drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Linux (Aktualisierung)
Name: |
Mehrere Probleme in Linux (Aktualisierung) |
|
ID: |
USN-3581-3 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 17.10 |
|
Datum: |
Fr, 23. Februar 2018, 09:56 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17712
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8824 |
|
Applikationen: |
Linux |
|
Update von: |
Mehrere Probleme in Linux |
|
Originalnachricht |
--===============5745326426599553251== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="JIpyCmsTxyPLrmrM" Content-Disposition: inline
--JIpyCmsTxyPLrmrM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-3581-3 February 23, 2018
linux-raspi2 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux-raspi2: Linux kernel for Raspberry Pi 2
Details:
Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-17712)
ChunYu Wang discovered that a use-after-free vulnerability existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code, (CVE-2017-15115)
Mohamed Ghannam discovered a use-after-free vulnerability in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-8824)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.10: linux-image-4.13.0-1014-raspi2 4.13.0-1014.15 linux-image-raspi2 4.13.0.1014.12
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://usn.ubuntu.com/usn/usn-3581-3 https://usn.ubuntu.com/usn/usn-3581-1 CVE-2017-15115, CVE-2017-17712, CVE-2017-8824
Package Information: https://launchpad.net/ubuntu/+source/linux-raspi2/4.13.0-1014.15
--JIpyCmsTxyPLrmrM Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIcBAABCgAGBQJaj71kAAoJEC8Jno0AXoH04bUP/2cAm5Kyx+32+e265Oq1NzRV T8/NEuvMOv81JpTp9HhT2h+YGp+VTNkczNUQeVPghkdHp/Ipd8Nm4fwX6yaeoHbr OhFOH7l0lN1KlGVfL8DoIC05pVsAF+UVsaqbD4Kg7BSQvDg3k19HP2y2IXzaTtr2 /cmzd8SpUMVPJkrdAosC7snLpMEXwkvHlb/TebIYT1+6LnqnUKSeqRc70lrWARk1 pJbgMq3wpLtiDyEJqkuGoTnTxLlW4J7bXLdwHhiF5xDfr1VDPCtKDeh5a/KFh0ng P6c1oI+Hls7F/XBnM+ZZJEpJpIUc/f2QoJdcbu+WUBKHLRhtg+uw9TJlDw8SLM8l /RVSkf5s31lVHbrAVy5T5oK6uver47lSssj8Ee7z2U+0hyVFYNQZSfnjDZFfc0hO KeuOsTOHKQ3smGrc+HEnq9JTKPYqkYFIF1k7npEePP3GVj6lGVRiaqUQSALEGj6J 94LHNB5O2R8aIhidhclN6b/ydNK19IuuxSUwTNIrYlmHdWhpszRUkExXPUr9y8yG NiPGDYXTEJ1Oz6oVMQ4xhYkkio2GmuXpJYIDWA4tTL7bxso7lYeFsnzu8Bi4wF0m 2C37CZpNsx5tm/YT6ZIVTD0NIiBAQ2nO0oL6C2qH+mePsACuQU1O4ml1fvjczuo6 z1gc8BRlXn65TjZQ2q37 =C1CG -----END PGP SIGNATURE-----
--JIpyCmsTxyPLrmrM--
--===============5745326426599553251== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|