drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Linux (Aktualisierung)
Name: |
Mehrere Probleme in Linux (Aktualisierung) |
|
ID: |
USN-3718-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 LTS |
|
Datum: |
Mo, 23. Juli 2018, 21:25 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7755
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1095 |
|
Applikationen: |
Linux |
|
Update von: |
Mehrere Probleme in Linux |
|
Originalnachricht |
--===============3956661822830040683== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Fba/0zbH8Xs+Fj9o" Content-Disposition: inline
--Fba/0zbH8Xs+Fj9o Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-3718-2 July 21, 2018
linux-hwe, linux-azure, linux-gcp regression ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
A regression that caused boot failures was fixed in the Linux kernel.
Software Description: - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-hwe: Linux hardware enablement (HWE) kernel
Details:
USN-3695-2 fixed vulnerabilities in the Linux Hardware Enablement Kernel (HWE) kernel for Ubuntu 16.04 LTS. Unfortunately, the fix for CVE-2018-1108 introduced a regression where insufficient early entropy prevented services from starting, leading in some situations to a failure to boot, This update addresses the issue.
We apologize for the inconvenience.
Original advisory details:
Jann Horn discovered that the Linux kernel's implementation of random seed data reported that it was in a ready state before it had gathered sufficient entropy. An attacker could use this to expose sensitive information. (CVE-2018-1108)
Wen Xu discovered that the ext4 file system implementation in the Linux kernel did not properly initialize the crc32c checksum driver. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1094)
It was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-10940)
Wen Xu discovered that the ext4 file system implementation in the Linux kernel did not properly validate xattr sizes. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1095)
Jann Horn discovered that the 32 bit adjtimex() syscall implementation for 64 bit Linux kernels did not properly initialize memory returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-11508)
It was discovered that an information leak vulnerability existed in the floppy driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-7755)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: linux-image-4.15.0-1014-gcp 4.15.0-1014.14~16.04.1 linux-image-4.15.0-1018-azure 4.15.0-1018.18~16.04.1 linux-image-4.15.0-29-generic 4.15.0-29.31~16.04.1 linux-image-4.15.0-29-generic-lpae 4.15.0-29.31~16.04.1 linux-image-4.15.0-29-lowlatency 4.15.0-29.31~16.04.1 linux-image-azure 4.15.0.1018.24 linux-image-gcp 4.15.0.1014.26 linux-image-generic-hwe-16.04 4.13.0.45.64 linux-image-generic-lpae-hwe-16.04 4.13.0.45.64 linux-image-gke 4.15.0.1014.26 linux-image-lowlatency-hwe-16.04 4.13.0.45.64
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://usn.ubuntu.com/usn/usn-3718-2 https://usn.ubuntu.com/usn/usn-3718-1 https://launchpad.net/bugs/1779827, https://usn.ubuntu.com/usn/usn-3695-2
Package Information: https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1018.18~16.04.1 https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1014.14~16.04.1 https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-29.31~16.04.1
--Fba/0zbH8Xs+Fj9o Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAltSfekACgkQLwmejQBe gfRqxhAAsYm4e+oRDMka2ts4subLfMxb/ctuXeT6yf6SV3cTY89VnN46WYHhZOn4 DtxA37qI22R+G74ggrLopS72n8pmhO/Slwtyw0IsJ4GE3NKOg+mwCaOZcTf87Cka +VAbDdmKLicud6QL4CGPPGcRivNj3SqPQZZ0jvCoK57+2zi5+ofD1nDeeah8Ganv GA2htt/Fke+YZCf30mrWtqGo0TmlRdso4kacKtobtnXyQVwDGVjVLrny9S+DmrFD d9lY6l6sMtj7JnSprbfUC2slK058D1QYWNpfvudA+lPMmTF0CJPTcgCRpFbQ/SQT b9oP8JkgCao4JzWSAsgBX4TDVj16vQF23DgU3tGYpKglLw0ME9jNawgiFMfYAzln oxXjjmPenj8haDCTk/O7ZOcxCwkMHDdCzpGdKtOsjQpUHQWmPozjphShsdh2nhPa gF+QJoplYsxq6EibD5ufwwqGXdcn2/dXJz0lErOJSyLVAGGxJOOqp5bMXqQuZZD/ fHDsvJGwSRLV4Z/zjyBgWIlAuexODJ++lX0SAnL51TtrmNoK+FUiFWUBxB2/eFWj oiFHt2vX53g0YcR1Lv8j4wuqc9bUd7GB34bCAwlmnaBhHiAMP3a5PlMANkx9A9kp PfcuQsiKAmK0Hg/R7USjeUUxJR5fdO6gNXQzU3xUdEKgN73b30M= =xNBv -----END PGP SIGNATURE-----
--Fba/0zbH8Xs+Fj9o--
--===============3956661822830040683== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|