drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in Linux
| Name: |
Preisgabe von Informationen in Linux |
|
| ID: |
USN-4627-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 16.04 LTS, Ubuntu 12.04 ESM, Ubuntu 18.04 LTS, Ubuntu 14.04 ESM, Ubuntu 20.04 LTS |
|
| Datum: |
Mi, 11. November 2020, 06:47 |
|
| Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8694 |
|
| Applikationen: |
Linux |
|
Originalnachricht |
--===============7149488797283357281==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="R3G7APHDIzY6R/pk"
Content-Disposition: inline
--R3G7APHDIzY6R/pk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
==========================================================================
Ubuntu Security Notice USN-4627-1
November 11, 2020
linux, linux-gcp, linux-gcp-4.15, linux-gcp-5.4, linux-gke-4.15,
linux-gke-5.3, linux-hwe, linux-hwe-5.4, linux-oem, linux-oem-osp1,
linux-oracle, linux-oracle-5.4 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
The system could be made to expose sensitive information.
Software Description:
- linux: Linux kernel
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gke-4.15: Linux kernel for Google Container Engine (GKE) systems
- linux-gke-5.3: Linux kernel for Google Container Engine (GKE) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
- linux-hwe-5.4: Linux hardware enablement (HWE) kernel
- linux-oem: Linux kernel for OEM systems
- linux-oem-osp1: Linux kernel for OEM systems
- linux-oracle-5.4: Linux kernel for Oracle Cloud systems
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
- linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise
ESM
Details:
Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine
Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running
Average Power Limit (RAPL) driver in the Linux kernel did not properly
restrict access to power data. A local attacker could possibly use this to
expose sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.4.0-1029-gcp 5.4.0-1029.31
linux-image-5.4.0-1029-oracle 5.4.0-1029.31
linux-image-5.4.0-53-generic 5.4.0-53.59
linux-image-5.4.0-53-generic-lpae 5.4.0-53.59
linux-image-5.4.0-53-lowlatency 5.4.0-53.59
linux-image-gcp 5.4.0.1029.37
linux-image-generic 5.4.0.53.56
linux-image-generic-hwe-20.04 5.4.0.53.56
linux-image-generic-lpae 5.4.0.53.56
linux-image-generic-lpae-hwe-20.04 5.4.0.53.56
linux-image-gke 5.4.0.1029.37
linux-image-lowlatency 5.4.0.53.56
linux-image-lowlatency-hwe-20.04 5.4.0.53.56
linux-image-oem 5.4.0.53.56
linux-image-oem-osp1 5.4.0.53.56
linux-image-oracle 5.4.0.1029.26
linux-image-virtual 5.4.0.53.56
linux-image-virtual-hwe-20.04 5.4.0.53.56
Ubuntu 18.04 LTS:
linux-image-4.15.0-1058-oracle 4.15.0-1058.64
linux-image-4.15.0-1073-gke 4.15.0-1073.78
linux-image-4.15.0-1087-gcp 4.15.0-1087.100
linux-image-4.15.0-1101-oem 4.15.0-1101.112
linux-image-4.15.0-123-generic 4.15.0-123.126
linux-image-4.15.0-123-generic-lpae 4.15.0-123.126
linux-image-4.15.0-123-lowlatency 4.15.0-123.126
linux-image-5.0.0-1071-oem-osp1 5.0.0-1071.77
linux-image-5.3.0-1039-gke 5.3.0-1039.42
linux-image-5.3.0-69-generic 5.3.0-69.65
linux-image-5.3.0-69-lowlatency 5.3.0-69.65
linux-image-5.4.0-1029-gcp 5.4.0-1029.31~18.04.1
linux-image-5.4.0-1029-oracle 5.4.0-1029.31~18.04.1
linux-image-5.4.0-53-generic 5.4.0-53.59~18.04.1
