Mehrere Probleme in Linux
ID: | USN-1193-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 11.04 |
Datum: | Sa, 20. August 2011, 10:45 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1581 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2484 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2493 |
Applikationen: | Linux |
Originalnachricht |
|
--===============4456989908745019499== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="/NkBOFFp2J2Af1nK" Content-Disposition: inline --/NkBOFFp2J2Af1nK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline ========================================================================== Ubuntu Security Notice USN-1193-1 August 19, 2011 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.04 Summary: Multiple kernel flaws have been fixed. Software Description: - linux: Linux kernel Details: Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577) Phil Oester discovered that the network bonding system did not correctly handle large queues. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1581) Vasiliy Kulikov discovered that taskstats listeners were not correctly handled. A local attacker could expoit this to exhaust memory and CPU resources, leading to a denial of service. (CVE-2011-2484) Sami Liedes discovered that ext4 did not correctly handle missing root inodes. A local attacker could trigger the mount of a specially crafted filesystem to cause the system to crash, leading to a denial of service. (CVE-2011-2493) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: linux-image-2.6.38-11-generic 2.6.38-11.48 linux-image-2.6.38-11-generic-pae 2.6.38-11.48 linux-image-2.6.38-11-omap 2.6.38-11.48 linux-image-2.6.38-11-powerpc 2.6.38-11.48 linux-image-2.6.38-11-powerpc-smp 2.6.38-11.48 linux-image-2.6.38-11-powerpc64-smp 2.6.38-11.48 linux-image-2.6.38-11-server 2.6.38-11.48 linux-image-2.6.38-11-versatile 2.6.38-11.48 linux-image-2.6.38-11-virtual 2.6.38-11.48 After a standard system update you need to reboot your computer to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1193-1 CVE-2011-1577, CVE-2011-1581, CVE-2011-2484, CVE-2011-2493 Package Information: https://launchpad.net/ubuntu/+source/linux/2.6.38-11.48 --/NkBOFFp2J2Af1nK Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Kees Cook |