Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in Linux (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Linux (Aktualisierung)
ID: USN-5000-2
Distribution: Ubuntu
Plattformen: Ubuntu 20.04 LTS
Datum: Fr, 25. Juni 2021, 23:40
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31829
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26139
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32399
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24586
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26141
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3506
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3609
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24587
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23134
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24588
Applikationen: Linux
Update von: Mehrere Probleme in Linux

Originalnachricht

 

--===============8275316623260568297==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature";
 boundary="LSqeE9NKgLfAOps9"
Content-Disposition: inline


--LSqeE9NKgLfAOps9
Content-Type: text/plain; charset=utf-8
Content-Disposition: inlin
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-5000-2
June 25, 2021

linux-kvm vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-kvm: Linux kernel for cloud environments

Details:

USN-5000-1 fixed vulnerabilities in the Linux kernel for Ubuntu
20.04 LTS and the Linux HWE kernel for Ubuntu 18.04 LTS. This update
provides the corresponding updates for the Linux KVM kernel for Ubuntu
20.04 LTS.

Norbert Slusarek discovered a race condition in the CAN BCM networking
protocol of the Linux kernel leading to multiple use-after-free
vulnerabilities. A local attacker could use this issue to execute arbitrary
code. (CVE-2021-3609)

Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel
did not properly enforce limits for pointer operations. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-33200)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did
not properly clear received fragments from memory in some situations. A
physically proximate attacker could possibly use this issue to inject
packets or expose sensitive information. (CVE-2020-24586)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation
incorrectly handled encrypted fragments. A physically proximate attacker
could possibly use this issue to decrypt fragments. (CVE-2020-24587)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation
incorrectly handled certain malformed frames. If a user were tricked into
connecting to a malicious server, a physically proximate attacker could use
this issue to inject packets. (CVE-2020-24588)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation
incorrectly handled EAPOL frames from unauthenticated senders. A physically
proximate attacker could inject malicious packets to cause a denial of
service (system crash). (CVE-2020-26139)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did
not properly verify certain fragmented frames. A physically proximate
attacker could possibly use this issue to inject or decrypt packets.
(CVE-2020-26141)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation
accepted plaintext fragments in certain situations. A physically proximate
attacker could use this issue to inject packets. (CVE-2020-26145)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could
reassemble mixed encrypted and plaintext fragments. A physically proximate
attacker could possibly use this issue to inject packets or exfiltrate
selected fragments. (CVE-2020-26147)

Or Cohen discovered that the SCTP implementation in the Linux kernel
contained a race condition in some situations, leading to a use-after-free
condition. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2021-23133)

Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the
nfc implementation in the Linux kernel. A privileged local attacker could
use this issue to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-23134)

Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel
did not properly prevent speculative loads in certain situations. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2021-31829)

It was discovered that a race condition in the kernel Bluetooth subsystem
could lead to use-after-free of slab objects. An attacker could use this
issue to possibly execute arbitrary code. (CVE-2021-32399)

It was discovered that a use-after-free existed in the Bluetooth HCI driver
of the Linux kernel. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2021-33034)

It was discovered that an out-of-bounds (OOB) memory access flaw existed in
the f2fs module of the Linux kernel. A local attacker could use this issue
to cause a denial of service (system crash). (CVE-2021-3506)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  linux-image-5.4.0-1041-kvm      5.4.0-1041.42
  linux-image-kvm                 5.4.0.1041.39

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://ubuntu.com/security/notices/USN-5000-2
  https://ubuntu.com/security/notices/USN-5000-1
  CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139,
  CVE-2020-26141, CVE-2020-26145, CVE-2020-26147, CVE-2021-23133,
  CVE-2021-23134, CVE-2021-31829, CVE-2021-32399, CVE-2021-33034,
  CVE-2021-33200, CVE-2021-3506, CVE-2021-3609

Package Information:
  https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1041.42


--LSqeE9NKgLfAOps9
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAmDWOJsACgkQLwmejQBe
gfTPmxAAo7S+OHXk/6twX2709G2a5IWyAs/CRap2+VBjgPjq8xscxLqhdyThy3Bs
qmWIr9hZH8Gf5juGWg5NS7WF3CYS2QDF99XAuNMPZSfMDbacz7Wmmw2fmziFccHW
UPQ9KtGidXX29t7BvwzUDp0QSP8CsivPxQsgzoABlAmbBZ4WvoRiwzsTh2FT8/bE
TK8lz0TWPQPD1RIfl8rexYktcqiAMew14jUx3g/eUaC2x8/tpVZak6wGs4sWrYiZ
LR2AeACKaEiZMk5mKFAnqXOMOk+v4AioGhixB0PF2r+QUMclmpWHzxjxk9QMho2N
cwndtGdgJ9JoRe26A5ZR5FRIxKOGJ5a8DhLkV2T3pBtHngURfc3E18Q+kFToHd5w
I42akK6pZXXqW2Wp6teOf9QPRWdKcLRKw39XMXVBTg99Rtte/Z7uQgeJqmfitrjv
/QTW7KMb8JAaEKDalWxVVyFuz4PWdev+T6uwnKTla4tZ8D6DRwnrkgOoCTC8WGLN
7NfhheYuDsUys5VirGcdFgYHYZPgxzQ30+t8zZaJ1rX3jHkmp3ATDGlidxWVOoiQ
WsM5vBCs04gaESoSZ3mDkheVVHpHfzLxd3AXRvYXL5BzgS2nvnAA2kmOw20f1qO8
4MdUa0zKR5isD1vObil84XjAYhYEiTmmuRpKlExeFFJ6b+Ax31Q=
=PyQK
-----END PGP SIGNATURE-----

--LSqeE9NKgLfAOps9--


--===============8275316623260568297==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============8275316623260568297==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung