Mehrere Probleme in Linux
ID: | USN-1931-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 12.04 LTS |
Datum: | Di, 20. August 2013, 18:35 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2148 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2851 |
Applikationen: | Linux |
Originalnachricht |
|
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --===============6998332006757396758== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enig5F8FF4CEEFAA39C860AA2F48" This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig5F8FF4CEEFAA39C860AA2F48 Content-Type: text/plain; charset=UTF- Content-Transfer-Encoding: quoted-printable ========================================================================== Ubuntu Security Notice USN-1931-1 August 20, 2013 linux-lts-quantal vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS Summary: Several security issues were fixed in the kernel. Software Description: - linux-lts-quantal: Linux hardware enablement kernel from Quantal Details: Chanam Park reported a Null pointer flaw in the Linux kernel's Ceph client. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2013-1059) An information leak was discovered in the Linux kernel's fanotify interface. A local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2148) Jonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning. (CVE-2013-2164) Kees Cook discovered a format string vulnerability in the Linux kernel's disk block layer. A local user with administrator privileges could exploit this flaw to gain kernel privileges. (CVE-2013-2851) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: linux-image-3.5.0-39-generic 3.5.0-39.60~precise1 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. References: http://www.ubuntu.com/usn/usn-1931-1 CVE-2013-1059, CVE-2013-2148, CVE-2013-2164, CVE-2013-2851 Package Information: https://launchpad.net/ubuntu/+source/linux-lts-quantal/3.5.0-39.60~precise1 --------------enig5F8FF4CEEFAA39C860AA2F48 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQIcBAEBCgAGBQJSE2A1AAoJEGVp2FWnRL6TNZgP/AnOmgP50/aD8n8ZxB4nIYdz wFzw7bqc63JhrCFotWzAUpIUJn5XpVYLYFC4EBW+VQYfMoW7QwSsZaJxmk1pnjSv gYogd4xguWJzVnVAzmZNRJJMBbzf2Y+9VhFWH2nlpvAGA0977IXltwR7Ql2wJX7B 7oPTOZ0AYFPygHNm6e4HzoKLGylkhfwnGOPHnfrYzZB1hdq/7SWVE/3taLfZPs3D JTNXehWC/+5xDvtB5e0gPNV1N7K5BAKuVitoBAEtZhhTMskhxzCXrpCEcGVlxxks ZaN8hk/2uQTfKan91VtfvxrZxj5/CgCbT858Hp8VHbjuJ0HQlH90QJDVg9pcUMZE ICE32c/qRHFnvbMTKzpY2AWZFjCMfa38Jin4o2youRfaS6lR40xQBaSRsEjdVbNz LzRq/rOL43vYBgFDUOX9fd6KQAMqmsAToFUAX8La1eGentxZ/SJ7BAwrdUkPFtKH rNzHgB5LjBAJIYJvAMkkXV9D0jwO2Ss3T9Il9xZ/oJpzSXahkjYqkASbzdrl1Gqw 18bXPhHOTdSwo5O+y93hh0W7pNcM8tDvk1jGbrP/QKSoLkfxEoKdhAdmF20eHFMP Ghir5iPbdGzdt+CLI/pWKisAtgQfaNBo5CD/OTgsuG1PEDGgVOHEyEUx/s1KNLVl jb5eyw4LF3L9jqmV5yg9 =ksmf -----END PGP SIGNATURE----- --------------enig5F8FF4CEEFAA39C860AA2F48-- --===============6998332006757396758== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --===============6998332006757396758==-- |