCERj1FeDXC3+qbrcPZJIn+qxrZxQ
hByJCWQzR7W0iigk8cPCm8OoBoMKJKUzJs2OBzLCEZMnrsoGH8ZA34e1SR+gjHmi
G8C0U6CDU2zzHyfBnjuaX1XJmd5vQyv79rPEach/tnUB2oXad0WiTV1pbRFHL6kY
v+2fLgGl7pTRRqOVIqP0a0GZ+VtVlQ7Bq+Bs7Vo9JkryR6W3aRZAYs5sUDf4GZP2
B4Hu93dDgJnpwI0hRgsUAUJ54UTbroIj2fX8IlT5MH1ifES8EgJCenf+MNWVBk99
Szn/TzcVsGkgG4uBJlqY54Mq3TTlH8A7Lg+vugZwkagkoHnXqhTFs+Vuh6CYm7CU
PM+CMz55rosu6sWtDOlYif5syD0Fq9aI+t8mQe7dRwSUyA7OxBR3+S7gv3DbOdNI
kwkgDjM1Dv33nbnIlTbI
=HpDC
-----END PGP SIGNATURE-----

--1Ow488MNN9B9o/ov--


--===============2094734160052827450==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============2094734160052827450==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung