Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Linux
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Linux
ID: USN-1228-1
Distribution: Ubuntu
Plattformen: Ubuntu 11.04
Datum: Mi, 12. Oktober 2011, 14:44
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2695
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2700
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2723
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2928
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3191
Applikationen: Linux

Originalnachricht


--===============0663236045794000964==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-QWGVxytsurI9+b8Jri1E"


--=-QWGVxytsurI9+b8Jri1E
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1228-1
October 12, 2011

linux-ti-omap4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-ti-omap4: Linux kernel for OMAP4

Details:

Timo Warns discovered that the EFI GUID partition table was not correctly
parsed. A physically local attacker that could insert mountable devices
could exploit this to crash the system or possibly gain root privileges.
(CVE-2011-1776)

Dan Rosenberg discovered that the IPv4 diagnostic routines did not
correctly validate certain requests. A local attacker could exploit this to
consume CPU resources, leading to a denial of service. (CVE-2011-2213)

Dan Rosenberg discovered that the Bluetooth stack incorrectly handled
certain L2CAP requests. If a system was using Bluetooth, a remote attacker
could send specially crafted traffic to crash the system or gain root
privileges. (CVE-2011-2497)

It was discovered that the EXT4 filesystem contained multiple off-by-one
flaws. A local attacker could exploit this to crash the system, leading to
a denial of service. (CVE-2011-2695)

Mauro Carvalho Chehab discovered that the si4713 radio driver did not
correctly check the length of memory copies. If this hardware was
available, a local attacker could exploit this to crash the system or gain
root privileges. (CVE-2011-2700)

Herbert Xu discovered that certain fields were incorrectly handled when
Generic Receive Offload (CVE-2011-2723)

Time Warns discovered that long symlinks were incorrectly handled on Be
filesystems. A local attacker could exploit this with a malformed Be
filesystem and crash the system, leading to a denial of service.
(CVE-2011-2928)

Dan Kaminsky discovered that the kernel incorrectly handled random sequence
number generation. An attacker could use this flaw to possibly predict
sequence numbers and inject packets. (CVE-2011-3188)

Darren Lavender discovered that the CIFS client incorrectly handled certain
large values. A remote attacker with a malicious server could exploit this
to crash the system or possibly execute arbitrary code as the root user.
(CVE-2011-3191)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
linux-image-2.6.38-1209-omap4 2.6.38-1209.16

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1228-1
CVE-2011-1776, CVE-2011-2213, CVE-2011-2497, CVE-2011-2695,
CVE-2011-2700, CVE-2011-2723, CVE-2011-2928, CVE-2011-3188,
CVE-2011-3191

Package Information:
https://launchpad.net/ubuntu/+source/linux-ti-omap4/2.6.38-1209.16



--ÚWGVxytsurI9+b8Jri1E
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABCgAGBQJOlYeaAAoJEGVp2FWnRL6TgwYQALS2D7ug4SqWTf03BOxDQ1Tf
4wiTLrBBYN/3pS+gXezES3yvs9Vs8Cr2VEnPDLGcNpkDMqxccTHbaV3GvcawUFlf
aIxci6kGUEo5VTVQZLj0p4E66YjUE4OHobEozaAgRdb0msQONC8QDaDjtCmneyov
sm4LmgBu/b0v+UOFfWA2RRbmW65zl0XoPA89CwjKiE2PBI7JC0hsYxEAs0H+PH9l
RCuLy2yrnm+wguqkWeZ1tEplMk8xswN4bAiloNpqjZ/3nEGtbqUx7FZlYk/gmNSA
+o4P4hhilJ9hdcg0PM/JEbSgOQUTGu2BpzAFXbbcE8ieAmeWHlYxuPbksKZPmO/h
5m0NZz427b9xBgmzrLAS23Yw7aBQ0WHGKcDph/VOC6QY3AlUeUzuAznlup3sbntP
EyKEWW23v9CCFtk1dRo6RUttDaJbkC5BeORKKoT1Y2cGcCffvGVQCtW/5VuBIXnf
xI/fTvfj7PLn/7enlA8yYuEsTGJ5KluteKSUB0zqPSnMGG6hUsqMlBrpl9XKahV9
1jkm4lFscBoA29WL2bZIfg26zshReQltQLaWfKk2qtkpDg1VrSYvg9+qhF/HBZbn
925SR/Hr7/cpLGG7fjhNlvoDw5ckuybTqVROU0PU7tbyx5ZrrMHJRwr0qPrANsf+
mWSCZE+Erk97c3tEW4Yj
=ndnc
-----END PGP SIGNATURE-----

--=-QWGVxytsurI9+b8Jri1E--



--===============0663236045794000964==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============0663236045794000964==--
Pro-Linux
Pro-Linux @Twitter
Neue Nachrichten
Werbung