Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Linux (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Linux (Aktualisierung)
ID: USN-3344-2
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 LTS
Datum: Do, 29. Juni 2017, 14:25
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Applikationen: Linux
Update von: Mehrere Probleme in Linux

Originalnachricht


--===============2491842319917221510==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="YZVh52eu0Ophig4D"
Content-Disposition: inline


--YZVh52eu0Ophig4D
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-3344-2
June 29, 2017

linux-lts-xenial vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

USN-3344-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.

USN 3334-1 fixed a vulnerability in the Linux kernel. However, that
fix introduced regressions for some Java applications. This update
addresses the issue. We apologize for the inconvenience.

Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)

A reference count bug was discovered in the Linux kernel ipx protocol
stack. A local attacker could exploit this flaw to cause a denial of
service or possibly other unspecified problems. (CVE-2017-7487)

It was discovered that a double-free vulnerability existed in the IPv4
stack of the Linux kernel. An attacker could use this to cause a denial of
service (system crash). (CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel's IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel's IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)

It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)

It was discovered that the IPv6 stack in the Linux kernel was performing
its over write consistency check after the data was actually overwritten. A
local attacker could exploit this flaw to cause a denial of service (system
crash). (CVE-2017-9242)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-4.4.0-83-generic 4.4.0-83.106~14.04.1
linux-image-4.4.0-83-generic-lpae 4.4.0-83.106~14.04.1
linux-image-4.4.0-83-lowlatency 4.4.0-83.106~14.04.1
linux-image-4.4.0-83-powerpc-e500mc 4.4.0-83.106~14.04.1
linux-image-4.4.0-83-powerpc-smp 4.4.0-83.106~14.04.1
linux-image-4.4.0-83-powerpc64-emb 4.4.0-83.106~14.04.1
linux-image-4.4.0-83-powerpc64-smp 4.4.0-83.106~14.04.1
linux-image-generic-lpae-lts-xenial 4.4.0.83.68
linux-image-generic-lts-xenial 4.4.0.83.68
linux-image-lowlatency-lts-xenial 4.4.0.83.68
linux-image-powerpc-e500mc-lts-xenial 4.4.0.83.68
linux-image-powerpc-smp-lts-xenial 4.4.0.83.68
linux-image-powerpc64-emb-lts-xenial 4.4.0.83.68
linux-image-powerpc64-smp-lts-xenial 4.4.0.83.68

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://www.ubuntu.com/usn/usn-3344-2
https://www.ubuntu.com/usn/usn-3344-1
https://www.ubuntu.com/usn/usn-3334-1
https://launchpad.net/bugs/1699772
CVE-2017-1000363, CVE-2017-7487, CVE-2017-8890, CVE-2017-9074,
CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-83.106~14.04.1


--YZVh52eu0Ophig4D
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJZVLbbAAoJEC8Jno0AXoH0aP8P/ivtGeS4Tdxh76Wlm2RMyf++
DAJB56vDRkZLgMaHK0+DqrwIc7TP7H8MT7+zUlXBWWshLHrdcoIWUmw8m1BwtJA+
cs45OXkLWJXnoGL3VELsHHi36xBKbNJ5LhFSwVuF9nIhpKygmDTr0bxdVNZfKV3e
bihC1YLIRhzs2uQwreshy0UKHHrfZjQ+sumh8OjpNisJBfAoAUUgmPJVHHq08ra9
aeB2ZOR1A6LdjdAxcioTobTG9k91mMRMblzzEWkpajL/Y6h/ztgdXftNHn7UEqlf
7/hW22U/EEmSLQVKwmvp9ivxBfgW1aLWpBh4BHVycyECImbZMVQ7CaYo7KHZkQ7I
Trlm/AVoy841VxCKya8kB1daazuAonEx289PoJFC8aw1JV9Wi4tIFWKt5PBy/pm4
E26BdWM8t0QGP+81+V+fEKnXqDk986o4oi17bii7uSWS12/ea7o+kVwBLO/uz0MZ
MARRmregxyK7dqUbnVJQFTYjLsrML1q878l7mNNw+q473+dnaX5y3ukdAp+g+XcE
k6BeNyEshRVlZNpSi1zTvyABal7jT0SNl+K4WPrqh0kUBoG08RT4jK69NCP4MmFi
HPpX78cJrZyZPgAsBs4GRs4a9MCr5d3QrHHnK8ZxwNLg6M2dhNsnSYpuHJgY8K4f
mX6k5wqjvdxuD5qaKBFd
=2MwU
-----END PGP SIGNATURE-----

--YZVh52eu0Ophig4D--


--===============2491842319917221510==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============2491842319917221510==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung