drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Linux
Name: |
Mehrere Probleme in Linux |
|
ID: |
USN-1294-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS |
|
Datum: |
Do, 8. Dezember 2011, 17:30 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4326 |
|
Applikationen: |
Linux |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --===============6946478313617511489== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enigB065846468D7857154BA4526"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigB065846468D7857154BA4526 Content-Type: text/plain; charset=ISO-8859- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1294-1 December 08, 2011
linux-lts-backport-oneiric vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description: - linux-lts-backport-oneiric: Linux kernel backport from Oneiric
Details:
Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162)
Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494)
Qianfeng Zhang discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2942)
Yasuaki Ishimatsu discovered a flaw in the kernel's clock implementation. A local unprivileged attacker could exploit this causing a denial of service. (CVE-2011-3209)
Zheng Liu discovered a flaw in how the ext4 filesystem splits extents. A local unprivileged attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-3638)
Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. (CVE-2011-4081)
Scot Doyle discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-4087)
A bug was found in the way headroom check was performed in udp6_ufo_fragment() function. A remote attacker could use this flaw to crash the system. (CVE-2011-4326)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 10.04 LTS: linux-image-3.0.0-13-generic 3.0.0-13.22~lucid1 linux-image-3.0.0-13-generic-pae 3.0.0-13.22~lucid1 linux-image-3.0.0-13-server 3.0.0-13.22~lucid1 linux-image-3.0.0-13-virtual 3.0.0-13.22~lucid1
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1294-1 CVE-2011-1162, CVE-2011-2494, CVE-2011-2942, CVE-2011-3209, CVE-2011-3638, CVE-2011-4081, CVE-2011-4087, CVE-2011-4326
Package Information: https://launchpad.net/ubuntu/+source/linux-lts-backport-oneiric/3.0.0-13.22~lucid1
--------------enigB065846468D7857154BA4526 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCgAGBQJO4MDhAAoJEAUvNnAY1cPYRUIP/0+bzYudS8cIQ+YBc+3+1J2e nERNFN7oBbChMCemnYtfX0O9DWAqGRNuMxnOntiLZORVD7TLFsNq6ohjLiC0r7Tl bdt7LriBWJD0pgRSgZHXH6qnPgQ2IeH+8sAzJo9A0ePrmoNUF4Rg7GBT20F1dsFx vg7hHpS89ucznj6F/JAV14PycwL6USPtgMVlHaLuPfZagkkPoJGNhIZMZL8JDuFe csGvTW0spSZgbAxbXeZJRmkts6Ke0N2KpO+TbJS71eTbhormymBbKRrarBuDQ0Ir ZqGj2X9rta94tXQebhXy9E1OPqGZlq5gkJVQAKC95Q2L+dL2kDGpOXqCOpVqrdAk goxKBFCUjHPM894VLGG9mRY8J8XZ41wVG2aSmYcF8lPfX5l3S4jwh7Wu7lIOwmDQ 3EBivuskK160yyUfGqqF/OIGQH3Lxizd0NVdwx3lqI03YJkHyHIAfujWKXB9v7x3 qJPK1rVbh0z7T/CLdpEIzsKdbOWKMNyM2+RWMLdaMWEHf75J8hzRG9D3IF54taxV dwVLUfB0MWypMiqa5UjKox0mE/9GuHP/YBXZoAEfy+SBjSl958Y/WjEgBkYwcQ7P 8zwHhtmKZBI5J7wZkDSPOHblgglY5T/8OJ9sHZVso2B+ndiX1AlX7moMO8/ISgb0 GNBuJVg0AKkMC0qSLyTk =oy9/ -----END PGP SIGNATURE-----
--------------enigB065846468D7857154BA4526--
--===============6946478313617511489== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============6946478313617511489==--
|
|
|
|