drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Linux
Name: |
Mehrere Probleme in Linux |
|
ID: |
USN-1704-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS |
|
Datum: |
Di, 22. Januar 2013, 17:36 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4530
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5532 |
|
Applikationen: |
Linux |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --===============2623341602134357546== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enig29607272E0FAAE03E7093E72"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig29607272E0FAAE03E7093E72 Content-Type: multipart/mixed; boundary="------------090904000409020704000009"
This is a multi-part message in MIME format. --------------090904000409020704000009 Content-Type: text/plain; charset=ISO-8859- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1704-1 January 22, 2013
linux-lts-quantal - Linux kernel hardware enablement from Quantal vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description: - linux-lts-quantal: Linux kernel LTS from Quantal
Details:
Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. (CVE-2012-0957)
Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual machine) subsystem's handling of the XSAVE feature. On hosts, using qemu userspace, without the XSAVE feature an unprivileged local attacker could exploit this flaw to crash the system. (CVE-2012-4461)
Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. (CVE-2012-4508)
A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. (CVE-2012-4530)
Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service. (CVE-2012-4565)
A flaw was discovered in the Linux kernel's handling of new hot-plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system. (CVE-2012-5517)
Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating source addresses of netlink packets. An untrusted local user can cause a denial of service by causing hypervkvpd to exit. (CVE-2012-5532)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: linux-image-3.5.0-22-generic 3.5.0-22.34~precise1
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1704-1 CVE-2012-0957, CVE-2012-4461, CVE-2012-4508, CVE-2012-4530, CVE-2012-4565, CVE-2012-5517, CVE-2012-5532
Package Information: https://launchpad.net/ubuntu/+source/linux-lts-quantal/3.5.0-22.34~precise1
--------------090904000409020704000009 Content-Type: text/plain; charset=UTF-8; name="Attached Message Part" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="Attached Message Part"
--------------090904000409020704000009--
--------------enig29607272E0FAAE03E7093E72 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQ/qvsAAoJEAUvNnAY1cPYbLIP/RJufupINRJy9Fj+TfulyqFz bCDMcFGCD+ZmYMJblK5s9RE6GjhUFK+CSpX3gF3ap24ZdWOABCLLE2/+6ocodLov wnmG4/y+uDHhNSXWggBSBRJT7ndUhp0DMW5NhaHld2HigbAurnVGHUfmi0NAhCH9 /tRbWcMqR1B4XoQzNMJ0qhlvdOqxBH/uSSdoIQTGuGu5X8hQBCuUKkOkhyBj2AnC eGc5mVv5beCqtHvauOscWl1rLogPPbJpqzXjaSEZe7ZpWDXaUCRCPx9bX7KZ5X/f i9jIOQ1AoctlDGGcR0YwxWCITGnyzrTlo0PU66+58bQVQWV7BHpRZrLP8McJ40QE Fi8X2bz8SMhITMEdqWLl42ZXCONokNYq7GYXXFhcgDKGFPLLFY5tORiezwpBOVv8 3oESdkoU2/M+AkBM/2UhHUnzEnl2OJGU/j3Tw2rvXO6+ZoEMrZJ4AldEF7WBS2d6 gs7h4ZvRbUPnAQp+KrnfYwawJKUjS5eQwMFQEgGj3UW8Jj40iRNDF/Yn0NG14fce fZUS07EhBzmXLs24RQL5dhNkGjCgjcS5Ohqcpr7KiY9QrkHE2/jLqzZY1EYIxWf8 /k4hHZU1gdi8pqGLlH4nJoK5SoUtJrnAArjZ1P9wGPCv6khF/hVkuwwC/mzeLvQu YA+QYVWGJRurzmL/U9Zb =SHt/ -----END PGP SIGNATURE-----
--------------enig29607272E0FAAE03E7093E72--
--===============2623341602134357546== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============2623341602134357546==--
|
|
|
|