drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Linux
Name: |
Mehrere Probleme in Linux |
|
ID: |
USN-6699-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS (Available with Ubuntu Pro) |
|
Datum: |
Di, 19. März 2024, 07:30 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30456
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4921
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24855 |
|
Applikationen: |
Linux |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============8617596008685864120== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------sOzM9d0qqVVGFMMNeqf7UiBl"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------sOzM9d0qqVVGFMMNeqf7UiBl Content-Type: multipart/mixed; boundary="------------KvONF39xKE0ECNMNH7vtUB30"; protected-headers="v1" From: Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com> Reply-To: security@ubuntu.com To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <ce83bc89-4bd4-4664-8f82-d7e082c3c793@canonical.com> Subject: [USN-6699-1] Linux kernel vulnerabilities
--------------KvONF39xKE0ECNMNH7vtUB30 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-6699-1 March 18, 2024
linux vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux: Linux kernel
Details:
Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service (guest crash). (CVE-2023-30456)
It was discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel did not properly handle network packets in certain conditions, leading to a use after free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4921)
It was discovered that a race condition existed in the SCSI Emulex LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF and re-scanning an HBA FCF table, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-24855)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS (Available with Ubuntu Pro): linux-image-3.13.0-197-generic 3.13.0-197.248 linux-image-3.13.0-197-lowlatency 3.13.0-197.248 linux-image-generic 3.13.0.197.207 linux-image-generic-lts-trusty 3.13.0.197.207 linux-image-lowlatency 3.13.0.197.207 linux-image-server 3.13.0.197.207 linux-image-virtual 3.13.0.197.207
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://ubuntu.com/security/notices/USN-6699-1 CVE-2023-30456, CVE-2023-4921, CVE-2024-24855
--------------KvONF39xKE0ECNMNH7vtUB30--
--------------sOzM9d0qqVVGFMMNeqf7UiBl Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmX42P4FAwAAAAAACgkQZ0GeRcM5nt2A 6wf8C5ypivlfWrdRquPkEXhEJQZDaYvmZotf1F3nukxumV5ZS6yAijRekR2zBs8dn21juvN9QXNk S+kw+loWzLWk5aGHb0XihU5VJgRgiC6sMkR3Z9GEL8nsY7U1renqDfzIbGFKsU4a0G0VsyIJtD3O RVFijt2N+N8IdBzPGcJcCETxXoUmwhsm6vdo6T1BTwk/Tci4OzNlhwOdhRA59Sb//2dhmBSUWdEJ nhLB1MB3zqbh4n/c3dXyj4aBS15a4mvRo8YHUcwrDi4/tlN2Ez6/nQOAFx2riJ5u6FQ/ZadBQjQP 7ASW8p5fRCZD4pw2DtZCn4QZRe7TQ+jRrvUCAJBDNg== =JpJR -----END PGP SIGNATURE-----
--------------sOzM9d0qqVVGFMMNeqf7UiBl--
--===============8617596008685864120== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============8617596008685864120==--
|
|
|
|