Sicherheit: Mehrere Probleme in Linux


ID:	USN-1533-1

Distribution:	Ubuntu

Plattformen:	Ubuntu 11.10

Datum:	Sa, 11. August 2012, 08:41

Referenzen:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2136 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2373 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3375 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3400

Originalnachricht
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --===============2788951928505764539== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enig9B08B26F962A399C9461AEC3" This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig9B08B26F962A399C9461AEC3 Content-Type: multipart/mixed; boundary="------------030302020706050708010706" This is a multi-part message in MIME format. --------------030302020706050708010706 Content-Type: text/plain; charset=ISO-8859- Content-Transfer-Encoding: quoted-printable ========================================================================== Ubuntu Security Notice USN-1533-1 August 10, 2012 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 Summary: Several security issues were fixed in the kernel. Software Description: - linux: Linux kernel Details: An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. (CVE-2012-2136) Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. (CVE-2012-2373) A flaw was discovered in the Linux kernel's epoll system call. An unprivileged local user could use this flaw to crash the system. (CVE-2012-3375) Some errors where discovered in the Linux kernel's UDF file system, which is used to mount some CD-ROMs and DVDs. An unprivileged local user could use these flaws to crash the system. (CVE-2012-3400) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: linux-image-3.0.0-24-generic 3.0.0-24.40 linux-image-3.0.0-24-generic-pae 3.0.0-24.40 linux-image-3.0.0-24-omap 3.0.0-24.40 linux-image-3.0.0-24-powerpc 3.0.0-24.40 linux-image-3.0.0-24-powerpc-smp 3.0.0-24.40 linux-image-3.0.0-24-powerpc64-smp 3.0.0-24.40 linux-image-3.0.0-24-server 3.0.0-24.40 linux-image-3.0.0-24-virtual 3.0.0-24.40 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. References: http://www.ubuntu.com/usn/usn-1533-1 CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400 Package Information: https://launchpad.net/ubuntu/+source/linux/3.0.0-24.40 --------------030302020706050708010706 Content-Type: text/plain; charset=UTF-8; name="Attached Message Part" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="Attached Message Part" --------------030302020706050708010706-- --------------enig9B08B26F962A399C9461AEC3 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCgAGBQJQJYgzAAoJEAUvNnAY1cPYQNMP/i6OjX94QEXV5q0IB9pmZaHF UYO1yksTBvwUS2srJOVg8rN2sjmTVz6qhmAwItSJJwB26owKm0U/Pjgvu/Dho2Gu XYNmfI81jIh8ygOk/tw4kP4WgUtB57n0huZ+T59t6MlR6vA/vFwY8z4PsNksJmsz PEPuW8C1cfyHvEJKFRF2pYEkslUEr/HasgYskUXX2YqcQzUiFsziHzE9WSaxaBE9 CDJKZv5kENKQl/fQl/bf1HCwie6YfRbnsTeQDvzGcs9c/D0Wfz6rQbKuH+X081FM wTW4Zl5ZkhxnT8ijmJ18zgcLo0wiJkOUgnaYWi4nefy5L13/C/8KgWm9PMNnWgwc dud/LVhmn8DQmIZkOUM9OGZoi/acxUPp9C8sy1miZNHnoWhwfuSKQzEmUu2wnn0n +ruyes8hU/ooiLB2DqYsjcHy5aB7FzdFgaQiys6rGkDOpi0ux6hcUlQN16IFnYO3 3qyUO8jVxmvMS17KKZO/SZvzKiPWhatfizUMIvSRmPtwOyMN8b39tzPv05CMWs78 NSPYy/7gzI/xYX2zwSgv+hBwFApZi0FBL2qL0M6OLsDJ8t5KoUO6+VfeHbLohy6g OgM/rQtOHNFKo+A/0PRKKXxZ16YkKuu3FTWxCIw+88+Whz9+5jcKyJxLEOy7XKNz g6iY+SxvhCQ6MzM9asqB =X11Y -----END PGP SIGNATURE----- --------------enig9B08B26F962A399C9461AEC3-- --===============2788951928505764539== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --===============2788951928505764539==--