drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Linux
Name: |
Mehrere Probleme in Linux |
|
ID: |
USN-3358-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 17.04 |
|
Datum: |
Fr, 21. Juli 2017, 07:44 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9900 |
|
Applikationen: |
Linux |
|
Originalnachricht |
--===============8322580469330666452== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="mi2j2bvum72hb4wf" Content-Disposition: inline
--mi2j2bvum72hb4wf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-3358-1 July 20, 2017
linux, linux-raspi2 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2
Details:
It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2014-9900)
Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-1000380)
Li Qiang discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly validate some ioctl arguments. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7346)
Murray McAllister discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly initialize memory. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-9605)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: linux-image-4.10.0-1011-raspi2 4.10.0-1011.14 linux-image-4.10.0-28-generic 4.10.0-28.32 linux-image-4.10.0-28-generic-lpae 4.10.0-28.32 linux-image-4.10.0-28-lowlatency 4.10.0-28.32 linux-image-generic 4.10.0.28.29 linux-image-generic-lpae 4.10.0.28.29 linux-image-lowlatency 4.10.0.28.29 linux-image-raspi2 4.10.0.1011.13
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://www.ubuntu.com/usn/usn-3358-1 CVE-2014-9900, CVE-2017-1000380, CVE-2017-7346, CVE-2017-9605
Package Information: https://launchpad.net/ubuntu/+source/linux/4.10.0-28.32 https://launchpad.net/ubuntu/+source/linux-raspi2/4.10.0-1011.14
--mi2j2bvum72hb4wf Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIcBAABCgAGBQJZcT4jAAoJEC8Jno0AXoH07vQP/jdj2MkSqKROH5IvZC26+Tcx V+BQ7fZuL5W3Id8ghP8Phzu7/W4cYdcei1lu64t3XxdPRvl/U/q1KI+orN8hogBa qO5WvLke5uNAZ5+WAronvq45NFIhMmHmnGSCYp+33xxZVSKhQwbd0dStv3hROtdr KGbV8R/fB8pXi8CU6ENOD8ZaZPWIg0XWwIjh3+AlLH4zNnWJHrfOoKFsEC/F5npB euBQ4P1cJsxczqLAsEnXT4FZ6QkizUv8w+rICeu1yS+NoldDaqomJ/d+xHLOlICg pkNw9cGEtVdz3pFq2jk00jPJUJDl4NnJ8/vXttyNJvktIiAuuk1IflRspZk8ldof 381ltmL6bc5diU5+qByWQfm1FEGMxop7IIB7UQbazfXYvcRUOqsVu8sT1utp0bua AvAQtvanQ2RiwXAEXtI+WVU8BRM2eDnNH3B8cnqFu4FpVepFLF1GvV/KOKK7yyQa tsdg5ebXFeR/ivzGGKK5sreFJPYEnV6/WiKdbUMqlBaSHLV+SfpvXJYZL8NWW4kr PxPoQvtf2H8B7KK0MgMPf91pU7kZXaZrVL101Tm0RnRF5OWeruYPLue3U6/tEqO4 +PywGahue9ZEKBkNrNqweLHYYwcEGRHguNY32/FynkGWfC0RFMxesRV9N27f2cGO 7Fi0ZCW2TJ2J5fum1Km2 =LKTw -----END PGP SIGNATURE-----
--mi2j2bvum72hb4wf--
--===============8322580469330666452== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============8322580469330666452==--
|
|
|
|