drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Linux
Name: |
Mehrere Probleme in Linux |
|
ID: |
USN-3343-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS |
|
Datum: |
Do, 29. Juni 2017, 14:22 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076 |
|
Applikationen: |
Linux |
|
Originalnachricht |
--===============8996453136571040980== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="TKYYegg/GYAC5JIZ" Content-Disposition: inline
--TKYYegg/GYAC5JIZ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-3343-1 June 29, 2017
linux vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux: Linux kernel
Details:
USN 3335-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience.
It was discovered that a use-after-free vulnerability in the core voltage regulator driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2014-9940)
It was discovered that a buffer overflow existed in the trace subsystem in the Linux kernel. A privileged local attacker could use this to execute arbitrary code. (CVE-2017-0605)
Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)
Li Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMWare devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7294)
It was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)
Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)
Andrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems. (CVE-2017-9075)
It was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9076)
It was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)
It was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: linux-image-3.13.0-123-generic 3.13.0-123.172 linux-image-3.13.0-123-generic-lpae 3.13.0-123.172 linux-image-3.13.0-123-lowlatency 3.13.0-123.172 linux-image-3.13.0-123-powerpc-e500 3.13.0-123.172 linux-image-3.13.0-123-powerpc-e500mc 3.13.0-123.172 linux-image-3.13.0-123-powerpc-smp 3.13.0-123.172 linux-image-3.13.0-123-powerpc64-emb 3.13.0-123.172 linux-image-3.13.0-123-powerpc64-smp 3.13.0-123.172 linux-image-generic 3.13.0.123.133 linux-image-generic-lpae 3.13.0.123.133 linux-image-lowlatency 3.13.0.123.133 linux-image-powerpc-e500 3.13.0.123.133 linux-image-powerpc-e500mc 3.13.0.123.133 linux-image-powerpc-smp 3.13.0.123.133 linux-image-powerpc64-emb 3.13.0.123.133 linux-image-powerpc64-smp 3.13.0.123.133
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://www.ubuntu.com/usn/usn-3343-1 https://www.ubuntu.com/usn/usn-3335-1 https://launchpad.net/bugs/1699772 CVE-2014-9940, CVE-2017-0605, CVE-2017-1000363, CVE-2017-7294, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242
Package Information: https://launchpad.net/ubuntu/+source/linux/3.13.0-123.172
--TKYYegg/GYAC5JIZ Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJZVLTOAAoJEC8Jno0AXoH0UEsP/2Fk0PXOXe7KO7hjE/Y83Jdy eNNxz0izvFfs9XLWI3wKDZyzX+GD039iACGs9K7fzYfB5hywKddmCiqJyo7Djoqk 5Ih+NO9zKdTUHfmzc/d9awMi83PDKAusS4GHmGTHIHZze0WEYJkfv6lZ3EeLWkG/ OqFd3AtiRlIwFsCsApEF3h85m58JePCfxexleO9hgFZQGe5PbWwLpUIzMtkpUqMg aOxBgHihnSH8IoaBpRRVVD0SwIojqlwYrrWcyadNvRFVjVYP7ihQR9a1PVSvZ6zQ vqx9sJ6THL8sYOQia0WMONvA9sBV/po/0+u/9xHYSzXU7a1UMoxyyfd79jnT6oKt 3zjkN5veS3ZU4RdAVtV80bclfJaAh1DzFCP9NyjgZtsRQh96vJmsJ3TaIpSjyvgi lca8bUn8TSh0VFFGp2i94UScsA1j5+H3FFgPf0jh5khmCyTsPDIu6V7+6nds76y9 /DXlou5IsZjne6Jl0Eyj2j8yhkUPsH11AVZJ3v0AzFg0tKeWDz234on65dMSMNyg w59E7qCDvhL33MZXuU41/tKb78YnU/EtY+XFkSDYELYJ5yAuHkmQ73ZLhFDDdpux 15vbuXOfLm1fYA+1G5jXiXoFinB+ymNXp2z6TeJwxiU2IN3mlHpffdWqaqoQ9pf5 8yIqrus8+Gmuj7bnFakj =5457 -----END PGP SIGNATURE-----
--TKYYegg/GYAC5JIZ--
--===============8996453136571040980== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============8996453136571040980==--
|
|
|
|