Sicherheit: Ausführen von Code mit höheren Privilegien in Linux

Lesezeichen hinzufügen

--===============3853859660156322216==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="zaRBsRFn0XYhEU69"
Content-Disposition: inline

--zaRBsRFn0XYhEU69
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-2873-1
January 19, 2016

linux-lts-utopic vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

The system could be made to crash or run programs as an administrator.

Software Description:
- linux-lts-utopic: Linux hardware enablement kernel from Utopic

Details:

Yevgeny Pats discovered that the session keyring implementation in the
Linux kernel did not properly reference count when joining an existing
session keyring. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code with
administrative privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-3.16.0-59-generic 3.16.0-59.79~14.04.1
linux-image-3.16.0-59-generic-lpae 3.16.0-59.79~14.04.1
linux-image-3.16.0-59-lowlatency 3.16.0-59.79~14.04.1
linux-image-3.16.0-59-powerpc-e500mc 3.16.0-59.79~14.04.1
linux-image-3.16.0-59-powerpc-smp 3.16.0-59.79~14.04.1
linux-image-3.16.0-59-powerpc64-emb 3.16.0-59.79~14.04.1
linux-image-3.16.0-59-powerpc64-smp 3.16.0-59.79~14.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
http://www.ubuntu.com/usn/usn-2873-1
CVE-2016-0728

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-utopic/3.16.0-59.79~14.04.1

--zaRBsRFn0XYhEU69
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWnmuYAAoJEC8Jno0AXoH0q5sP/A4p+IUCFJcKpRwprRMlkMCi
GeKBGjM9bEks1t2NSTur9S9G528hFR1ZrC1tjYep7eDjZTUUMcHLrPMKzYjS8r74
DOI2cr6F8Ha2KqvPNYuHUYWsw3gEkBzprRyqA5551UE0MJ2Gn9Jt+x0qFyJh3YQw
PIXIJmtcV/Sw6TWIwc2NnA3bqiCrpBptfFbpuYefMmlHp6LPgl9KGZsWY37iVSZW
yoo0wZmlxduahB3nAT+HH80pY3zebxR6UHwyKwTEmkytAOlBccEjX4+M2SLUQJ/O
pa1GUuWYDaatBD6opnHy5Z5d4TIP7gz521xIBq8kA+0Et7x5SQywzvwvxkUtB1VW
hFSVd2+J8yWKVy3rq7kL7D8H/OOnUNSrapsTY2+JdqHok+tdPyAB1u+XAhqKFhyG
v3FuCxrbWi8I8XDXNkqoZs2kMFUpAIJ1WZ73oOUFdK8sKV83ddrM51ifsa6yGwjE
CUkO6XlM3WOqdDMZ3p9Phng22ZQ97IsJuEYy4Vaa+f0QCga1nwOy5Pk0gIGaOjpq
fN6Y32WPdpmd4UsQR3ssNS2s8rlN2cMcJEJhz4RhIGId7O+X/izUm5+QM8hxO6Yc
qscC/YcVJEoG2avNaDxaqV8iq9J4m5fvJcHEwsj/Ri6a+UCzvprcN3bGsDUGgV7b
FTp4+jIxNzHHMTzbMDFL
=1IZi
-----END PGP SIGNATURE-----

--zaRBsRFn0XYhEU69--

--===============3853859660156322216==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============3853859660156322216==--