Preisgabe von Informationen in Linux (Aktualisierung)
ID: | USN-4713-2 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 18.04 LTS, Ubuntu 14.04 ESM |
Datum: | Mi, 10. Februar 2021, 07:09 |
Referenzen: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28374 |
Applikationen: | Linux |
Update von: | Preisgabe von Informationen in Linux |
Originalnachricht |
|
--===============3683071745214597460== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="JGq01gMRpXZxBGpH" Content-Disposition: inline --JGq01gMRpXZxBGpH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline ========================================================================== Ubuntu Security Notice USN-4713-2 February 10, 2021 linux, linux-gke-5.0, linux-gke-5.3, linux-hwe, linux-raspi2-5.3 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 14.04 ESM Summary: The system could allow unintended access to data in some environments. Software Description: - linux-gke-5.0: Linux kernel for Google Container Engine (GKE) systems - linux-gke-5.3: Linux kernel for Google Container Engine (GKE) systems - linux-hwe: Linux hardware enablement (HWE) kernel - linux-raspi2-5.3: Linux kernel for Raspberry Pi (V8) systems - linux: Linux kernel Details: It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: linux-image-5.0.0-1051-gke 5.0.0-1051.53 linux-image-5.3.0-1037-raspi2 5.3.0-1037.39 linux-image-5.3.0-1040-gke 5.3.0-1040.43 linux-image-5.3.0-70-generic 5.3.0-70.66 linux-image-5.3.0-70-lowlatency 5.3.0-70.66 linux-image-gke-5.0 5.0.0.1051.35 linux-image-gke-5.3 5.3.0.1040.23 linux-image-gkeop-5.3 5.3.0.70.127 linux-image-raspi2-hwe-18.04 5.3.0.1037.26 Ubuntu 14.04 ESM: linux-image-3.13.0-184-generic 3.13.0-184.235 linux-image-3.13.0-184-generic-lpae 3.13.0-184.235 linux-image-3.13.0-184-lowlatency 3.13.0-184.235 linux-image-3.13.0-184-powerpc-e500 3.13.0-184.235 linux-image-3.13.0-184-powerpc-e500mc 3.13.0-184.235 linux-image-3.13.0-184-powerpc-smp 3.13.0-184.235 linux-image-3.13.0-184-powerpc64-emb 3.13.0-184.235 linux-image-3.13.0-184-powerpc64-smp 3.13.0-184.235 linux-image-generic 3.13.0.184.193 linux-image-generic-lpae 3.13.0.184.193 linux-image-generic-pae 3.13.0.184.193 linux-image-highbank 3.13.0.184.193 linux-image-lowlatency 3.13.0.184.193 linux-image-lowlatency-pae 3.13.0.184.193 linux-image-omap 3.13.0.184.193 linux-image-powerpc-e500 3.13.0.184.193 linux-image-powerpc-e500mc 3.13.0.184.193 linux-image-powerpc-smp 3.13.0.184.193 linux-image-powerpc64-emb 3.13.0.184.193 linux-image-powerpc64-smp 3.13.0.184.193 linux-image-server 3.13.0.184.193 linux-image-virtual 3.13.0.184.193 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4713-2 https://usn.ubuntu.com/4713-1 CVE-2020-28374 Package Information: https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1051.53 https://launchpad.net/ubuntu/+source/linux-gke-5.3/5.3.0-1040.43 https://launchpad.net/ubuntu/+source/linux-hwe/5.3.0-70.66 https://launchpad.net/ubuntu/+source/linux-raspi2-5.3/5.3.0-1037.39 --JGq01gMRpXZxBGpH Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAmAjOOgACgkQLwmejQBe gfS1eQ//W3uhAHv6TceIhSMYi6ukbGpmA04f+Bu90P0+kY3KyhhM0zrEkvlaMU/J BVNsxNOLT+/GtJ3sFvy5PVOg03dM4pmj/mGtCTj3c12tiNAPYWgx0eUnt01WGANh YNySOIH2EO7G4rQ58HinO9LY7KNkXZ2cv5xa8C0wKkWgJoQ8RavfrjEOXQ1dphPf LRTJ8tsw0nfVBskMpvaurk4p8SHClIfDPMadQq3ErO/Q6W0qFKnjqI/+G/Ofj9lV iOSg1z5zfKDSTniUAQtW9Nd9CDgUY/87VEbZyaSLtuAiVBmglER1wcV1EpxgsYjV yNg7JDvBMMMzEOFqaNRFTZNUARIu8V/ZUqJPCRwNP5maHLISES3wATqhvJETm969 YtmexIN2FZVsglWwpKqIgOZBATi1O9ERW6D6E1fiYWJ1eMG8J1JLA4VS5KB7ne6v ZSWG8qGPs1plZtm1JrzCeZX1/jJ3O3AHBjsT6ubKz3ENJBL9ElCt69NT+pldadKY TyrGGzjCUtQTH16aIoNuPxsAVx1XeAA4E8DrkWwaiZaQWyI1IV50iiKPIbDYSFNi Xym+XRwp0brau6FZy8/9B8iKkcSd3Q+d8TUtjYKzGTrF7lcj2iFv78Or+T1PyAHz SF0+c3qy5h9n5uf1H7H8J32R76CITeQC2FgN2tcMQJF0/TFsvkk= =weDS -----END PGP SIGNATURE----- --JGq01gMRpXZxBGpH-- --===============3683071745214597460== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce |