Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in Linux
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in Linux
ID: USN-1689-1
Distribution: Ubuntu
Plattformen: Ubuntu 11.10
Datum: Di, 15. Januar 2013, 10:29
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4530
Applikationen: Linux

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============5996603736488481893==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="------------enigBEE6B7492A5BE8E6E687B329"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigBEE6B7492A5BE8E6E687B329
Content-Type: multipart/mixed;
boundary="------------080403080905050506030201"

This is a multi-part message in MIME format.
--------------080403080905050506030201
Content-Type: text/plain; charset=ISO-8859-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1689-1
January 15, 2013

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual
machine) subsystem's handling of the XSAVE feature. On hosts, using qemu
userspace, without the XSAVE feature an unprivileged local attacker could
exploit this flaw to crash the system. (CVE-2012-4461)

A flaw was discovered in the Linux kernel's handling of script execution
when module loading is enabled. A local attacker could exploit this flaw to
cause a leak of kernel stack contents. (CVE-2012-4530)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
linux-image-3.0.0-30-generic 3.0.0-30.47
linux-image-3.0.0-30-generic-pae 3.0.0-30.47
linux-image-3.0.0-30-omap 3.0.0-30.47
linux-image-3.0.0-30-powerpc 3.0.0-30.47
linux-image-3.0.0-30-powerpc-smp 3.0.0-30.47
linux-image-3.0.0-30-powerpc64-smp 3.0.0-30.47
linux-image-3.0.0-30-server 3.0.0-30.47
linux-image-3.0.0-30-virtual 3.0.0-30.47

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-1689-1
CVE-2012-4461, CVE-2012-4530

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.0.0-30.47


--------------080403080905050506030201
Content-Type: text/plain; charset=UTF-8;
name="Attached Message Part"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="Attached Message Part"


--------------080403080905050506030201--

--------------enigBEE6B7492A5BE8E6E687B329
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJQ9RtGAAoJEAUvNnAY1cPYXN0QALziufT257eEppwokI3/uunR
zIPa0fZOrxZrRbJ4mgzOiO848cKNrGedTfZRsNBzNELSOrMaLnHEbegJ1pEmSDUt
GX1PaqJEunYjPZ/jeeCCz4qB0dORu8pMOEqE9WD+gOhUB0QlznJhE3SqVKQVGMuq
USB9ywNk+ztmYpIFiAT6Df3cbnL/y2Uim/8VjqG2gPdegzz348qhUZ03lX7bfK+s
hZ7moVYL0Y/Dlx9V3Iza2i4+Z5dAE276iGsYEg0JNCA7DvGIV27SsExUk4beM43l
Md2cVyh4sRVhrofCDRzxUpt1R8O/2M4Qx3fYg6g/eUsgSUfwizySjIV1Oal3hK6u
uKSQpqgDY9YZMTz1WC7ES6W4jtm01PcXiRIxQcUM3aQ8JA2iTpNzGwMP2bzm0dQW
PW3cby+oyqBCWHHc5FJ9nFdubSXukldoHr8w9e25KpdTeiGAbYNrn6+wVghTbPBh
zv0I0fFgUbre8439H2Z3yuMvvmEvAVhHSFc+47EJ/0BT0I36uIxYmdXtMvjkZlnM
JV1m67nX33JebXCzxa0eSgOqzDBeQK02oROC0df9yozWBGWJBVPdiIjvciUsnOHT
cXLiM0BkjPthlPVrZEbFVmHh1MmhGxtAZAaAuN7ys9+XPQFpyRe4VdHqVgtUhrq9
IOXqNdUMEsnqpTf5Algy
=2Cfn
-----END PGP SIGNATURE-----

--------------enigBEE6B7492A5BE8E6E687B329--


--===============5996603736488481893==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============5996603736488481893==--
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung