drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Linux (Aktualisierung)
Name: |
Mehrere Probleme in Linux (Aktualisierung) |
|
ID: |
USN-6704-4 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS |
|
Datum: |
Fr, 29. März 2024, 07:20 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1085
https://launchpad.net/ubuntu/+source/linux-intel-iotg-5.15/5.15.0-1051.57~20.04.1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24855
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32247 |
|
Applikationen: |
Linux |
|
Update von: |
Mehrere Probleme in Linux |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============3806884097428860611== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------Sj4pLAKuLpxS0Gr0fOM84VqI"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------Sj4pLAKuLpxS0Gr0fOM84VqI Content-Type: multipart/mixed; boundary="------------Zv02pW7rIHNW4BbbiSXm5ugU"; protected-headers="v1" From: Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com> Reply-To: security@ubuntu.com To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <cc94dec1-b667-43e8-9504-b0b6c50ee883@canonical.com> Subject: [USN-6704-4] Linux kernel (Intel IoTG) vulnerabilities
--------------Zv02pW7rIHNW4BbbiSXm5ugU Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-6704-4 March 28, 2024
linux-intel-iotg, linux-intel-iotg-5.15 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS - Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux-intel-iotg: Linux kernel for Intel IoT platforms - linux-intel-iotg-5.15: Linux kernel for Intel IoT platforms
Details:
It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-23000)
Quentin Minster discovered that the KSMBD implementation in the Linux kernel did not properly handle session setup requests. A remote attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2023-32247)
Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle element deactivation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-1085)
Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-1086)
It was discovered that a race condition existed in the SCSI Emulex LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF and re-scanning an HBA FCF table, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-24855)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: linux-image-5.15.0-1051-intel-iotg 5.15.0-1051.57 linux-image-intel-iotg 5.15.0.1051.51
Ubuntu 20.04 LTS: linux-image-5.15.0-1051-intel-iotg 5.15.0-1051.57~20.04.1 linux-image-intel 5.15.0.1051.57~20.04.41 linux-image-intel-iotg 5.15.0.1051.57~20.04.41
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://ubuntu.com/security/notices/USN-6704-4 https://ubuntu.com/security/notices/USN-6704-1 CVE-2023-23000, CVE-2023-32247, CVE-2024-1085, CVE-2024-1086, CVE-2024-24855
Package Information: https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1051.57 https://launchpad.net/ubuntu/+source/linux-intel-iotg-5.15/5.15.0-1051.57~20.04.1
--------------Zv02pW7rIHNW4BbbiSXm5ugU--
--------------Sj4pLAKuLpxS0Gr0fOM84VqI Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmYF19AFAwAAAAAACgkQZ0GeRcM5nt0k 7wgAkTPHmQWM+8dPj4UY4hCA0dLab1AjSBy+W8eNYJkQvOKpjxGCWMx3lwRQCYvHhlDq0ozSPbYi W/csWlGNhXixkbB4sxZpMoLhHMP62onMJZjrU5anCiFRhofAtzXmo3zaLNLiFD5+XphjQogspcQ5 ExLgdO5EvKFa1SHNs4y19jaRbRLVPZX7qGcPwuI4+VRwyu+oUBYvHfqKDIChdYXxzPRFAuVp8iRL V/ujTrXGJcmA9wT/FLuWhtzFBy8V98U4BQSqnbck/uR6aPE3iW8MNT3y7Nwf7W11R6s1PP+MT/3V g452CLbzwKdjw9tOrKMajloPZjyk0hyLJvmp562IeQ== =AAVX -----END PGP SIGNATURE-----
--------------Sj4pLAKuLpxS0Gr0fOM84VqI--
--===============3806884097428860611== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============3806884097428860611==--
|
|
|
|