Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Linux
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Linux
ID: USN-2465-1
Distribution: Ubuntu
Plattformen: Ubuntu 12.04 LTS
Datum: Di, 13. Januar 2015, 18:51
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7843
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8884
Applikationen: Linux

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============0518498243515281283==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="OoujXNar674L9dsvgNc7gOH5AIgG1J8is"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--OoujXNar674L9dsvgNc7gOH5AIgG1J8is
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-2465-1
January 13, 2015

linux-lts-trusty vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-lts-trusty: Linux hardware enablement kernel from Trusty

Details:

A null pointer dereference flaw was discovered in the the Linux kernel's
SCTP implementation when ASCONF is used. A remote attacker could exploit
this flaw to cause a denial of service (system crash) via a malformed INIT
chunk. (CVE-2014-7841)

A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual
Machine) subsystem of the Linux kernel was discovered. A guest OS user
could exploit this flaw to cause a denial of service (guest OS crash) via a
specially crafted application. (CVE-2014-7842)

Miloš Prchlík reported a flaw in how the ARM64 platform handles a single
byte overflow in __clear_user. A local user could exploit this flaw to
cause a denial of service (system crash) by reading one byte beyond a
/dev/zero page boundary. (CVE-2014-7843)

A stack buffer overflow was discovered in the ioctl command handling for
the Technotrend/Hauppauge USB DEC devices driver. A local user could
exploit this flaw to cause a denial of service (system crash) or possibly
gain privileges. (CVE-2014-8884)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.13.0-44-generic 3.13.0-44.73~precise1
linux-image-3.13.0-44-generic-lpae 3.13.0-44.73~precise1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2465-1
CVE-2014-7841, CVE-2014-7842, CVE-2014-7843, CVE-2014-8884

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-44.73~precise1



--OoujXNar674L9dsvgNc7gOH5AIgG1J8is
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUtRPHAAoJEAUvNnAY1cPYvqQP/3+ECjcuvINjgfHywjUt0lKK
F3BvcXuwZU+TiA2dIDsnGiqz3s/l9zzD3oCSCLnwUThLWuRjV1Z3xYQYUylHQSvW
rCi1bty5cBs8C565CggP+fPfdDYwOjgxRjh/iAi6lOesbDR37Xw7Se/UZ2YC7J/k
++C7pjE5+ER+Us65d2prbJn56ryqSvrZabdGqaV4tkci6esM0kYujsPHtRxZru2R
zYhxFqOZpap0F57T19ZsQH5l+ISpa+YjObK7hiaDu3xMEHowbu8rgbwsYER88doJ
OxAZ/JSOTRS3RcBfYTzFKLDy7jJ8tjXvZSWlv2V9Q3eI09/DA8ObO/2Ec2hlI8iV
Iu/tH8BRREAAh3GUqGKlNT5ZSMneSM1G+hvfazYVHeWonVQnqIQmqBQk/Zu+hsHj
A18kE5kEsGVDP8I3ZyyJhPFoRMfQG4gELPvte0yRCbikOZyfyChPJTiZ7gf+m8gp
7B0IonOzMqBvOn5zEr9E+pHhM8axfG9avL3YSIlYYXgvIOckrRM3MdfTOGDqtgo0
XFWETdeLtFD2BK2JxzXgUEm7B/0Uw0Ipt72yrVX9kgXHqUHRiloLsNPTsKIQW9mH
sTjfR6QjgeU3K2O9cfYQOZK0YXB0yx2KQIVrC35R3TOvNEjMR4ydg0XEFO2AHRKg
q8j/zzo/Wua54VIsu+N+
=2b2y
-----END PGP SIGNATURE-----

--OoujXNar674L9dsvgNc7gOH5AIgG1J8is--


--===============0518498243515281283==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============0518498243515281283==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung