Login
Newsletter
Werbung

Sicherheit: Preisgabe von Informationen in Linux (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in Linux (Aktualisierung)
ID: USN-4713-2
Distribution: Ubuntu
Plattformen: Ubuntu 18.04 LTS, Ubuntu 14.04 ESM
Datum: Mi, 10. Februar 2021, 07:09
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28374
Applikationen: Linux
Update von: Preisgabe von Informationen in Linux

Originalnachricht


--===============3683071745214597460==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="JGq01gMRpXZxBGpH"
Content-Disposition: inline


--JGq01gMRpXZxBGpH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-4713-2
February 10, 2021

linux, linux-gke-5.0, linux-gke-5.3, linux-hwe, linux-raspi2-5.3
vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 14.04 ESM

Summary:

The system could allow unintended access to data in some environments.

Software Description:
- linux-gke-5.0: Linux kernel for Google Container Engine (GKE) systems
- linux-gke-5.3: Linux kernel for Google Container Engine (GKE) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
- linux-raspi2-5.3: Linux kernel for Raspberry Pi (V8) systems
- linux: Linux kernel

Details:

It was discovered that the LIO SCSI target implementation in the Linux
kernel performed insufficient identifier checking in certain XCOPY
requests. An attacker with access to at least one LUN in a multiple
backstore environment could use this to expose sensitive information or
modify data.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
linux-image-5.0.0-1051-gke 5.0.0-1051.53
linux-image-5.3.0-1037-raspi2 5.3.0-1037.39
linux-image-5.3.0-1040-gke 5.3.0-1040.43
linux-image-5.3.0-70-generic 5.3.0-70.66
linux-image-5.3.0-70-lowlatency 5.3.0-70.66
linux-image-gke-5.0 5.0.0.1051.35
linux-image-gke-5.3 5.3.0.1040.23
linux-image-gkeop-5.3 5.3.0.70.127
linux-image-raspi2-hwe-18.04 5.3.0.1037.26

Ubuntu 14.04 ESM:
linux-image-3.13.0-184-generic 3.13.0-184.235
linux-image-3.13.0-184-generic-lpae 3.13.0-184.235
linux-image-3.13.0-184-lowlatency 3.13.0-184.235
linux-image-3.13.0-184-powerpc-e500 3.13.0-184.235
linux-image-3.13.0-184-powerpc-e500mc 3.13.0-184.235
linux-image-3.13.0-184-powerpc-smp 3.13.0-184.235
linux-image-3.13.0-184-powerpc64-emb 3.13.0-184.235
linux-image-3.13.0-184-powerpc64-smp 3.13.0-184.235
linux-image-generic 3.13.0.184.193
linux-image-generic-lpae 3.13.0.184.193
linux-image-generic-pae 3.13.0.184.193
linux-image-highbank 3.13.0.184.193
linux-image-lowlatency 3.13.0.184.193
linux-image-lowlatency-pae 3.13.0.184.193
linux-image-omap 3.13.0.184.193
linux-image-powerpc-e500 3.13.0.184.193
linux-image-powerpc-e500mc 3.13.0.184.193
linux-image-powerpc-smp 3.13.0.184.193
linux-image-powerpc64-emb 3.13.0.184.193
linux-image-powerpc64-smp 3.13.0.184.193
linux-image-server 3.13.0.184.193
linux-image-virtual 3.13.0.184.193

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4713-2
https://usn.ubuntu.com/4713-1
CVE-2020-28374

Package Information:
https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1051.53
https://launchpad.net/ubuntu/+source/linux-gke-5.3/5.3.0-1040.43
https://launchpad.net/ubuntu/+source/linux-hwe/5.3.0-70.66
https://launchpad.net/ubuntu/+source/linux-raspi2-5.3/5.3.0-1037.39


--JGq01gMRpXZxBGpH
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAmAjOOgACgkQLwmejQBe
gfS1eQ//W3uhAHv6TceIhSMYi6ukbGpmA04f+Bu90P0+kY3KyhhM0zrEkvlaMU/J
BVNsxNOLT+/GtJ3sFvy5PVOg03dM4pmj/mGtCTj3c12tiNAPYWgx0eUnt01WGANh
YNySOIH2EO7G4rQ58HinO9LY7KNkXZ2cv5xa8C0wKkWgJoQ8RavfrjEOXQ1dphPf
LRTJ8tsw0nfVBskMpvaurk4p8SHClIfDPMadQq3ErO/Q6W0qFKnjqI/+G/Ofj9lV
iOSg1z5zfKDSTniUAQtW9Nd9CDgUY/87VEbZyaSLtuAiVBmglER1wcV1EpxgsYjV
yNg7JDvBMMMzEOFqaNRFTZNUARIu8V/ZUqJPCRwNP5maHLISES3wATqhvJETm969
YtmexIN2FZVsglWwpKqIgOZBATi1O9ERW6D6E1fiYWJ1eMG8J1JLA4VS5KB7ne6v
ZSWG8qGPs1plZtm1JrzCeZX1/jJ3O3AHBjsT6ubKz3ENJBL9ElCt69NT+pldadKY
TyrGGzjCUtQTH16aIoNuPxsAVx1XeAA4E8DrkWwaiZaQWyI1IV50iiKPIbDYSFNi
Xym+XRwp0brau6FZy8/9B8iKkcSd3Q+d8TUtjYKzGTrF7lcj2iFv78Or+T1PyAHz
SF0+c3qy5h9n5uf1H7H8J32R76CITeQC2FgN2tcMQJF0/TFsvkk=
=weDS
-----END PGP SIGNATURE-----

--JGq01gMRpXZxBGpH--


--===============3683071745214597460==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung