Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Linux (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Linux (Aktualisierung)
ID: USN-3541-2
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 LTS
Datum: Di, 23. Januar 2018, 07:43
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715
Applikationen: Linux
Update von: Mehrere Probleme in Linux

Originalnachricht


--===============1637170255751063259==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="vqq7tmtvvw6nc4qp"
Content-Disposition: inline


--vqq7tmtvvw6nc4qp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-3541-2
January 23, 2018

linux-hwe, linux-azure, linux-gcp, linux-oem vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were addressed in the Linux kernel.

Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
- linux-oem: Linux kernel for OEM processors

Details:

USN-3541-1 addressed vulnerabilities in the Linux kernel for Ubuntu
17.10. This update provides the corresponding updates for the
Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu
16.04 LTS.

Jann Horn discovered that microprocessors utilizing speculative
execution and branch prediction may allow unauthorized memory
reads via sidechannel attacks. This flaw is known as Spectre. A
local attacker could use this to expose sensitive information,
including kernel memory. This update provides mitigations for the
i386 (CVE-2017-5753 only), amd64, ppc64el, and s390x architectures.
(CVE-2017-5715, CVE-2017-5753)

USN-3523-2 mitigated CVE-2017-5754 (Meltdown) for the amd64
architecture in the Linux Hardware Enablement (HWE) kernel from Ubuntu
17.10 for Ubuntu 16.04 LTS. This update provides the corresponding
mitigations for the ppc64el architecture. Original advisory details:

Jann Horn discovered that microprocessors utilizing speculative
execution and indirect branch prediction may allow unauthorized memory
reads via sidechannel attacks. This flaw is known as Meltdown. A local
attacker could use this to expose sensitive information, including
kernel memory. (CVE-2017-5754)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.13.0-1006-azure 4.13.0-1006.8
linux-image-4.13.0-1007-gcp 4.13.0-1007.10
linux-image-4.13.0-1017-oem 4.13.0-1017.18
linux-image-4.13.0-31-generic 4.13.0-31.34~16.04.1
linux-image-4.13.0-31-lowlatency 4.13.0-31.34~16.04.1
linux-image-azure 4.13.0.1006.7
linux-image-gcp 4.13.0.1007.9
linux-image-generic-hwe-16.04 4.13.0.31.51
linux-image-gke 4.13.0.1007.9
linux-image-lowlatency-hwe-16.04 4.13.0.31.51
linux-image-oem 4.13.0.1017.21

Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2)
requires corresponding processor microcode/firmware updates or,
in virtual environments, hypervisor updates. On i386 and amd64
architectures, the IBRS and IBPB features are required to enable the
kernel mitigations. Ubuntu is working with Intel and AMD to provide
future microcode updates that implement IBRS and IBPB as they are made
available. Ubuntu users with a processor from a different vendor should
contact the vendor to identify necessary firmware updates. Ubuntu
will provide corresponding QEMU updates in the future for users of
self-hosted virtual environments in coordination with upstream QEMU.
Ubuntu users in cloud environments should contact the cloud provider
to confirm that the hypervisor has been updated to expose the new
CPU features to virtual machines.

After a standard system update you need to reboot your computer to
apply the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3541-2
https://www.ubuntu.com/usn/usn-3541-1
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754

Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/4.13.0-1006.8
https://launchpad.net/ubuntu/+source/linux-gcp/4.13.0-1007.10
https://launchpad.net/ubuntu/+source/linux-hwe/4.13.0-31.34~16.04.1
https://launchpad.net/ubuntu/+source/linux-oem/4.13.0-1017.18


--vqq7tmtvvw6nc4qp
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIcBAABCgAGBQJaZpF5AAoJEC8Jno0AXoH0RDoP/1U525nrNTis8BxFI1ETsGq4
lUeVo77SST6iA0/SR1zwfXzy3QN6DVAjiQZKmXKv7QaTa/SmhqjubTwfLwOwmC6g
lwP9BVPS6GrGBYylgyENxR2YtEKNF5x97Ja2NkwR99jAbFrcOD/P2CjrB0UlDkLg
IYjVj4ojy4banBbjDSlm4cstCgqPhcVtxMJiNUmE1WwT7sgygySjkZMma49xNl3U
1L31GZssKH7U7Zb3cKt+3gwUh2bQlZDy+NxUE2JGg/VljdaiA/mGHJzU8k180TaQ
aFsMeC3AQA+sgGMOwD+MCzTRzju6v8B6A/TogbetNMSP3C3AsYPMT58LXpkPYdMo
QmmYSVQeWDo1qO30n6COXs9b7/CrBrLoTF7g4p0+MP4SFJZfClm7dAflr8LGva0d
/r91Ury/mH3P8hvIEPH8BHcOdv68bC+Hn2p6qmclztJHs5N4B72D/Fc9d2/By34g
JvgDVN/3OMRSSZ4HceF0IIdjzjpl1hY/woCDn/x3Ez0rkN2XDtXwXsKborsAKMnv
jrBQcpGG0BVX2DAZMvcJ0ffCTvOy8Cue7oXMlaQ6FXGtdJAG6R3rcvmS3wg0xjns
jwWl4kinL4zlvrTAIUP5Jt0tcjqY+/uqCx6tVBs89iYullNW+GSIUUZwyvkEmQWl
eUd24CkfYhxUHB+Hh9Yu
=roSG
-----END PGP SIGNATURE-----

--vqq7tmtvvw6nc4qp--


--===============1637170255751063259==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung