drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Linux (Aktualisierung)
Name: |
Mehrere Probleme in Linux (Aktualisierung) |
|
ID: |
USN-3420-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS |
|
Datum: |
Di, 19. September 2017, 07:20 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10663
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12762 |
|
Applikationen: |
Linux |
|
Update von: |
Mehrere Probleme in Linux |
|
Originalnachricht |
--===============0641588107932826452== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="pgipowfjoefnvv3o" Content-Disposition: inline
--pgipowfjoefnvv3o Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-3420-2 September 18, 2017
linux-lts-xenial vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
USN-3420-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.
It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251)
It was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-10663)
It was discovered that a buffer overflow existed in the ioctl handling code in the ISDN subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-12762)
Pengfei Wang discovered that a race condition existed in the NXP SAA7164 TV Decoder driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-8831)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: linux-image-4.4.0-96-generic 4.4.0-96.119~14.04.1 linux-image-4.4.0-96-generic-lpae 4.4.0-96.119~14.04.1 linux-image-4.4.0-96-lowlatency 4.4.0-96.119~14.04.1 linux-image-4.4.0-96-powerpc-e500mc 4.4.0-96.119~14.04.1 linux-image-4.4.0-96-powerpc-smp 4.4.0-96.119~14.04.1 linux-image-4.4.0-96-powerpc64-emb 4.4.0-96.119~14.04.1 linux-image-4.4.0-96-powerpc64-smp 4.4.0-96.119~14.04.1 linux-image-generic-lpae-lts-xenial 4.4.0.96.80 linux-image-generic-lts-xenial 4.4.0.96.80 linux-image-lowlatency-lts-xenial 4.4.0.96.80 linux-image-powerpc-e500mc-lts-xenial 4.4.0.96.80 linux-image-powerpc-smp-lts-xenial 4.4.0.96.80 linux-image-powerpc64-emb-lts-xenial 4.4.0.96.80 linux-image-powerpc64-smp-lts-xenial 4.4.0.96.80
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://www.ubuntu.com/usn/usn-3420-2 https://www.ubuntu.com/usn/usn-3420-1 CVE-2017-1000251, CVE-2017-10663, CVE-2017-12762, CVE-2017-8831
Package Information: https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-96.119~14.04.1
--pgipowfjoefnvv3o Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIcBAABCgAGBQJZwFk9AAoJEC8Jno0AXoH0nLwP/jyFPKgNXDsKUQKvIvzVWjBz J5EF9c276Coa2oXz6WpaWYokFHuP9aPHPRSnOwe0rEcPfWE3yF1pqR8mKJDS+uQl VUlXRFtJYzohnMS0gnaEN2l+lgv9mmiuYPiN3lzflor8CaTSs4MSbvtys6tz0XaX ojLmpeslPhMJDD4had9dPk8Kr07JLc7TrO1M86Ktkw8WN1lflJcdDsIXLtjqNOL+ vT6aUiJZ3Tl2shM3pwjVRy0oCkmdMXMFC0vM81KLUG+wn+gU70tdqJBcxIp3ohvH F1xBuBjTxg8KihaX2qFhU9vQx7kNmkdQuxQ9VohYk8uo/enFmedo6ABzPb+ghNa8 FfPRrzdOGZ1LEw13HmAloFXUKFIqfDDmDFIYLLScIn3yDqoihARRtn2JnyKjQBYF OiARUiWiYC8XRr5ZTASP0/Dta0esE9Ik0BEPOI5FGsMLiiSuH4UqhVpKVjgcSBKS 2r0jEodIdwJZgsdz7bxF48uLkJxU2K2+KbBC1mPCIJ1DaPLpeBz2akOT2Fo+Ynd3 E5DxpVR1y/o95yyOfu1HZ9g5VoRkuzg/BEhfkohKNME21S5iwqZIndZR6KZ0IZ1S st+YsyQ2f46GmA9KQyhYE0bS3RoQ/bSrfMDh/akBa7sNI4q6h3LfYB+NQlU0h/hX C5hRaw66WoYr6snj4+Gj =Ce0l -----END PGP SIGNATURE-----
--pgipowfjoefnvv3o--
--===============0641588107932826452== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|