drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Linux
Name: |
Mehrere Probleme in Linux |
|
ID: |
USN-3657-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 17.10 |
|
Datum: |
Mi, 23. Mai 2018, 06:49 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17449 |
|
Applikationen: |
Linux |
|
Originalnachricht |
--===============7288419948002313535== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="cN0A5YokcrYPGsSB" Content-Disposition: inline
--cN0A5YokcrYPGsSB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-3657-1 May 22, 2018
linux-raspi2 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux-raspi2: Linux kernel for Raspberry Pi 2
Details:
It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449)
Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17975)
It was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203)
It was discovered that an infinite loop could occur in the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208)
Silvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.10: linux-image-4.13.0-1020-raspi2 4.13.0-1020.21 linux-image-raspi2 4.13.0.1020.18
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://usn.ubuntu.com/usn/usn-3657-1 CVE-2017-17449, CVE-2017-17975, CVE-2017-18203, CVE-2017-18208, CVE-2018-8822
Package Information: https://launchpad.net/ubuntu/+source/linux-raspi2/4.13.0-1020.21
--cN0A5YokcrYPGsSB Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAlsEproACgkQLwmejQBe gfRDbA/+IxLcf8VySGfiwCRYhwK+S43oVFAZi4PA5DvPRvNBK32SjJewOHraR/8V 7bYEc6+R1oesAbdTZc56kIJyTml3koO5VeYRwhYTTJHaQouuIqwRm0gpW9+NKVOV tJlWIqfsFr/OZ4wMFRu9hjrqO/vWNoHnx97AnGDhUiVOMo9ECH/IUlAqLtORt36d xtD2BJaadss8cTAlLDbzd9UUI5SH5zQU1IU0FcxF9oo0fKHSF2BH+787yfhO1K/y mEHYu98QeQEP/e/fhQGBm0ffMDoC7bMchd58BOgdXJTba726TOaMMh9QwzxKSRLg ZuVkDs0wffu1tahLA0lq3T86tPgUeKHOqRiw79EU9umx5ZrMIwrlleFAZpfofmsA gOScuiiK7SMZpyov9zHKreq+bJeiVp3jtTnlC6ulXLW4oblB5gujsz5pt5oDjGMM ob1opagTAb3Q//DvzsiQeWRiPXpGb3JNSsOVK9wCalCBsV8Elp4EbGZxFZ6AIbY5 q6BQGTim6fWdD+7cepulc+MzTD1dWwMLoLisGGCW6mv0k5mgn/2kEopZU/UmO5lT DNyM6Af6xf3ecTNQzy0IBCb6mcmkKjBTeL3RXEO6172eTpjXWikW6z8xaX/P2k+i JT67gVFKLjgHvu2gStaZOnJQQSJ814ru3ERGx0m9vLFaRPLaIgg= =2GEh -----END PGP SIGNATURE-----
--cN0A5YokcrYPGsSB--
--===============7288419948002313535== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|