Ausführen beliebiger Kommandos in Linux
ID: | USN-1599-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 12.04 LTS |
Datum: | Di, 9. Oktober 2012, 10:33 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3520 |
Applikationen: | Linux |
Originalnachricht |
|
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --===============6315874636916282543== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enig22D6506A4D1203F0E0CF6FEF" This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig22D6506A4D1203F0E0CF6FEF Content-Type: multipart/mixed; boundary="------------010103020008010707030600" This is a multi-part message in MIME format. --------------010103020008010707030600 Content-Type: text/plain; charset=ISO-8859- Content-Transfer-Encoding: quoted-printable ========================================================================== Ubuntu Security Notice USN-1599-1 October 09, 2012 linux-ti-omap4 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS Summary: The system could be made to run actions or potentially programs as an administrator. Software Description: - linux-ti-omap4: Linux kernel for OMAP4 Details: Pablo Neira Ayuso discovered a flaw in the credentials of netlink messages. An unprivileged local attacker could exploit this by getting a netlink based service, that relies on netlink credentials, to perform privileged actions. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: linux-image-3.2.0-1420-omap4 3.2.0-1420.27 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. References: http://www.ubuntu.com/usn/usn-1599-1 CVE-2012-3520 Package Information: https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.2.0-1420.27 --------------010103020008010707030600 Content-Type: text/plain; charset=UTF-8; name="Attached Message Part" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="Attached Message Part" --------------010103020008010707030600-- --------------enig22D6506A4D1203F0E0CF6FEF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBCgAGBQJQc+AHAAoJEAUvNnAY1cPYSIoP/j4F5eGpfQ8QHD/qxNkKFnTD jvy7MSjsGZ3kve3Yct1ejzLwsl4+h4iAt/s7ZQf1tLlH9f/gvaaTJIpuNDwEG9DK 3eyEe5NukRJ55sf69ZIomyw3xchT1CXI+qsT1S6LOREGQwgrClL9CMOzXvBVb8II 36CaJAneHooXF9E9zgTUmlSZiq0/mRaidSfx9FwKGKdQIHFM/m8ORtvislofNVDq GwFzu9iDLQd9010D2VRxAFUKr2aRfJHEf3lLUIHujsyTy4Wt55+4K5p+avDynHGi /N7+pymWOJL0FSHF/lnJmClGfPRnPdWEX0twBmBP24rfXQ0RW0AbYPTonrhsm6GN E54Wtl+1JScbvKP48+SA0vIReebUtCHNfE73DbBoP7illDftipc5YXuAnNeIAc03 p3dtSUf9YQksVxXJwurM73T1QZ42eI6q0RqKWQ9BlpdOJX0tMsmFCNYPQ1RFoFph 68GmDynn3iJCfsvgs+sAVuBjNzih4NbOSAVzdeDWlyUl9GE1U7PC3B2D42+WO0HT 3zibBXgurG3fYIs9hwh4M0tPntoGk5bs0EsN6RO8dyPzNhY3v2gI9nZlF9ghoZ5H C1USqU3KFewK6p43lVF7Er+SBgCq3WjEqy5h252Y1MNiiCy9HizQsBzfiQsTtXqS mfk08kMWGmONNf3dpjPC =5OC2 -----END PGP SIGNATURE----- --------------enig22D6506A4D1203F0E0CF6FEF-- --===============6315874636916282543== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --===============6315874636916282543==-- |