Sicherheit: Denial of Service in Linux

Lesezeichen hinzufügen

--===============2216764492527667309==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="BOmey7/79ja+7F5w"
Content-Disposition: inline

--BOmey7/79ja+7F5w
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-3266-2
April 25, 2017

linux-hwe vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

The system could be made to crash under certain conditions.

Software Description:
- linux-hwe: Linux hardware enablement (HWE) kernel

Details:

USN-3266-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS.

Alexander Popov discovered that a race condition existed in the Stream
Control Transmission Protocol (SCTP) implementation in the Linux kernel. A
local attacker could use this to cause a denial of service (system crash).

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.8.0-49-generic 4.8.0-49.52~16.04.1
linux-image-4.8.0-49-generic-lpae 4.8.0-49.52~16.04.1
linux-image-4.8.0-49-lowlatency 4.8.0-49.52~16.04.1
linux-image-generic-hwe-16.04 4.8.0.49.21
linux-image-generic-lpae-hwe-16.04 4.8.0.49.21
linux-image-lowlatency-hwe-16.04 4.8.0.49.21

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
http://www.ubuntu.com/usn/usn-3266-2
http://www.ubuntu.com/usn/usn-3266-1
CVE-2017-5986

Package Information:
https://launchpad.net/ubuntu/+source/linux-hwe/4.8.0-49.52~16.04.1

--BOmey7/79ja+7F5w
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJY/r0TAAoJEC8Jno0AXoH0EZgP/RnC+0cX0Z4z66lSPIRT40tB
JqXwBMHrqhLrNHtfJg/ioG80AS+oqwvf6uJwYTunIfzsrmaorEKjKwhKDjXJV3wc
xelOGzrjMZgA8n2CYMLwDcHiEtKrRjcuOc622fd7JNq8OYnyqtL2tN75Y7W6y97o
j0cV2Y/PfWax4yv+yvgRj3HCXi7fNRWVUOJHqN0P8GaaX2yBEji3xIdp3TSe4PIZ
LHF+BGpaRwddfrHpNUj4ZuN6084I1LBpZYAAYnJgVqRROlhE0a0zdduUIR4TVQ9W
nKezA73fl1q1bgFc5qHenoT1vvip5SlyJbNTnKCjT0oQStxfqLeAEHreUGv6tzum
/9JF6RpkyDvoTid+Qahmpc1RhkJXKYxj3KFbDm2gIFRsb3WFs512sx6zMrmJ71eI
B+X5QZxGvZhECgUHvQnM0w8Hyj3EIOeYLgf3dK7Dw+GlMQMwXW1uJouPtPds1FdL
f1Neo0yOWjbyvuFIaIgZ3r+dqABr1ZsAaGGi8tNQdRQ4AABMStq6aGXB75uNStqk
I9GVSwLF5EaHgCw+p679DKipD3wLVYlwqxXayx2l+/s7RlGI5EDjhV+01+bP3fy3
0KY1Dg31cByY8SL3W4NbC+GBYr1IaF1dTl0SBEiguvbV8igBGhRbySAO2rREtKCg
EJedzc+3pe6INhX+HRFb
=q7em
-----END PGP SIGNATURE-----

--BOmey7/79ja+7F5w--

--===============2216764492527667309==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============2216764492527667309==--