Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Linux
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Linux
ID: USN-2108-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.04 LTS
Datum: Mi, 19. Februar 2014, 07:20
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7281
Applikationen: Linux

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============5630333264761022561==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="Hk6UA42rmj3p3x8O9EBbGlW53Mu7RP68g"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--Hk6UA42rmj3p3x8O9EBbGlW53Mu7RP68g
Content-Type: text/plain; charset=UTF-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-2108-1
February 18, 2014

linux-ec2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-ec2: Linux kernel for EC2

Details:

A flaw was discovered in the Linux kernel's compat ioctls for Adaptec
AACRAID scsi raid devices. An unprivileged local user could send
administrative commands to these devices potentially compromising the data
stored on the device. (CVE-2013-6383)

mpd reported an information leak in the recvfrom, recvmmsg, and recvmsg
system calls in the Linux kernel. An unprivileged local user could exploit
this flaw to obtain sensitive information from kernel stack memory.
(CVE-2013-7263)

mpb reported an information leak in the Layer Two Tunneling Protocol (l2tp)
of the Linux kernel. A local user could exploit this flaw to obtain
sensitive information from kernel stack memory. (CVE-2013-7264)

mpb reported an information leak in the Phone Network protocol (phonet) in
the Linux kernel. A local user could exploit this flaw to obtain sensitive
information from kernel stack memory. (CVE-2013-7265)

mpb reported an information leak in the Low-Rate Wireless Personal Area
Networks support (IEEE 802.15.4) in the Linux kernel. A local user could
exploit this flaw to obtain sensitive information from kernel stack memory.
(CVE-2013-7281)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
linux-image-2.6.32-361-ec2 2.6.32-361.74

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2108-1
CVE-2013-6383, CVE-2013-7263, CVE-2013-7264, CVE-2013-7265,
CVE-2013-7281

Package Information:
https://launchpad.net/ubuntu/+source/linux-ec2/2.6.32-361.74



--Hk6UA42rmj3p3x8O9EBbGlW53Mu7RP68g
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJTA+zbAAoJEAUvNnAY1cPYu1YQAIXZQCJH9B/AE/AG7PE72zrB
s3hYQC7IOEeiAUDth5uskg+iP11KVaL0nxV7lhWcMiMnqpBwwix86/rejzoUL6Ot
lpW+1llpiU7UAmqzrXRPQJaIvtvfpLAsJoseurMlLsOMbWaimsI4I1mANzDKssAz
BxdANelrggwZYAuwPZx56WS3+ctn4LBT4+GJ58P19ntYQP972jRHAX8qPlTtAdCG
tzPC1jaAG0OXFr37WdB2d5gX7wypH+RndsAgDqUEQOr/PebeVsg1/SjGM/YFENd2
9JHmhvJHvLgpORg32ONs+DZaYKvtOIt4eF+SYkL8IvVqPJg9odhYGBeg/biosgXX
WIAxa0WEpBy4U1WrDvHHhrzmKmhuN1/qbGpccSiZxWwXpZ3QbxJ/WcoeiCZwKxJp
9BgNiBmLu1oMvz0RIkwP9HYzieRIjTa8AuBOoYiTvyfwRoyW4dDB3wSgd564BnsR
Y5bKZUP4MwfCyc1xM4AeUFYD9Xg/sM4mLy4a5bNk9NRoES6N80QhgoN3LcFw8vij
dyRBs9RjoeIcUPpEMyMpfSV0QuG5nbpz4WQ4xcvsJ5Aplk0iIazGbmqPIfdIfNaX
I3M5DyDL+8hbLVaY6FfFAb1mz/H6lChkEQguR6ZzwLTwi6MrdvNpR6OclvJwFB+E
L4GOan8CeJ77gYfO940A
=85Qw
-----END PGP SIGNATURE-----

--Hk6UA42rmj3p3x8O9EBbGlW53Mu7RP68g--


--===============5630333264761022561==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============5630333264761022561==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung