drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Linux
Name: |
Mehrere Probleme in Linux |
|
ID: |
USN-5471-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 22.04 LTS |
|
Datum: |
Do, 9. Juni 2022, 07:35 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1972
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1012
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1836
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21499 |
|
Applikationen: |
Linux |
|
Originalnachricht |
--===============7631720319770375013== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="MFb8oa0AlXh8mT4L" Content-Disposition: inline
--MFb8oa0AlXh8mT4L Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-5471-1 June 08, 2022
linux-oem-5.17 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux-oem-5.17: Linux kernel for OEM systems
Details:
It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. (CVE-2022-21499)
Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1966)
It was discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information. (CVE-2022-1012)
Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel, leading to use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1205)
It was discovered that the Marvell NFC device driver implementation in the Linux kernel did not properly perform memory cleanup operations in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system) or execute arbitrary code. (CVE-2022-1734)
Minh Yuan discovered that the floppy driver in the Linux kernel contained a race condition in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1836)
Ziming Zhang discovered that the netfilter subsystem in the Linux kernel did not properly validate sets with multiple ranged fields. A local attacker could use this to cause a denial of service or execute arbitrary code. (CVE-2022-1972)
Joseph Ravichandran and Michael Wang discovered that the io_uring subsystem in the Linux kernel did not properly initialize data in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-29968)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: linux-image-5.17.0-1011-oem 5.17.0-1011.12 linux-image-oem-22.04 5.17.0.1011.10 linux-image-oem-22.04a 5.17.0.1011.10
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://ubuntu.com/security/notices/USN-5471-1 CVE-2022-1012, CVE-2022-1205, CVE-2022-1734, CVE-2022-1836, CVE-2022-1966, CVE-2022-1972, CVE-2022-21499, CVE-2022-29968
Package Information: https://launchpad.net/ubuntu/+source/linux-oem-5.17/5.17.0-1011.12
--MFb8oa0AlXh8mT4L Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEBAJL1M8q+hI0VIn8jRkUtPPTt5UFAmKgMvgACgkQjRkUtPPT t5XrVA/+MsoqTBmF13aTSjQVG+FnC8rGUeAdqdV3Yw4vr0I47RzcMm7trLLfEweM WIY9upZQfhT4neaeYo+ktUnkiedbYayDn/qyUXreUSBqcjgZNAk07EDTJbilbqAx fp9rRBLAv1/0sLNvDUuemL/9E5Sh+sNF8ADE6iHkREldkVk1bk+Cm+OddPcw2K7V 60byuVa6PhCbHqs/AUUfD8fhNx2L04qAQwmhwO5jhmhTae3zbGIY7JyGNtnEo6w/ PHsPpPoQ76L+FvMajDqvQuSigqWFQsccyPAYkMLlkPF/R7IEExbQSp+1STnWZE0a MDyfQn1y4NtPvqUl0LLvTq1bLQ8pVK/qAn9eWuZKEzxKfdfX5k4a8SlO3zMxWd3M LesnEUZbX8gYw9VvVDVjoeuHnHK/5WXuT8ARIVBmKdw0IMmsDTGDmAg7vvAHwPph us3LM0AUj4JjMaOUgwmt3WF7n7dg3A+D3iB23CQHWPHMIAZi/pDtH088jeINkIh/ Ulic7oaDcXutCwU7DlIcfZMimsw3WmEC3n2hrAC0apekWspHHbu3tUDhOki2vQCJ Lxzqj0V1qQNkCE29CrNiFHs2I5YYif5tE5IGmpJvQmpHP2UBn/uK+GRbpHuoUwLQ YwhnqaCcRJ9+kfI9harrREEhgHGi3Lmxcsd0zP1qElhW0VEDxSQ= =76r3 -----END PGP SIGNATURE-----
--MFb8oa0AlXh8mT4L--
--===============7631720319770375013== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
--===============7631720319770375013==--
|
|
|
|