drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Linux (Aktualisierung)
Name: |
Mehrere Probleme in Linux (Aktualisierung) |
|
ID: |
USN-3509-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS |
|
Datum: |
Fr, 8. Dezember 2017, 06:12 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16643 |
|
Applikationen: |
Linux |
|
Update von: |
Mehrere Probleme in Linux |
|
Originalnachricht |
--===============4815399625958654399== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="d3dpbm2e6jvaq3vi" Content-Disposition: inline
--d3dpbm2e6jvaq3vi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-3509-2 December 07, 2017
linux-lts-xenial, linux-aws vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
USN-3509-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.
Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16939)
It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service (application crashes) or possibly gain administrative privileges. (CVE-2017-1000405)
Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array implementation in the Linux kernel sometimes did not properly handle adding a new entry. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-12193)
Andrey Konovalov discovered an out-of-bounds read in the GTCO digitizer USB driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16643)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: linux-image-4.4.0-1005-aws 4.4.0-1005.5 linux-image-4.4.0-103-generic 4.4.0-103.126~14.04.1 linux-image-4.4.0-103-generic-lpae 4.4.0-103.126~14.04.1 linux-image-4.4.0-103-lowlatency 4.4.0-103.126~14.04.1 linux-image-4.4.0-103-powerpc-e500mc 4.4.0-103.126~14.04.1 linux-image-4.4.0-103-powerpc-smp 4.4.0-103.126~14.04.1 linux-image-4.4.0-103-powerpc64-emb 4.4.0-103.126~14.04.1 linux-image-4.4.0-103-powerpc64-smp 4.4.0-103.126~14.04.1 linux-image-aws 4.4.0.1005.5 linux-image-generic-lpae-lts-xenial 4.4.0.103.86 linux-image-generic-lts-xenial 4.4.0.103.86 linux-image-lowlatency-lts-xenial 4.4.0.103.86 linux-image-powerpc-e500mc-lts-xenial 4.4.0.103.86 linux-image-powerpc-smp-lts-xenial 4.4.0.103.86 linux-image-powerpc64-emb-lts-xenial 4.4.0.103.86 linux-image-powerpc64-smp-lts-xenial 4.4.0.103.86
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://www.ubuntu.com/usn/usn-3509-2 https://www.ubuntu.com/usn/usn-3509-1 CVE-2017-1000405, CVE-2017-12193, CVE-2017-16643, CVE-2017-16939
Package Information: https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1005.5 https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-103.126~14.04.1
--d3dpbm2e6jvaq3vi Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIcBAABCgAGBQJaKdxAAAoJEC8Jno0AXoH0a38QAJNZJyu8jJA+hzhxuiXKkwTV BCIG5fG4HpkgiXwH+WtsFiZ8Kp8+VS29FtUCmFFtbUq8qB46F6iCTu5IFmv0SFGX x5+lj79IYOwMioC5rlxnBjpcYixoT6rHMtH+1+5r1kI0NPIhk0RnmbKUOV5YkKhV dMJpplt93S4pn3LFBBRv7dKT/erDcr6gkz01JtEq8Ll6dd/FPd79zh1pyX2sjZye Mfab5wouVOgVmI5gff+M4W5dSiky8+eSL8vqly59rXXTpvMk2fInj4MsKhu93HSt EHvK/NdKy36NlkBxSozJ98rLiCueaiBY9wwCVQlKQD6wu2D0u1LAjGxR9l2UW/cJ HntBJNPz3OaulysjeGzidOggnCIQGkRCZL5Mvmr07WgRjXqIX/I+f1kqOd/3Dz3c ZABzH15VTNA913l6w//UG6WdNWZWXu0QJYmsPex9E2aQ4fdqOmPjVPgxUXaGCd34 DYJOOz566qgMG6RooNnGxyyI+9P8TuuIIYnSjgcFdY2PbDskc6LXkJ0u6OQKQ5jt OaHVmD0YeRiWl8Pl1addzKvZWZzU65TZMT48kDLdtq0Nhy4OR3XbewEP11Qf+DqQ 0U6LYdMC+ZTVVn3j+vvzqSI32Y+E52gg8PZlLhl5zIjo95pptspr7S3foEeIVrFy ZZYScCfHmhpvhhr5zugI =lyaG -----END PGP SIGNATURE-----
--d3dpbm2e6jvaq3vi--
--===============4815399625958654399== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|