drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Linux (Aktualisierung)
Name: |
Mehrere Probleme in Linux (Aktualisierung) |
|
ID: |
USN-3364-3 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 LTS |
|
Datum: |
Mi, 26. Juli 2017, 06:28 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9150 |
|
Applikationen: |
Linux |
|
Update von: |
Mehrere Probleme in Linux |
|
Originalnachricht |
--===============4252415319944254486== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="efz4d5ikj4xhshdt" Content-Disposition: inline
--efz4d5ikj4xhshdt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-3364-3 July 25, 2017
linux-aws, linux-gke vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-gke: Linux kernel for Google Container Engine (GKE) systems
Details:
It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2014-9900)
It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker could use this to expose sensitive information. (CVE-2015-8944)
Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-1000380)
Li Qiang discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly validate some ioctl arguments. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7346)
Jann Horn discovered that bpf in Linux kernel does not restrict the output of the print_bpf_insn function. A local attacker could use this to obtain sensitive address information. (CVE-2017-9150)
Murray McAllister discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly initialize memory. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-9605)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: linux-image-4.4.0-1022-gke 4.4.0-1022.22 linux-image-4.4.0-1026-aws 4.4.0-1026.35 linux-image-aws 4.4.0.1026.29 linux-image-gke 4.4.0.1022.24
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://www.ubuntu.com/usn/usn-3364-3 https://www.ubuntu.com/usn/usn-3364-1 CVE-2014-9900, CVE-2015-8944, CVE-2017-1000380, CVE-2017-7346, CVE-2017-9150, CVE-2017-9605
Package Information: https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1026.35 https://launchpad.net/ubuntu/+source/linux-gke/4.4.0-1022.22
--efz4d5ikj4xhshdt Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIcBAABCgAGBQJZd9bGAAoJEC8Jno0AXoH0H8QP/R8LlxMonoIv3zB3rt3WP8kr nkTm1Iu0ZbuQ011xXh6HUOXrpkzboM8GcPBclgEBSsB3ifbUEQIyXphiBAQ8FwQ0 6gG9j+N7haFyq4jaVCGmtn0p2IEQTSq/Nni8cLldfKChppKYvHUOB+jfKJY7II5+ dnWySZuWVoMVhWbk3SX2K2FxG91Vhndgck3hpCMjRB2YJ+SxOx1K2hBd5UfqhUPk jCm329MBvZ7LxjHJspcs2M2ja1mJ4Zc5XBzpL/e1yRBoWC5FnJgLLjriNWQYNN6w FpESVLf6OzhR8ricsqzGTZ10xJglpIsxxKwWj7/Oj+vLiaIRm+Lr0cTZdHTcFdbu vF0WEcp8tlz6KyTkKa7uIu8p6lU0gIL/3h2sK6mdaZQ6LT3q1cRswdxX+mH9yZcC b9VTE8C0XuF2BFr3RJ1k4T5XgP3JwS0nH5AERZNB8QKsrWHw9DAZ8iMwbeEVQhkd erbgQSXf4ba8EDRsTxn2YS3nebgWngG0qrMLEKVgO+wxVjhLAk9XDQ7I29PsylWt KpszREwZHJeOzGuUxxuJLB2HtQ9OnPq0cD0Ge+FatlDDEQB5VvYElSpDrheFILC8 /J3zjFlmgzuOcdB43NWfYKXD+3Ap4eYC2rhp3IajTZ05cLmTNot22f3PUf8VbqE/ knlBA6sDyIuTUzR6njVw =Jdyk -----END PGP SIGNATURE-----
--efz4d5ikj4xhshdt--
--===============4252415319944254486== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============4252415319944254486==--
|
|
|
|