Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in Linux
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Linux
ID: USN-5343-1
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 ESM, Ubuntu 16.04 ESM
Datum: Di, 22. März 2022, 23:40
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38198
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12655
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36322
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45485
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23134
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28972
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29650
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2853
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3506
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34693
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25672
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32399
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3564
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0492
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3483
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3679
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28688
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25673
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20317
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26139
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40490
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36385
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25670
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38204
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45095
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25671
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42008
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45469
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38208
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39648
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3612
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20292
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19449
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2854
Applikationen: Linux

Originalnachricht

 

--===============3188325533395966500==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature";
 boundary="oEKugcru5GBQ9NP8"
Content-Disposition: inline


--oEKugcru5GBQ9NP8
Content-Type: text/plain; charset=utf-8
Content-Disposition: inlin
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-5343-1
March 22, 2022

linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-kvm: Linux kernel for cloud environments
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges. (CVE-2022-0492)

It was discovered that the aufs file system in the Linux kernel did not
properly restrict mount namespaces, when mounted with the non-default
allow_userns option set. A local attacker could use this to gain
administrative privileges. (CVE-2016-2853)

It was discovered that the aufs file system in the Linux kernel did not
properly maintain POSIX ACL xattr data, when mounted with the non-default
allow_userns option. A local attacker could possibly use this to gain
elevated privileges. (CVE-2016-2854)

It was discovered that the f2fs file system in the Linux kernel did not
properly validate metadata in some situations. An attacker could use this
to construct a malicious f2fs image that, when mounted and operated on,
could cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-19449)

It was discovered that the XFS file system implementation in the Linux
kernel did not properly validate meta data in some circumstances. An
attacker could use this to construct a malicious XFS image that, when
mounted, could cause a denial of service. (CVE-2020-12655)

Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the
Linux kernel contained a reference counting error. A local attacker could
use this to cause a denial of service (system crash). (CVE-2020-25670)

Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the
Linux kernel did not properly deallocate memory in certain error
situations. A local attacker could use this to cause a denial of service
(memory exhaustion). (CVE-2020-25671, CVE-2020-25672)

Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the
Linux kernel did not properly handle error conditions in some situations,
leading to an infinite loop. A local attacker could use this to cause a
denial of service. (CVE-2020-25673)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation
incorrectly handled EAPOL frames from unauthenticated senders. A physically
proximate attacker could inject malicious packets to cause a denial of
service (system crash). (CVE-2020-26139)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could
reassemble mixed encrypted and plaintext fragments. A physically proximate
attacker could possibly use this issue to inject packets or exfiltrate
selected fragments. (CVE-2020-26147)

It was discovered that the BR/EDR pin-code pairing procedure in the Linux
kernel was vulnerable to an impersonation attack. A physically proximate
attacker could possibly use this to pair to a device without knowledge of
the pin-code. (CVE-2020-26555)

It was discovered that the bluetooth subsystem in the Linux kernel did not
properly perform access control. An authenticated attacker could possibly
use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129)

It was discovered that the FUSE user space file system implementation in
the Linux kernel did not properly handle bad inodes in some situations. A
local attacker could possibly use this to cause a denial of service.
(CVE-2020-36322)

It was discovered that the Infiniband RDMA userspace connection manager
implementation in the Linux kernel contained a race condition leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possible execute arbitrary code.
(CVE-2020-36385)

It was discovered that the DRM subsystem in the Linux kernel contained
double-free vulnerabilities. A privileged attacker could possibly use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2021-20292)

It was discovered that a race condition existed in the timer implementation
in the Linux kernel. A privileged attacker could use this to cause a denial
of service. (CVE-2021-20317)

Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the
nfc implementation in the Linux kernel. A privileged local attacker could
use this issue to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-23134)

It was discovered that the Xen paravirtualization backend in the Linux
kernel did not properly deallocate memory in some situations. A local
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2021-28688)

It was discovered that the RPA PCI Hotplug driver implementation in the
Linux kernel did not properly handle device name writes via sysfs, leading
to a buffer overflow. A privileged attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2021-28972)

It was discovered that a race condition existed in the netfilter subsystem
of the Linux kernel when replacing tables. A local attacker could use this
to cause a denial of service (system crash). (CVE-2021-29650)

It was discovered that a race condition in the kernel Bluetooth subsystem
could lead to use-after-free of slab objects. An attacker could use this
issue to possibly execute arbitrary code. (CVE-2021-32399)

It was discovered that the CIPSO implementation in the Linux kernel did not
properly perform reference counting in some situations, leading to use-
after-free vulnerabilities. An attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2021-33033)

It was discovered that a use-after-free existed in the Bluetooth HCI driver
of the Linux kernel. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2021-33034)

Asaf Modelevsky discovered that the Intel(R) Ethernet ixgbe driver for the
Linux kernel did not properly validate large MTU requests from Virtual
Function (VF) devices. A local attacker could possibly use this to cause a
denial of service. (CVE-2021-33098)

Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol
implementation in the Linux kernel did not properly initialize memory in
some situations. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2021-34693)

马哲宇 discovered that the IEEE 1394 (Firewire) nosy packet sniffer driver
 in
the Linux kernel did not properly perform reference counting in some
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-3483)

It was discovered that an out-of-bounds (OOB) memory access flaw existed in
the f2fs module of the Linux kernel. A local attacker could use this issue
to cause a denial of service (system crash). (CVE-2021-3506)

It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle HCI device initialization failure, leading to a double-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2021-3564)

It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle HCI device detach events, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2021-3573)

Murray McAllister discovered that the joystick device interface in the
Linux kernel did not properly validate data passed via an ioctl(). A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code on systems with a joystick device
registered. (CVE-2021-3612)

It was discovered that the tracing subsystem in the Linux kernel did not
properly keep track of per-cpu ring buffer state. A privileged attacker
could use this to cause a denial of service. (CVE-2021-3679)

It was discovered that the Virtio console implementation in the Linux
kernel did not properly validate input lengths in some situations. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2021-38160)

It was discovered that the KVM hypervisor implementation in the Linux
kernel did not properly compute the access permissions for shadow pages in
some situations. A local attacker could use this to cause a denial of
service. (CVE-2021-38198)

It was discovered that the MAX-3421 host USB device driver in the Linux
kernel did not properly handle device removal events. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2021-38204)

It was discovered that the NFC implementation in the Linux kernel did not
properly handle failed connect events leading to a NULL pointer
dereference. A local attacker could use this to cause a denial of service.
(CVE-2021-38208)

It was discovered that the configfs interface for USB gadgets in the Linux
kernel contained a race condition. A local attacker could possibly use this
to expose sensitive information (kernel memory). (CVE-2021-39648)

It was discovered that the ext4 file system in the Linux kernel contained a
race condition when writing xattrs to an inode. A local attacker could use
this to cause a denial of service or possibly gain administrative
privileges. (CVE-2021-40490)

It was discovered that the 6pack network protocol driver in the Linux
kernel did not properly perform validation checks. A privileged attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2021-42008)

It was discovered that the ISDN CAPI implementation in the Linux kernel
contained a race condition in certain situations that could trigger an
array out-of-bounds bug. A privileged local attacker could possibly use
this to cause a denial of service or execute arbitrary code.
(CVE-2021-43389)

It was discovered that the Phone Network protocol (PhoNet) implementation
in the Linux kernel did not properly perform reference counting in some
error conditions. A local attacker could possibly use this to cause a
denial of service (memory exhaustion). (CVE-2021-45095)

Wenqing Liu discovered that the f2fs file system in the Linux kernel did
not properly validate the last xattr entry in an inode. An attacker could
use this to construct a malicious f2fs image that, when mounted and
operated on, could cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-45469)

Amit Klein discovered that the IPv6 implementation in the Linux kernel
could disclose internal state in some situations. An attacker could
possibly use this to expose sensitive information. (CVE-2021-45485)

It was discovered that the per cpu memory allocator in the Linux kernel
could report kernel pointers via dmesg. An attacker could use this to
expose sensitive information or in conjunction with another kernel
vulnerability. (CVE-2018-5995)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
  linux-image-4.4.0-1103-kvm      4.4.0-1103.112
  linux-image-4.4.0-1138-aws      4.4.0-1138.152
  linux-image-4.4.0-222-generic   4.4.0-222.255
  linux-image-4.4.0-222-lowlatency  4.4.0-222.255
  linux-image-aws                 4.4.0.1138.143
  linux-image-generic             4.4.0.222.229
  linux-image-kvm                 4.4.0.1103.101
  linux-image-lowlatency          4.4.0.222.229
  linux-image-virtual             4.4.0.222.229

Ubuntu 14.04 ESM:
  linux-image-4.4.0-1102-aws      4.4.0-1102.107
  linux-image-4.4.0-222-generic   4.4.0-222.255~14.04.1
  linux-image-4.4.0-222-lowlatency  4.4.0-222.255~14.04.1
  linux-image-aws                 4.4.0.1102.100
  linux-image-generic-lts-xenial  4.4.0.222.193
  linux-image-lowlatency-lts-xenial  4.4.0.222.193
  linux-image-virtual-lts-xenial  4.4.0.222.193

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://ubuntu.com/security/notices/USN-5343-1
  CVE-2016-2853, CVE-2016-2854, CVE-2018-5995, CVE-2019-19449,
  CVE-2020-12655, CVE-2020-25670, CVE-2020-25671, CVE-2020-25672,
  CVE-2020-25673, CVE-2020-26139, CVE-2020-26147, CVE-2020-26555,
  CVE-2020-26558, CVE-2020-36322, CVE-2020-36385, CVE-2021-0129,
  CVE-2021-20292, CVE-2021-20317, CVE-2021-23134, CVE-2021-28688,
  CVE-2021-28972, CVE-2021-29650, CVE-2021-32399, CVE-2021-33033,
  CVE-2021-33034, CVE-2021-33098, CVE-2021-34693, CVE-2021-3483,
  CVE-2021-3506, CVE-2021-3564, CVE-2021-3573, CVE-2021-3612,
  CVE-2021-3679, CVE-2021-38160, CVE-2021-38198, CVE-2021-38204,
  CVE-2021-38208, CVE-2021-39648, CVE-2021-40490, CVE-2021-42008,
  CVE-2021-43389, CVE-2021-45095, CVE-2021-45469, CVE-2021-45485,
  CVE-2022-0492


--oEKugcru5GBQ9NP8
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEBAJL1M8q+hI0VIn8jRkUtPPTt5UFAmI6KWsACgkQjRkUtPPT
t5VzMw/+KYIQldrFSOTyYVI/ChqyZ+O1Nr7NJJRlq/r2UqvfEr8XUieiN9HHK9Yu
wNehOUuquJkQNQ27O1rPnJpNzdeUkkDxI3eRJP6QIii28hG3D6AubU8i9GBUFzTz
JfdIx1nEB6k266gyotfEFv67hNkbXmoE6M2oE89o84hs9reWRZ6puIFOjYqG7wfe
dzgdncOW4Va/Wi/hleFnXsEWryz3RBPpeTZRoSVe8X0CIySoLoyVcV84JNoXBVcc
HCbUReyz/NXw+KFtuiDqiY+7SRYGUkd9ygWs9Cw051z3rDytqgudj326cMcdfxs9
c7tSymSqnl28Jlj8AO/9EFRHUIbbrSuh2MkQukDyWZQrbjMEWxW9UkycdtivxkwO
P3Z8U9PZKQhL+E6/T7sexH7cE4bnHjbU3UcrbcrZTMdfegoRhBkX9eKNaFQaJJ57
ael9ArqrncHyA5UGuD80kiNaCFIpHELvtP36ONvLPiPEGkI+PYw1z+XFMxLsmiez
NWyqbA15j2avaSSD0c031630jyLYHrlLJS427nrA88JQYipjJe+zVs1YHI1u8ixl
mDqrApChSRZxEGi5U9myoFxlpqIqGypP2tGOaL2cG0PAKPfvLxkrMVE4pifLBZjP
U+3ejrI1VoUyxHYXmSbRdzbqCZwTtJTdOHT4lwDSeYHhD16atAc=
=9ZBq
-----END PGP SIGNATURE-----

--oEKugcru5GBQ9NP8--


--===============3188325533395966500==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============3188325533395966500==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung