Ausführen von Code mit höheren Privilegien in Linux (Aktualisierung)
ID: | USN-3335-2 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 12.04 ESM |
Datum: | Mi, 21. Juni 2017, 23:50 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000364 |
Applikationen: | Linux |
Update von: | Mehrere Probleme in Linux |
Originalnachricht |
|
--===============7985316717035468382== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="eheScQNz3K90DVRs" Content-Disposition: inline --eheScQNz3K90DVRs Content-Type: text/plain; charset=us-ascii Content-Disposition: inline ========================================================================== Ubuntu Security Notice USN-3335-2 June 21, 2017 linux-lts-trusty vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: The system could be made to run programs as an administrator. Software Description: - linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise Details: USN-3335-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: linux-image-3.13.0-121-generic 3.13.0-121.170~precise1 linux-image-3.13.0-121-generic-lpae 3.13.0-121.170~precise1 linux-image-generic-lpae-lts-trusty 3.13.0.121.112 linux-image-generic-lts-trusty 3.13.0.121.112 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://www.ubuntu.com/usn/usn-3335-2 https://www.ubuntu.com/usn/usn-3335-1 CVE-2017-1000364 --eheScQNz3K90DVRs Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJZSr0DAAoJEC8Jno0AXoH0O/oQAIdsLNhepyz0aDNcXiu/Jq7l p9l5yRtphk4tNfjGyinpPNRasI6QlVJsjjCNvX/K+Dyy4kX4YmEFrjrtRl7p3cEB lB2E7M2iAcWAg2VtTpyOYsQ0bJGorBXwdnNN2fnYb1HrtO2CFxDIBHP8RiTPqknt mgsetECUEBi2RNbSwZlrnAThPDEE4uK2eXqD7E9LvEsA3TODju38NZJI7eHCAqy0 H87U93TXJAkjNE6U9OExn8h61DH9C8vQqz5Dz2z//4SzYPI+Ait7MR/sfDAV395P ETxJd1m6mJA+gycR9UGxWhrGqDTmwVQDcMs8ypeXQt/p0iWmmcrBbMC4g8G+T3oD RnNJD1LRRIccI/wc+0glxMF3pzJFKDIn5ImHOQBt52F7yrQLLy7hqvdyXTv5fj11 8WtXFjeE0qONARKhEHAQCLD/7gy7bCXnTJicyw4qanye1/t0bfGQc5yY++NRBuHa i0Z+hamVphYIqLMJtlqPitxJ/+5ij21AqIWO1Q2adHjdW/gfCMlYXfn/81PaX2JF gP1X78yZ7nncM1VWqIkaG+ia8ubOYnV6iim+LUMbmb3WruQJYJT2fEgpK6IG4Pnc RyXmeJp/+CGecrumwDEDhfMODe06Ls6yJD4URdS27d8x1clA7Ls139APPJb+fBrJ EA8wZkpNWmiUQbNqa0eH =w7a5 -----END PGP SIGNATURE----- --eheScQNz3K90DVRs-- --===============7985316717035468382== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --===============7985316717035468382==-- |