Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in Linux
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Linux
ID: USN-2039-1
Distribution: Ubuntu
Plattformen: Ubuntu 12.04 LTS
Datum: Mi, 4. Dezember 2013, 07:44
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2892
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2893
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4350
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4387
Applikationen: Linux

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============1461887746874637138==
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="oDqh52Pwr9iRtirH4fDHjm0vNHIqkFsll"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--oDqh52Pwr9iRtirH4fDHjm0vNHIqkFsll
Content-Type: text/plain; charset=UTF-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-2039-1
December 03, 2013

linux-ti-omap4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-ti-omap4: Linux kernel for OMAP4

Details:

An information leak was discovered in the handling of ICMPv6 Router
Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A
remote attacker could exploit this flaw to cause a denial of service
(excessive retries and address-generation outage), and consequently obtain
sensitive information. (CVE-2013-0343)

A flaw was discovered in the Xen subsystem of the Linux kernel when it
provides read-only access to a disk that supports TRIM or SCSI UNMAP to a
guest OS. A privileged user in the guest OS could exploit this flaw to
destroy data on the disk, even though the guest OS should not be able to
write to the disk. (CVE-2013-2140)

Kees Cook discovered flaw in the Human Interface Device (HID) subsystem of
the Linux kernel. A physically proximate attacker could exploit this flaw
to execute arbitrary code or cause a denial of service (heap memory
corruption) via a specially crafted device that provides an invalid Report
ID. (CVE-2013-2888)

Kees Cook discovered flaw in the Human Interface Device (HID) subsystem
when CONFIG_HID_ZEROPLUS is enabled. A physically proximate attacker could
leverage this flaw to cause a denial of service via a specially crafted
device. (CVE-2013-2889)

Kees Cook discovered a flaw in the Human Interface Device (HID) subsystem
of the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled. A physically
proximate attacker could cause a denial of service (heap out-of-bounds
write) via a specially crafted device. (CVE-2013-2892)

Kees Cook discovered another flaw in the Human Interface Device (HID)
subsystem of the Linux kernel when any of CONFIG_LOGITECH_FF,
CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially
proximate attacker can leverage this flaw to cause a denial of service vias
a specially crafted device. (CVE-2013-2893)

Kees Cook discovered another flaw in the Human Interface Device (HID)
subsystem of the Linux kernel when CONFIG_HID_LOGITECH_DJ is enabled. A
physically proximate attacker could cause a denial of service (OOPS) or
obtain sensitive information from kernel memory via a specially crafted
device. (CVE-2013-2895)

Kees Cook discovered a vulnerability in the Linux Kernel's Human Interface
Device (HID) subsystem's support for N-Trig touch screens. A physically
proximate attacker could exploit this flaw to cause a denial of service
(OOPS) via a specially crafted device. (CVE-2013-2896)

Kees Cook discovered yet another flaw in the Human Interface Device (HID)
subsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is enabled. A
physically proximate attacker could leverage this flaw to cause a denial of
service (OOPS) via a specially crafted device. (CVE-2013-2897)

Kees Cook discovered a flaw in the Human Interface Device (HID) subsystem
of the Linux kernel whe CONFIG_HID_PICOLCD is enabled. A physically
proximate attacker could exploit this flaw to cause a denial of service
(OOPS) via a specially crafted device. (CVE-2013-2899)

Alan Chester reported a flaw in the IPv6 Stream Control Transmission
Protocol (SCTP) of the Linux kernel. A remote attacker could exploit this
flaw to obtain sensitive information by sniffing network traffic.
(CVE-2013-4350)

Dmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6 UDP
Fragmentation Offload (UFO) processing. A remote attacker could leverage
this flaw to cause a denial of service (system crash). (CVE-2013-4387)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
  linux-image-3.2.0-1441-omap4    3.2.0-1441.60

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
  http://www.ubuntu.com/usn/usn-2039-1
  CVE-2013-0343, CVE-2013-2140, CVE-2013-2888, CVE-2013-2889,
  CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896,
  CVE-2013-2897, CVE-2013-2899, CVE-2013-4350, CVE-2013-4387

Package Information:
  https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.2.0-1441.60



--oDqh52Pwr9iRtirH4fDHjm0vNHIqkFsll
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJSnjdIAAoJEAUvNnAY1cPYXtAP/2xrdYgqxtHStf1OjHk6yT9T
PlknYftFQbk/61XcCpAaJwqdDawqnpFLmtEPqXWr9g8V4TLoRljp/kYw6Tdqs7dX
9r3J9pX7z3wHyb23BA0BBSd6c8h5pGS3PxLwWryzkYrV5QW1TQuIqvSBPBAwLu8q
BuCCZLrevH3beIHSwM811K5Pm5yutryFNTXjXUdAh4fAhh6vDwBUEISGnPwVzacd
Y/AgGDvKIF3QXdh5eABnSsSQvBeiY9AQRzPDWXe5vZ2rGcRnw+Xp31ppANueLCFo
NVOXfX1VX0oSo3877TAnlmqVPtrLp4072Nv/yLTUAk3S9zLLvi3nDjfM24PAsud2
Kxmm6s3bvk+xC95/3wwBJPK8C3ZA+98IUbXgKcFws6ve0+MCi0qwzRxiamORRGsO
kEbBRM5WlQODRKPRx+CWABQAU5J+cUgx+AdoD5RfSpodeFbiO2rm2nZq23cHtvMM
pbExUYeFqso7UewDW9kRiJkP8G2Tw/qOwXKzUF6WyG7shV83iZI9IC64CbdOXJLK
S36Kx+xzpSwjFjhv9iM6RGTsNNeaGN6UczKS+QSVrDrNcaBMl3G7/QdDbsJBCXYg
cQciGZnNXdiYWNtG94hc9rYjl8NTH4CpKy9VW6M4Nuf/LtNi8tthu7JGfe0dJaoV
AEb5Av5ptayZNGU7yvkR
=5E3T
-----END PGP SIGNATURE-----

--oDqh52Pwr9iRtirH4fDHjm0vNHIqkFsll--


--===============1461887746874637138==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============1461887746874637138==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung