Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in Linux
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in Linux
ID: USN-1688-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.04 LTS
Datum: Di, 15. Januar 2013, 10:29
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4530
Applikationen: Linux

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============2570898820616722471==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="------------enig10B81C1663EE0604E4A53BD3"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig10B81C1663EE0604E4A53BD3
Content-Type: multipart/mixed;
boundary="------------040004090805080004050804"

This is a multi-part message in MIME format.
--------------040004090805080004050804
Content-Type: text/plain; charset=ISO-8859-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1688-1
January 15, 2013

linux-lts-backport-oneiric vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-lts-backport-oneiric: Linux kernel backport from Oneiric

Details:

Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual
machine) subsystem's handling of the XSAVE feature. On hosts, using qemu
userspace, without the XSAVE feature an unprivileged local attacker could
exploit this flaw to crash the system. (CVE-2012-4461)

A flaw was discovered in the Linux kernel's handling of script execution
when module loading is enabled. A local attacker could exploit this flaw to
cause a leak of kernel stack contents. (CVE-2012-4530)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
linux-image-3.0.0-30-generic 3.0.0-30.47~lucid1
linux-image-3.0.0-30-generic-pae 3.0.0-30.47~lucid1
linux-image-3.0.0-30-server 3.0.0-30.47~lucid1
linux-image-3.0.0-30-virtual 3.0.0-30.47~lucid1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-1688-1
CVE-2012-4461, CVE-2012-4530

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-backport-oneiric/3.0.0-30.47~lucid1


--------------040004090805080004050804
Content-Type: text/plain; charset=UTF-8;
name="Attached Message Part"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="Attached Message Part"


--------------040004090805080004050804--

--------------enig10B81C1663EE0604E4A53BD3
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJQ9Rc3AAoJEAUvNnAY1cPYiF8QAL3SoVlUDpqmxkN61eTI17yn
vM3BggIShM5egqEvEaNE0ifpahmjZX1duyFMoWneePnUDqA927gBH1bC696+k6IR
VTqEhMJW1lzslJGxSSRHQX3xfDzVC6QC6IpJ2mFv34chnT+1rKZjk23PXyU+be3G
jvK3F6QZb+3FwH6v70tqIRKjHDCHq8sopr5uz0/ZSfFgPzoMwqLKU7VXrjnrUulH
gzbaW+sYDtgUk3GKKR1GvCcM6Ze8utqQNqbL3+9I2WpyvwCatDDZkJsQwdpMhAPE
itz91iktUTb1oHOAB6SDgyQlQzh5gIkGWFeW3rwZEKG94MDV94rVopM/A8qC5ST4
dZUYchu4K5Fm3wudp6V/zrGvMSxT105U4vIWS96f43iH2b+qXGvdImrViyqByLb/
e+UQ9hfKk/zaxx2c30FTUsNyXAjCM0dut5/qQ1LO2NuvMPU8Ezvt0l6utPa5EyVF
gWBT3iCdFRkDilew6OepJFUjPo9yQwLEY4LLEJ6j6YWhT60tXrRNFM76C183bF3H
T8CrsJnhmdXND6z6pcYO8tW5EFaX1B5AEZcMv+AoJ7OiNMV+5sNiQ4w3996WFf5n
hnRfNDahuNCEjpsemcZf6w/CJpeuqG/2CY+HNlF7NHeZDY7TBF718675y+zCpKNV
5DPFsXZSp+Tj+nYgiujE
=Z2FI
-----END PGP SIGNATURE-----

--------------enig10B81C1663EE0604E4A53BD3--


--===============2570898820616722471==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============2570898820616722471==--
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung