Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Linux
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Linux
ID: USN-1798-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.04 LTS
Datum: Di, 9. April 2013, 07:46
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6539
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0914
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1792
Applikationen: Linux

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============1118630205073081834==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="------------enigDD1F5C1BA38D177A694FAA40"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigDD1F5C1BA38D177A694FAA40
Content-Type: multipart/mixed;
boundary="------------050500030401060805080209"

This is a multi-part message in MIME format.
--------------050500030401060805080209
Content-Type: text/plain; charset=ISO-8859-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1798-1
April 09, 2013

linux-ec2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-ec2: Linux kernel for EC2

Details:

Mathias Krause discovered several errors in the Linux kernel's xfrm_user
implementation. A local attacker could exploit these flaws to examine parts
of kernel memory. (CVE-2012-6537)

Mathias Krause discovered information leak in the Linux kernel's compat
ioctl interface. A local user could exploit the flaw to examine parts of
kernel stack memory (CVE-2012-6539)

Mathias Krause discovered an information leak in the Linux kernel's
getsockopt for IP_VS_SO_GET_TIMEOUT. A local user could exploit this flaw
to examine parts of kernel stack memory. (CVE-2012-6540)

Emese Revfy discovered that in the Linux kernel signal handlers could leak
address information across an exec, making it possible to by pass ASLR
(Address Space Layout Randomization). A local user could use this flaw to
by pass ASLR to reliably deliver an exploit payload that would otherwise be
stopped (by ASLR). (CVE-2013-0914)

A memory use after free error was discover in the Linux kernel's tmpfs
filesystem. A local user could exploit this flaw to gain privileges or
cause a denial of service (system crash). (CVE-2013-1767)

Mateusz Guzik discovered a race in the Linux kernel's keyring. A local user
could exploit this flaw to cause a denial of service (system crash).
(CVE-2013-1792)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
linux-image-2.6.32-351-ec2 2.6.32-351.63

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1798-1
CVE-2012-6537, CVE-2012-6539, CVE-2012-6540, CVE-2013-0914,
CVE-2013-1767, CVE-2013-1792

Package Information:
https://launchpad.net/ubuntu/+source/linux-ec2/2.6.32-351.63


--------------050500030401060805080209
Content-Type: text/plain; charset=UTF-8;
name="Attached Message Part"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="Attached Message Part"


--------------050500030401060805080209--

--------------enigDD1F5C1BA38D177A694FAA40
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRY3NXAAoJEAUvNnAY1cPYYEcP/ijb/Hss+uLFaJ8DfDo8pxpN
qy2lZfk1og9n2Y0OfxLR3OgoaUtwShOOPSQHh6doHn5USP20KfvIiRPI2wJ72Ddj
5PvDm+VXoydIU1d3+vhipBjqDuDAUORd0K5u50AsNB0Vpc3sYVAn81ElX1q5Zf3J
z2DqHCUyLUsBJq0WaUrNgNYxNF35CAkJyRpt5Np5aec+N5yYvYOTFFIgcBqXsD3f
6q5o9S+6WUuOGDjO0YTGMSLYwAlTsZlekAsaCmTMTW2xj5MMqZYmz2Gh5E5YKCLq
+BZrQv8F1hH9qLkLNGZ72FTvYcmEYUrDvX+L+7osxPUOeNyb41fHRk69wLZa3kxW
EYCXXdD5DPk06Z3m+tFl9+mrI08EzT0EDgyz+BwO1/XFafvlRstsAADD5nk0leOh
KljU2WzzP5JWdGq/X73nL3AdMjTvKBXOiFszIWnArRlaVSK0uz4X7FfAA2mOeKEC
JpKvUXo5cHdgVyqMhIESo8KHk46fg6w5Jqwe/JPR1xk7nMEv7c6YjQor+nXe6Vce
4buCaaD6kpwkmcj5MxHAWsf2psPRsrlqNDxSMBzdtnSXm6+VgahbOay4I0oc2yZ3
xhlVWoEAgmpTbyKQQTVnqZ9qRO3BlHIjxYHIPNmCDtxOCtrFLhxhRnVBaE1U8g67
r54bH1kK/xxaUQ7Gus6+
=sJOE
-----END PGP SIGNATURE-----

--------------enigDD1F5C1BA38D177A694FAA40--


--===============1118630205073081834==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============1118630205073081834==--
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung