drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Linux
| Name: |
Mehrere Probleme in Linux |
|
| ID: |
USN-5471-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 22.04 LTS |
|
| Datum: |
Do, 9. Juni 2022, 07:35 |
|
| Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1972
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1012
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1836
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21499 |
|
| Applikationen: |
Linux |
|
Originalnachricht |
--===============7631720319770375013==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="MFb8oa0AlXh8mT4L"
Content-Disposition: inline
--MFb8oa0AlXh8mT4L
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
==========================================================================
Ubuntu Security Notice USN-5471-1
June 08, 2022
linux-oem-5.17 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-oem-5.17: Linux kernel for OEM systems
Details:
It was discovered that the Linux kernel did not properly restrict access to
the kernel debugger when booted in secure boot environments. A privileged
attacker could use this to bypass UEFI Secure Boot restrictions.
(CVE-2022-21499)
Aaron Adams discovered that the netfilter subsystem in the Linux kernel did
not properly handle the removal of stateful expressions in some situations,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-1966)
It was discovered that the IP implementation in the Linux kernel did not
provide sufficient randomization when calculating port offsets. An attacker
could possibly use this to expose sensitive information. (CVE-2022-1012)
Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol
implementation in the Linux kernel, leading to use-after-free
vulnerabilities. A local attacker could possibly use this to cause a denial
of service (system crash). (CVE-2022-1205)
It was discovered that the Marvell NFC device driver implementation in the
Linux kernel did not properly perform memory cleanup operations in some
situations, leading to a use-after-free vulnerability. A local attacker
could possibly use this to cause a denial of service (system) or execute
arbitrary code. (CVE-2022-1734)
Minh Yuan discovered that the floppy driver in the Linux kernel contained a
race condition in some situations, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-1836)
Ziming Zhang discovered that the netfilter subsystem in the Linux kernel
did not properly validate sets with multiple ranged fields. A local
attacker could use this to cause a denial of service or execute arbitrary
code. (CVE-2022-1972)
Joseph Ravichandran and Michael Wang discovered that the io_uring subsystem
in the Linux kernel did not properly initialize data in some situations. A
local attacker could use this to expose sensitive information (kernel
memory). (CVE-2022-29968)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
linux-image-5.17.0-1011-oem 5.17.0-1011.12
linux-image-oem-22.04 5.17.0.1011.10
linux-image-oem-22.04a 5.17.0.1011.10
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-5471-1
CVE-2022-1012, CVE-2022-1205, CVE-2022-1734, CVE-2022-1836,
CVE-2022-1966, CVE-2022-1972, CVE-2022-21499, CVE-2022-29968
Package Information:
https://launchpad.net/ubuntu/+source/linux-oem-5.17/5.17.0-1011.12
--MFb8oa0AlXh8mT4L
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEBAJL1M8q+hI0VIn8jRkUtPPTt5UFAmKgMvgACgkQjRkUtPPT
t5XrVA/+MsoqTBmF13aTSjQVG+FnC8rGUeAdqdV3Yw4vr0I47RzcMm7trLLfEweM
WIY9upZQfhT4neaeYo+ktUnkiedbYayDn/qyUXreUSBqcjgZNAk07EDTJbilbqAx
fp9rRBLAv1/0sLNvDUuemL/9E5Sh+sNF8ADE6iHkREldkVk1bk+Cm+OddPcw2K7V
60byuVa6PhCbHqs/AUUfD8fhNx2L04qAQwmhwO5jhmhTae3zbGIY7JyGNtnEo6w/
PHsPpPoQ76L+FvMajDqvQuSigqWFQsccyPAYkMLlkPF/R7IEExbQSp+1STnWZE0a
MDyfQn1y4NtPvqUl0LLvTq1bLQ8pVK/qAn9eWuZKEzxKfdfX5k4a8SlO3zMxWd3M
LesnEUZbX8gYw9VvVDVjoeuHnHK/5WXuT8ARIVBmKdw0IMmsDTGDmAg7vvAHwPph
us3LM0AUj4JjMaOUgwmt3WF7n7dg3A+D3iB23CQHWPHMIAZi/pDtH088jeINkIh/
Ulic7oaDcXutCwU7DlIcfZMimsw3WmEC3n2hrAC0apekWspHHbu3tUDhOki2vQCJ
Lxzqj0V1qQNkCE29CrNiFHs2I5YYif5tE5IGmpJvQmpHP2UBn/uK+GRbpHuoUwLQ
YwhnqaCcRJ9+kfI9harrREEhgHGi3Lmxcsd0zP1qElhW0VEDxSQ=
=76r3
-----END PGP SIGNATURE-----
--MFb8oa0AlXh8mT4L--
--===============7631720319770375013==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
--===============7631720319770375013==--
|
|
|
|
