drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Linux
Name: |
Mehrere Probleme in Linux |
|
ID: |
USN-3674-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS |
|
Datum: |
Di, 12. Juni 2018, 07:34 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0627 |
|
Applikationen: |
Linux |
|
Originalnachricht |
--===============5933309368908383858== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="qjNfmADvan18RZcF" Content-Disposition: inline
--qjNfmADvan18RZcF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-3674-1 June 11, 2018
linux vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux: Linux kernel
Details:
It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1068)
It was discovered that a NULL pointer dereference existed in the RDS (Reliable Datagram Sockets) protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-7492)
Eyal Itkin discovered that the USB displaylink video adapter driver in the Linux kernel did not properly validate mmap offsets sent from userspace. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. (CVE-2018-8781)
Xingyuan Lin discovered that a out-of-bounds read existed in the USB Video Class (UVC) driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-0627)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: linux-image-3.13.0-151-generic 3.13.0-151.201 linux-image-3.13.0-151-generic-lpae 3.13.0-151.201 linux-image-3.13.0-151-lowlatency 3.13.0-151.201 linux-image-3.13.0-151-powerpc-e500 3.13.0-151.201 linux-image-3.13.0-151-powerpc-e500mc 3.13.0-151.201 linux-image-3.13.0-151-powerpc-smp 3.13.0-151.201 linux-image-3.13.0-151-powerpc64-emb 3.13.0-151.201 linux-image-3.13.0-151-powerpc64-smp 3.13.0-151.201 linux-image-generic 3.13.0.151.161 linux-image-generic-lpae 3.13.0.151.161 linux-image-lowlatency 3.13.0.151.161 linux-image-powerpc-e500 3.13.0.151.161 linux-image-powerpc-e500mc 3.13.0.151.161 linux-image-powerpc-smp 3.13.0.151.161 linux-image-powerpc64-emb 3.13.0.151.161 linux-image-powerpc64-smp 3.13.0.151.161
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://usn.ubuntu.com/usn/usn-3674-1 CVE-2017-0627, CVE-2018-1068, CVE-2018-7492, CVE-2018-8781
Package Information: https://launchpad.net/ubuntu/+source/linux/3.13.0-151.201
--qjNfmADvan18RZcF Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAlse9GAACgkQLwmejQBe gfS6WA//R3ty2Tn9m7tqK5glzUHYkHGl74VfSwVFE0dDmy6/teLw95qGmDss2TTa ndrt4cxUaTsQuWd7sSHm5wvPTX5s5VClaFE7NUl1CzMx2fWqevKUH1mFMO2v/XcO Qrr4GTEv3cEoFv+lXFjCJ40Zcm7Q9OF5YAEXklPjPs6IGtX8TsrcJftpPE0Eh3J/ SdOzw2NDtP6IKKv8IlKbZpi+omXx1mBJWgcOkNxFpEIbIe0z2irGXERxjNa5S8xt CZTT1aJdfHf8/8rNkZvcvBkUaWRRKBzHexP9SPPth7KfJugVSM7pBtQGPvNWklLU 16vGkfwvEp8YmcYTp45kXgUEg9j4tL0H9o5GwCBUiwGRroRY1Rmr9AlADtqk0MCq 8vUFQBN2fJDHfFNbeFmKydrS2Li+D3FFJJ+spRZpPdj6ySbGgrFz2SsbEbpzkr3Z kw0PqC0N12zdTIj4dd6V4Zxyp2HVT29B4cTU7FthqNSkR5H02fhgqNjWxr3SId1K 38sA+cm6JTFeMZL6jfzh7wj/kkZj+K7QT1J3LvGVkxQpNt+8pYzsDOQz/K383fKo XndmWyXXdqlN4kanMQTpWAz4TMLLAISGFCaR7GAYm5j0N9GFJIoqSB791WAvgBLf xFf+quY9qMPOJhR4t9McpufYnDLDzkwKqRGi56bAEItA+DHEPdc= =iOej -----END PGP SIGNATURE-----
--qjNfmADvan18RZcF--
--===============5933309368908383858== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|