drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Linux
Name: |
Mehrere Probleme in Linux |
|
ID: |
USN-1228-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 11.04 |
|
Datum: |
Mi, 12. Oktober 2011, 14:44 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2695
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2700
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2723
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2928
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3191 |
|
Applikationen: |
Linux |
|
Originalnachricht |
--===============0663236045794000964== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-QWGVxytsurI9+b8Jri1E"
--=-QWGVxytsurI9+b8Jri1E Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1228-1 October 12, 2011
linux-ti-omap4 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
Summary:
Several security issues were fixed in the kernel.
Software Description: - linux-ti-omap4: Linux kernel for OMAP4
Details:
Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776)
Dan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service. (CVE-2011-2213)
Dan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497)
It was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695)
Mauro Carvalho Chehab discovered that the si4713 radio driver did not correctly check the length of memory copies. If this hardware was available, a local attacker could exploit this to crash the system or gain root privileges. (CVE-2011-2700)
Herbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723)
Time Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service. (CVE-2011-2928)
Dan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188)
Darren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.04: linux-image-2.6.38-1209-omap4 2.6.38-1209.16
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1228-1 CVE-2011-1776, CVE-2011-2213, CVE-2011-2497, CVE-2011-2695, CVE-2011-2700, CVE-2011-2723, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191
Package Information: https://launchpad.net/ubuntu/+source/linux-ti-omap4/2.6.38-1209.16
--ÚWGVxytsurI9+b8Jri1E Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJOlYeaAAoJEGVp2FWnRL6TgwYQALS2D7ug4SqWTf03BOxDQ1Tf 4wiTLrBBYN/3pS+gXezES3yvs9Vs8Cr2VEnPDLGcNpkDMqxccTHbaV3GvcawUFlf aIxci6kGUEo5VTVQZLj0p4E66YjUE4OHobEozaAgRdb0msQONC8QDaDjtCmneyov sm4LmgBu/b0v+UOFfWA2RRbmW65zl0XoPA89CwjKiE2PBI7JC0hsYxEAs0H+PH9l RCuLy2yrnm+wguqkWeZ1tEplMk8xswN4bAiloNpqjZ/3nEGtbqUx7FZlYk/gmNSA +o4P4hhilJ9hdcg0PM/JEbSgOQUTGu2BpzAFXbbcE8ieAmeWHlYxuPbksKZPmO/h 5m0NZz427b9xBgmzrLAS23Yw7aBQ0WHGKcDph/VOC6QY3AlUeUzuAznlup3sbntP EyKEWW23v9CCFtk1dRo6RUttDaJbkC5BeORKKoT1Y2cGcCffvGVQCtW/5VuBIXnf xI/fTvfj7PLn/7enlA8yYuEsTGJ5KluteKSUB0zqPSnMGG6hUsqMlBrpl9XKahV9 1jkm4lFscBoA29WL2bZIfg26zshReQltQLaWfKk2qtkpDg1VrSYvg9+qhF/HBZbn 925SR/Hr7/cpLGG7fjhNlvoDw5ckuybTqVROU0PU7tbyx5ZrrMHJRwr0qPrANsf+ mWSCZE+Erk97c3tEW4Yj =ndnc -----END PGP SIGNATURE-----
--=-QWGVxytsurI9+b8Jri1E--
--===============0663236045794000964== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============0663236045794000964==--
|
|
|
|