linux-image-5.4.0-53-generic-lpae 5.4.0-53.59~18.04.1
linux-image-5.4.0-53-lowlatency 5.4.0-53.59~18.04.1
linux-image-gcp 5.4.0.1029.17
linux-image-gcp-edge 5.4.0.1029.17
linux-image-gcp-lts-18.04 4.15.0.1087.105
linux-image-generic 4.15.0.123.110
linux-image-generic-hwe-18.04 5.4.0.53.59~18.04.47
linux-image-generic-lpae 4.15.0.123.110
linux-image-generic-lpae-hwe-18.04 5.4.0.53.59~18.04.47
linux-image-gke 4.15.0.1073.77
linux-image-gke-4.15 4.15.0.1073.77
linux-image-gke-5.3 5.3.0.1039.22
linux-image-gkeop-5.3 5.3.0.69.126
linux-image-lowlatency 4.15.0.123.110
linux-image-lowlatency-hwe-18.04 5.4.0.53.59~18.04.47
linux-image-oem 4.15.0.1101.105
linux-image-oem-osp1 5.0.0.1071.69
linux-image-oracle 5.4.0.1029.13
linux-image-oracle-edge 5.4.0.1029.13
linux-image-oracle-lts-18.04 4.15.0.1058.68
linux-image-powerpc-e500mc 4.15.0.123.110
linux-image-powerpc-smp 4.15.0.123.110
linux-image-powerpc64-emb 4.15.0.123.110
linux-image-powerpc64-smp 4.15.0.123.110
linux-image-snapdragon-hwe-18.04 5.4.0.53.59~18.04.47
linux-image-virtual 4.15.0.123.110
linux-image-virtual-hwe-18.04 5.4.0.53.59~18.04.47
Ubuntu 16.04 LTS:
linux-image-4.15.0-1058-oracle 4.15.0-1058.64~16.04.1
linux-image-4.15.0-1087-gcp 4.15.0-1087.100~16.04.1
linux-image-4.15.0-123-generic 4.15.0-123.126~16.04.1
linux-image-4.15.0-123-generic-lpae 4.15.0-123.126~16.04.1
linux-image-4.15.0-123-lowlatency 4.15.0-123.126~16.04.1
linux-image-4.4.0-194-generic 4.4.0-194.226
linux-image-4.4.0-194-generic-lpae 4.4.0-194.226
linux-image-4.4.0-194-lowlatency 4.4.0-194.226
linux-image-4.4.0-194-powerpc-e500mc 4.4.0-194.226
linux-image-4.4.0-194-powerpc-smp 4.4.0-194.226
linux-image-4.4.0-194-powerpc64-emb 4.4.0-194.226
linux-image-4.4.0-194-powerpc64-smp 4.4.0-194.226
linux-image-gcp 4.15.0.1087.88
linux-image-generic 4.4.0.194.200
linux-image-generic-hwe-16.04 4.15.0.123.123
linux-image-generic-lpae 4.4.0.194.200
linux-image-generic-lpae-hwe-16.04 4.15.0.123.123
linux-image-gke 4.15.0.1087.88
linux-image-lowlatency 4.4.0.194.200
linux-image-lowlatency-hwe-16.04 4.15.0.123.123
linux-image-oem 4.15.0.123.123
linux-image-oracle 4.15.0.1058.47
linux-image-powerpc-e500mc 4.4.0.194.200
linux-image-powerpc-smp 4.4.0.194.200
linux-image-powerpc64-emb 4.4.0.194.200
linux-image-powerpc64-smp 4.4.0.194.200
linux-image-virtual 4.4.0.194.200
linux-image-virtual-hwe-16.04 4.15.0.123.123
Ubuntu 14.04 ESM:
linux-image-3.13.0-183-generic 3.13.0-183.234
linux-image-3.13.0-183-generic-lpae 3.13.0-183.234
linux-image-3.13.0-183-lowlatency 3.13.0-183.234
linux-image-3.13.0-183-powerpc-e500 3.13.0-183.234
linux-image-3.13.0-183-powerpc-e500mc 3.13.0-183.234
linux-image-3.13.0-183-powerpc-smp 3.13.0-183.234
linux-image-3.13.0-183-powerpc64-emb 3.13.0-183.234
linux-image-3.13.0-183-powerpc64-smp 3.13.0-183.234
linux-image-4.4.0-194-generic 4.4.0-194.226~14.04.1
linux-image-4.4.0-194-generic-lpae 4.4.0-194.226~14.04.1
linux-image-4.4.0-194-lowlatency 4.4.0-194.226~14.04.1
linux-image-4.4.0-194-powerpc-e500mc 4.4.0-194.226~14.04.1
linux-image-4.4.0-194-powerpc-smp 4.4.0-194.226~14.04.1
linux-image-4.4.0-194-powerpc64-emb 4.4.0-194.226~14.04.1
linux-image-4.4.0-194-powerpc64-smp 4.4.0-194.226~14.04.1
linux-image-generic 3.13.0.183.192
linux-image-generic-lpae 3.13.0.183.192
linux-image-generic-lpae-lts-xenial 4.4.0.194.170
