Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Linux (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Linux (Aktualisierung)
ID: USN-3422-2
Distribution: Ubuntu
Plattformen: Ubuntu 12.04 ESM
Datum: Di, 19. September 2017, 07:29
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9604
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10200
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6951
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7541
Applikationen: Linux
Update von: Mehrere Probleme in Linux

Originalnachricht


--===============9188620353376006135==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="l32ewoxmdmhk4v47"
Content-Disposition: inline


--l32ewoxmdmhk4v47
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-3422-2
September 18, 2017

linux-lts-trusty vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise
ESM

Details:

USN-3422-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 LTS.

It was discovered that a buffer overflow existed in the Bluetooth stack of
the Linux kernel when handling L2CAP configuration responses. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2017-1000251)

It was discovered that the asynchronous I/O (aio) subsystem of the Linux
kernel did not properly set permissions on aio memory mappings in some
situations. An attacker could use this to more easily exploit other
vulnerabilities. (CVE-2016-10044)

Baozeng Ding and Andrey Konovalov discovered a race condition in the L2TPv3
IP Encapsulation implementation in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2016-10200)

Andreas Gruenbacher and Jan Kara discovered that the filesystem
implementation in the Linux kernel did not clear the setgid bit during a
setxattr call. A local attacker could use this to possibly elevate group
privileges. (CVE-2016-7097)

Sergej Schumilo, Ralf Spenneberg, and Hendrik Schwartke discovered that the
key management subsystem in the Linux kernel did not properly allocate
memory in some situations. A local attacker could use this to cause a
denial of service (system crash). (CVE-2016-8650)

Vlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO
PCI driver for the Linux kernel. A local attacker with access to a vfio PCI
device file could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084)

It was discovered that an information leak existed in __get_user_asm_ex()
in the Linux kernel. A local attacker could use this to expose sensitive
information. (CVE-2016-9178)

CAI Qian discovered that the sysctl implementation in the Linux kernel did
not properly perform reference counting in some situations. An unprivileged
attacker could use this to cause a denial of service (system hang).
(CVE-2016-9191)

It was discovered that the keyring implementation in the Linux kernel in
some situations did not prevent special internal keyrings from being joined
by userspace keyrings. A privileged local attacker could use this to bypass
module verification. (CVE-2016-9604)

It was discovered that an integer overflow existed in the trace subsystem
of the Linux kernel. A local privileged attacker could use this to cause a
denial of service (system crash). (CVE-2016-9754)

Andrey Konovalov discovered that the IPv4 implementation in the Linux
kernel did not properly handle invalid IP options in some situations. An
attacker could use this to cause a denial of service or possibly execute
arbitrary code. (CVE-2017-5970)

Dmitry Vyukov discovered that the Linux kernel did not properly handle TCP
packets with the URG flag. A remote attacker could use this to cause a
denial of service. (CVE-2017-6214)

It was discovered that a race condition existed in the AF_PACKET handling
code in the Linux kernel. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2017-6346)

It was discovered that the keyring implementation in the Linux kernel did
not properly restrict searches for dead keys. A local attacker could use
this to cause a denial of service (system crash). (CVE-2017-6951)

Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux
kernel contained a stack-based buffer overflow. A local attacker with
access to an sg device could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2017-7187)

Eric Biggers discovered a memory leak in the keyring implementation in the
Linux kernel. A local attacker could use this to cause a denial of service
(memory consumption). (CVE-2017-7472)

It was discovered that a buffer overflow existed in the Broadcom FullMAC
WLAN driver in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-7541)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
linux-image-3.13.0-132-generic 3.13.0-132.181~precise1
linux-image-3.13.0-132-generic-lpae 3.13.0-132.181~precise1
linux-image-generic-lpae-lts-trusty 3.13.0.132.122
linux-image-generic-lts-trusty 3.13.0.132.122

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://www.ubuntu.com/usn/usn-3422-2
https://www.ubuntu.com/usn/usn-3422-1
CVE-2016-10044, CVE-2016-10200, CVE-2016-7097, CVE-2016-8650,
CVE-2016-9083, CVE-2016-9084, CVE-2016-9178, CVE-2016-9191,
CVE-2016-9604, CVE-2016-9754, CVE-2017-1000251, CVE-2017-5970,
CVE-2017-6214, CVE-2017-6346, CVE-2017-6951, CVE-2017-7187,
CVE-2017-7472, CVE-2017-7541


--l32ewoxmdmhk4v47
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIcBAABCgAGBQJZwFl2AAoJEC8Jno0AXoH0xRIP/2/fU1SJizN7S0FPDHxh6pZo
cKJYIaOjU2gksj6ZfXxEJPDHHBZgK4wgaZ8xokT/x+REAx8lgMnK0K2bfglT/g+I
A702ea+UolyteH2WvUMPCJNwAVqf6BTCFwlCz8a8f40smPLsL/+0QdGpJ3UjkI0V
M6JCx6LsruhvSpPjkX4JuunGE3WqMajRC4MjMzK4gFUtU0Lcccqg6kYSfzWTKpbC
iNqhmC83NIBAIqL0xSAWRUFsAOpOuQKCLFRA87Qjk+s/803KJQffcnBWTguPiU0J
ca0NE+OVlFtJDaPuW6luaHJ18a31IJ6inksyJm2+IlNkH8ecy87O/enI2KkVMB2h
PA7VyyY0ymU6vfBAf5u9YJkFtvROZdigPbJx8Ex7Bv6zAmsFGQs4u35IkbyyKVwb
LAALcAdfy52ojRwCKxWEpWn82+iNd9ZA0Sn1yEpJjXSAFrpNGXXFC158IAX0JDbM
VZdchzgmlv/kV4jO8bBaPpB6Z6pFZvH+mIjoO3evJjDjK6fNMLvL9ZjgefmO7jMC
IEmR4j6ZntfnBdn5TQT5WBBG5Ue+Co6AO4zr70RynPlLbitXh3FkPxdN0i5WwGQK
N4ZRZqKw6N0KwduR095QMQ/aL9UgpnV+1k9/sA9ewceDtXBCA8swlXMZBiNh0P5/
X6qnChsFep+f8yfXLk3E
=ORix
-----END PGP SIGNATURE-----

--l32ewoxmdmhk4v47--


--===============9188620353376006135==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung