Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Linux (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Linux (Aktualisierung)
ID: USN-3420-2
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 LTS
Datum: Di, 19. September 2017, 07:20
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10663
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12762
Update von: Mehrere Probleme in Linux

Originalnachricht


--===============0641588107932826452==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="pgipowfjoefnvv3o"
Content-Disposition: inline


--pgipowfjoefnvv3o
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-3420-2
September 18, 2017

linux-lts-xenial vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

USN-3420-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.

It was discovered that a buffer overflow existed in the Bluetooth stack of
the Linux kernel when handling L2CAP configuration responses. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2017-1000251)

It was discovered that the Flash-Friendly File System (f2fs) implementation
in the Linux kernel did not properly validate superblock metadata. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-10663)

It was discovered that a buffer overflow existed in the ioctl handling code
in the ISDN subsystem of the Linux kernel. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-12762)

Pengfei Wang discovered that a race condition existed in the NXP SAA7164 TV
Decoder driver for the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-8831)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-4.4.0-96-generic 4.4.0-96.119~14.04.1
linux-image-4.4.0-96-generic-lpae 4.4.0-96.119~14.04.1
linux-image-4.4.0-96-lowlatency 4.4.0-96.119~14.04.1
linux-image-4.4.0-96-powerpc-e500mc 4.4.0-96.119~14.04.1
linux-image-4.4.0-96-powerpc-smp 4.4.0-96.119~14.04.1
linux-image-4.4.0-96-powerpc64-emb 4.4.0-96.119~14.04.1
linux-image-4.4.0-96-powerpc64-smp 4.4.0-96.119~14.04.1
linux-image-generic-lpae-lts-xenial 4.4.0.96.80
linux-image-generic-lts-xenial 4.4.0.96.80
linux-image-lowlatency-lts-xenial 4.4.0.96.80
linux-image-powerpc-e500mc-lts-xenial 4.4.0.96.80
linux-image-powerpc-smp-lts-xenial 4.4.0.96.80
linux-image-powerpc64-emb-lts-xenial 4.4.0.96.80
linux-image-powerpc64-smp-lts-xenial 4.4.0.96.80

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://www.ubuntu.com/usn/usn-3420-2
https://www.ubuntu.com/usn/usn-3420-1
CVE-2017-1000251, CVE-2017-10663, CVE-2017-12762, CVE-2017-8831

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-96.119~14.04.1


--pgipowfjoefnvv3o
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIcBAABCgAGBQJZwFk9AAoJEC8Jno0AXoH0nLwP/jyFPKgNXDsKUQKvIvzVWjBz
J5EF9c276Coa2oXz6WpaWYokFHuP9aPHPRSnOwe0rEcPfWE3yF1pqR8mKJDS+uQl
VUlXRFtJYzohnMS0gnaEN2l+lgv9mmiuYPiN3lzflor8CaTSs4MSbvtys6tz0XaX
ojLmpeslPhMJDD4had9dPk8Kr07JLc7TrO1M86Ktkw8WN1lflJcdDsIXLtjqNOL+
vT6aUiJZ3Tl2shM3pwjVRy0oCkmdMXMFC0vM81KLUG+wn+gU70tdqJBcxIp3ohvH
F1xBuBjTxg8KihaX2qFhU9vQx7kNmkdQuxQ9VohYk8uo/enFmedo6ABzPb+ghNa8
FfPRrzdOGZ1LEw13HmAloFXUKFIqfDDmDFIYLLScIn3yDqoihARRtn2JnyKjQBYF
OiARUiWiYC8XRr5ZTASP0/Dta0esE9Ik0BEPOI5FGsMLiiSuH4UqhVpKVjgcSBKS
2r0jEodIdwJZgsdz7bxF48uLkJxU2K2+KbBC1mPCIJ1DaPLpeBz2akOT2Fo+Ynd3
E5DxpVR1y/o95yyOfu1HZ9g5VoRkuzg/BEhfkohKNME21S5iwqZIndZR6KZ0IZ1S
st+YsyQ2f46GmA9KQyhYE0bS3RoQ/bSrfMDh/akBa7sNI4q6h3LfYB+NQlU0h/hX
C5hRaw66WoYr6snj4+Gj
=Ce0l
-----END PGP SIGNATURE-----

--pgipowfjoefnvv3o--


--===============0641588107932826452==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung