drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Linux (Aktualisierung)
Name: |
Mehrere Probleme in Linux (Aktualisierung) |
|
ID: |
USN-3541-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 LTS |
|
Datum: |
Di, 23. Januar 2018, 07:43 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715 |
|
Applikationen: |
Linux |
|
Update von: |
Mehrere Probleme in Linux |
|
Originalnachricht |
--===============1637170255751063259== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="vqq7tmtvvw6nc4qp" Content-Disposition: inline
--vqq7tmtvvw6nc4qp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-3541-2 January 23, 2018
linux-hwe, linux-azure, linux-gcp, linux-oem vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were addressed in the Linux kernel.
Software Description: - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-hwe: Linux hardware enablement (HWE) kernel - linux-oem: Linux kernel for OEM processors
Details:
USN-3541-1 addressed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS.
Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 (CVE-2017-5753 only), amd64, ppc64el, and s390x architectures. (CVE-2017-5715, CVE-2017-5753)
USN-3523-2 mitigated CVE-2017-5754 (Meltdown) for the amd64 architecture in the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. This update provides the corresponding mitigations for the ppc64el architecture. Original advisory details:
Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5754)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: linux-image-4.13.0-1006-azure 4.13.0-1006.8 linux-image-4.13.0-1007-gcp 4.13.0-1007.10 linux-image-4.13.0-1017-oem 4.13.0-1017.18 linux-image-4.13.0-31-generic 4.13.0-31.34~16.04.1 linux-image-4.13.0-31-lowlatency 4.13.0-31.34~16.04.1 linux-image-azure 4.13.0.1006.7 linux-image-gcp 4.13.0.1007.9 linux-image-generic-hwe-16.04 4.13.0.31.51 linux-image-gke 4.13.0.1007.9 linux-image-lowlatency-hwe-16.04 4.13.0.31.51 linux-image-oem 4.13.0.1017.21
Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2) requires corresponding processor microcode/firmware updates or, in virtual environments, hypervisor updates. On i386 and amd64 architectures, the IBRS and IBPB features are required to enable the kernel mitigations. Ubuntu is working with Intel and AMD to provide future microcode updates that implement IBRS and IBPB as they are made available. Ubuntu users with a processor from a different vendor should contact the vendor to identify necessary firmware updates. Ubuntu will provide corresponding QEMU updates in the future for users of self-hosted virtual environments in coordination with upstream QEMU. Ubuntu users in cloud environments should contact the cloud provider to confirm that the hypervisor has been updated to expose the new CPU features to virtual machines.
After a standard system update you need to reboot your computer to apply the necessary changes.
References: https://www.ubuntu.com/usn/usn-3541-2 https://www.ubuntu.com/usn/usn-3541-1 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
Package Information: https://launchpad.net/ubuntu/+source/linux-azure/4.13.0-1006.8 https://launchpad.net/ubuntu/+source/linux-gcp/4.13.0-1007.10 https://launchpad.net/ubuntu/+source/linux-hwe/4.13.0-31.34~16.04.1 https://launchpad.net/ubuntu/+source/linux-oem/4.13.0-1017.18
--vqq7tmtvvw6nc4qp Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIcBAABCgAGBQJaZpF5AAoJEC8Jno0AXoH0RDoP/1U525nrNTis8BxFI1ETsGq4 lUeVo77SST6iA0/SR1zwfXzy3QN6DVAjiQZKmXKv7QaTa/SmhqjubTwfLwOwmC6g lwP9BVPS6GrGBYylgyENxR2YtEKNF5x97Ja2NkwR99jAbFrcOD/P2CjrB0UlDkLg IYjVj4ojy4banBbjDSlm4cstCgqPhcVtxMJiNUmE1WwT7sgygySjkZMma49xNl3U 1L31GZssKH7U7Zb3cKt+3gwUh2bQlZDy+NxUE2JGg/VljdaiA/mGHJzU8k180TaQ aFsMeC3AQA+sgGMOwD+MCzTRzju6v8B6A/TogbetNMSP3C3AsYPMT58LXpkPYdMo QmmYSVQeWDo1qO30n6COXs9b7/CrBrLoTF7g4p0+MP4SFJZfClm7dAflr8LGva0d /r91Ury/mH3P8hvIEPH8BHcOdv68bC+Hn2p6qmclztJHs5N4B72D/Fc9d2/By34g JvgDVN/3OMRSSZ4HceF0IIdjzjpl1hY/woCDn/x3Ez0rkN2XDtXwXsKborsAKMnv jrBQcpGG0BVX2DAZMvcJ0ffCTvOy8Cue7oXMlaQ6FXGtdJAG6R3rcvmS3wg0xjns jwWl4kinL4zlvrTAIUP5Jt0tcjqY+/uqCx6tVBs89iYullNW+GSIUUZwyvkEmQWl eUd24CkfYhxUHB+Hh9Yu =roSG -----END PGP SIGNATURE-----
--vqq7tmtvvw6nc4qp--
--===============1637170255751063259== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|