drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Linux (Aktualisierung)
Name: |
Mehrere Probleme in Linux (Aktualisierung) |
|
ID: |
USN-2908-5 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS |
|
Datum: |
Sa, 27. Februar 2016, 10:29 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1575 |
|
Applikationen: |
Linux |
|
Update von: |
Mehrere Probleme in Linux |
|
Originalnachricht |
--===============6575587697024488385== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="LkYZvX65tyO4RZtj" Content-Disposition: inline
--LkYZvX65tyO4RZtj Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-2908-5 February 27, 2016
linux-lts-wily regression ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
USN-2908-2 introduced a regression in the Ubuntu 15.10 Linux kernel backported to Ubuntu 14.04 LTS.
Software Description: - linux-lts-wily: Linux hardware enablement kernel from Wily for Trusty
Details:
USN-2908-2 fixed vulnerabilities in the Ubuntu 15.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubuntu 15.10 backport kernel within VMWare virtual machines. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1576)
halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1575)
It was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. (CVE-2013-4312)
It was discovered that the Linux kernel's Filesystem in Userspace (FUSE) implementation did not handle initial zero length segments properly. A local attacker could use this to cause a denial of service (unkillable task). (CVE-2015-8785)
Andy Lutomirski discovered a race condition in the Linux kernel's translation lookaside buffer (TLB) handling of flush events. A local attacker could use this to cause a denial of service or possibly leak sensitive information. (CVE-2016-2069)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: linux-image-4.2.0-30-generic 4.2.0-30.36~14.04.1 linux-image-4.2.0-30-generic-lpae 4.2.0-30.36~14.04.1 linux-image-4.2.0-30-lowlatency 4.2.0-30.36~14.04.1 linux-image-4.2.0-30-powerpc-e500mc 4.2.0-30.36~14.04.1 linux-image-4.2.0-30-powerpc-smp 4.2.0-30.36~14.04.1 linux-image-4.2.0-30-powerpc64-emb 4.2.0-30.36~14.04.1 linux-image-4.2.0-30-powerpc64-smp 4.2.0-30.36~14.04.1
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2908-5 http://www.ubuntu.com/usn/usn-2908-1 https://launchpad.net/bugs/1548587
Package Information: https://launchpad.net/ubuntu/+source/linux-lts-wily/4.2.0-30.36~14.04.1
--LkYZvX65tyO4RZtj Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJW0WPFAAoJEC8Jno0AXoH0VvUQAI00d/pq8nNLlCTlHssvtN4z hPFnevtOqBbGCLe5uyfdoTFHHZfJe/AP/KfDy31Uft+LSdHp4V2nZVsKd5uDcp3s OxHTYgqHOZqcDP3TClPnfILZzY8s9uH7CHWfh2gJaHGpXHusJfVYUciAShFv3QUn 3k+YJe4tH0DLYfoAEYSgkjRyY8FL60aKqmgmCyXqHbQwed5LHGtN50i9riZJKr2g tvv1XjV2GGV26xqLWKK7thhkU8s/YRR4TkLyrIiRbxUiyu4mzzwugWqkZzPUB+cR cpTMfftVwl0jzcDSjQB36kr0CIU1UUqIkJA7TTLaxdDO3ITZz+Q/6WLo6JdswjPa uQctvVBTk/Twu4piWH7lxEoE2aMBQd522xRivMB0qYRtNkrthOTkVWgGJIqqNsyQ Qcdx/naI2TjFeu85ojH4Tfo4M9ULonaD3BcEBSFbuWGfYa58uvdEXfiCK2Pr1jXY Pfeacjj40JEQ0bjMZc0mi/ykLVrEJmSLqYVPm7RsUfbZNj7oz0AU3JIAPHF8MJdt CS9mFluW9oHMzqGGHScehUNpmm1ExubPz7ra/Vv3UNgHyfo3/AKINUChRzUxLP7Q P2AbK6j9foDDOOlJBftvk8MDkxSFahfDCnj7whxU8QOdrlxy2kiaLBqvYCYgOKqQ KBQeuckSqRx4gRbG2TXc =zuDS -----END PGP SIGNATURE-----
--LkYZvX65tyO4RZtj--
--===============6575587697024488385== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============6575587697024488385==--
|
|
|
|