linux-image-generic-lts-xenial 4.4.0.194.170
linux-image-generic-pae 3.13.0.183.192
linux-image-highbank 3.13.0.183.192
linux-image-lowlatency 3.13.0.183.192
linux-image-lowlatency-lts-xenial 4.4.0.194.170
linux-image-lowlatency-pae 3.13.0.183.192
linux-image-omap 3.13.0.183.192
linux-image-powerpc-e500 3.13.0.183.192
linux-image-powerpc-e500mc 3.13.0.183.192
linux-image-powerpc-e500mc-lts-xenial 4.4.0.194.170
linux-image-powerpc-smp 3.13.0.183.192
linux-image-powerpc-smp-lts-xenial 4.4.0.194.170
linux-image-powerpc64-emb 3.13.0.183.192
linux-image-powerpc64-emb-lts-xenial 4.4.0.194.170
linux-image-powerpc64-smp 3.13.0.183.192
linux-image-powerpc64-smp-lts-xenial 4.4.0.194.170
linux-image-server 3.13.0.183.192
linux-image-virtual 3.13.0.183.192
linux-image-virtual-lts-xenial 4.4.0.194.170
Ubuntu 12.04 ESM:
linux-image-3.13.0-183-generic 3.13.0-183.234~12.04.1
linux-image-3.13.0-183-generic-lpae 3.13.0-183.234~12.04.1
linux-image-3.13.0-183-lowlatency 3.13.0-183.234~12.04.1
linux-image-generic-lpae-lts-trusty 3.13.0.183.169
linux-image-generic-lts-trusty 3.13.0.183.169
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4627-1
CVE-2020-8694
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.4.0-53.59
https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1029.31
https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1029.31
https://launchpad.net/ubuntu/+source/linux/4.15.0-123.126
https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1087.100
https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1029.31~18.04.1
https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1073.78
https://launchpad.net/ubuntu/+source/linux-gke-5.3/5.3.0-1039.42
https://launchpad.net/ubuntu/+source/linux-hwe/5.3.0-69.65
https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-53.59~18.04.1
https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1101.112
https://launchpad.net/ubuntu/+source/linux-oem-osp1/5.0.0-1071.77
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1058.64
https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1029.31~18.04.1
https://launchpad.net/ubuntu/+source/linux/4.4.0-194.226
https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1087.100~16.04.1
https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-123.126~16.04.1
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1058.64~16.04.1
--R3G7APHDIzY6R/pk
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl+rUSEACgkQLwmejQBe
gfRZqQ//R3h8/i7zHY+9D3O0r+RbGDRMe34LRSQI38KiJ3isihOmt2RSZVMTrxY7
+ZDV1jVzVq2glMq9k69r3IfIa50NeriUXNjUj38I2gSjI+VjmZm1vjAWEepCPTHY
7xoq61kKB+oaw2y3jZJQprCIfYBpaBlCGX7bThEDXtaQ+ToA1+sraLB5ZygDlFsV
soV6nsSuHmYlqEGcfjsF6QwrDtsQpT7j+Wy+o4K8RNMHgRn5olkPYddgptE5jJlt
0wQIifcz5x9e7RJtedK6B2/mOKG69L7zZgYa7balztjeQ1DmG4udWj01bUwtVUKF
AgsqAmYCeggX6coWT25b1Im7/Qo6voP40BAbvFDRPxkC0lXu6dIasGUYMDfpl8ek
K7b6sQwwFQOJKvNW0bfLThhpdSkK4z1VZJ7I2hHCL2tcDBsO5LaEjXbHe1lfRN6n
zgcG4vHdHsa1/TwVZa9mNe9H197/gcHmvP0LMtJ1CspoG21/WP5Xlijc+fy9wm1m
XQvdaL1sqGvZJZlQ5aNDCmZpJyok8as10ttN8mcYGM6jLT9e1Y5Es31QDiygZclb
JPysMlKC7Elu/PJ7RNGIgz5KzCOKPqJ8V1XAgAg1hhE9ozAio9XJ4aQ/KXPjtTNl
02oqzVjSkfmPNgQYLqbBIRS80a0T5Feg2htSe1RKQoj5KV4FuAg=
=0Z5T
-----END PGP SIGNATURE-----
--R3G7APHDIzY6R/pk--
--===============7149488797283357281==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|
