Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in Linux
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in Linux
ID: USN-3234-2
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 LTS
Datum: Mi, 15. März 2017, 23:19
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10208
Applikationen: Linux

Originalnachricht


--===============1041692670769273100==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="HnQK338I3UIa/qiP"
Content-Disposition: inline


--HnQK338I3UIa/qiP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-3234-2
March 15, 2017

linux-lts-xenial vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

USN-3234-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.

Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel
did not properly validate meta block groups. An attacker with physical
access could use this to specially craft an ext4 image that causes a denial
of service (system crash). (CVE-2016-10208)

It was discovered that the Linux kernel did not clear the setgid bit during
a setxattr call on a tmpfs filesystem. A local attacker could use this to
gain elevated group privileges. (CVE-2017-5551)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-4.4.0-67-generic 4.4.0-67.88~14.04.1
linux-image-4.4.0-67-generic-lpae 4.4.0-67.88~14.04.1
linux-image-4.4.0-67-lowlatency 4.4.0-67.88~14.04.1
linux-image-4.4.0-67-powerpc-e500mc 4.4.0-67.88~14.04.1
linux-image-4.4.0-67-powerpc-smp 4.4.0-67.88~14.04.1
linux-image-4.4.0-67-powerpc64-emb 4.4.0-67.88~14.04.1
linux-image-4.4.0-67-powerpc64-smp 4.4.0-67.88~14.04.1
linux-image-generic-lpae-lts-xenial 4.4.0.67.54
linux-image-generic-lts-xenial 4.4.0.67.54
linux-image-lowlatency-lts-xenial 4.4.0.67.54
linux-image-powerpc-e500mc-lts-xenial 4.4.0.67.54
linux-image-powerpc-smp-lts-xenial 4.4.0.67.54
linux-image-powerpc64-emb-lts-xenial 4.4.0.67.54
linux-image-powerpc64-smp-lts-xenial 4.4.0.67.54

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
http://www.ubuntu.com/usn/usn-3234-2
http://www.ubuntu.com/usn/usn-3234-1
CVE-2016-10208, CVE-2017-5551

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-67.88~14.04.1


--HnQK338I3UIa/qiP
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJYyaIIAAoJEC8Jno0AXoH0UmYP/jBtSI/pQqvTuc8KMxxsDdOx
ITiXCtQ0wO6GtTZK3ys/XjoW/JlIGtSP/FZs00WelwZttA/7HMu1KW8ZM6MtI6d7
BF/M1iSXfk7oeb11odNeA6/ypLcTHeoyqlke8ftrgpPNv0vW6STbK5TNIasTMrjY
KkzTqU19xCsyNIsSMIFj6nAB92uaVvDSo9qgABlVIrW30ARgEKTKOyM6g4Q8+5g0
UDfGFQGZ1ccArBr0/iO25SXRHDJnvCp37RRkvnw6xZMjnFsMBSTUrcIy8Q42YiHO
/Dw8PjfCIjNqZx8fYpNBqPq1OqhyE+COHUl+qcyAwdnOb9lDS69ccAZklg2qGTVH
B/pa5X29seRGF50ZzRD5E2NMpdW4fECXnJWjGIspOa1C5tD/95bhkxP4j3z1ZUBZ
W5KCwfoj8c/L3ftB2EY3LOdN5v30pu8BlNfJFZKbSfonhCJEGPjG+7CqD/Kuwa9O
KpTJ4jfrJWLMD9+8CKhogAkAjjOEantty9aNmuU5It1KkXq0h4zSPJJ/adjUgjG9
D+aTUGVt6sEQLAep3uVCPK9XsjinH1yreZTujqvIRVyxbTwe3TWd4OGqqq6QGjPg
j8RHShtBX56lLrati2S1WsaoH+exhw1R4X+/rnoH+JsyJNGBBggnA1iWp9P6s0NO
YqIr5aoc8tz4sa5tKUT1
=AC90
-----END PGP SIGNATURE-----

--HnQK338I3UIa/qiP--


--===============1041692670769273100==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============1041692670769273100==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung