drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in AppArmor (Aktualisierung)
Name: |
Mehrere Probleme in AppArmor (Aktualisierung) |
|
ID: |
USN-4008-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 LTS |
|
Datum: |
Mi, 5. Juni 2019, 23:03 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11815
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11810 |
|
Applikationen: |
AppArmor |
|
Update von: |
Mehrere Probleme in Linux |
|
Originalnachricht |
--===============3181294385384254328== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-q2VPDCumCgqkv/w3f+gt"
--=-q2VPDCumCgqkv/w3f+gt Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-4008-2 June 05, 2019
apparmor update ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several policy updates were made for running under the recently updated Linux kernel.
Software Description: - apparmor: Linux security system
Details:
USN-4008-1 fixed multiple security issues in the Linux kernel. This update provides the corresponding changes to AppArmor policy for correctly operating under the Linux kernel with fixes for CVE-2019-11190. Without these changes, some profile transitions may be unintentionally denied due to missing mmap ('m') rules.
Original advisory details:
Robert Święcki discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid elf binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid elf binary. (CVE-2019-11190) It was discovered that a null pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810) It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11815) Federico Manuel Bento discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid a.out binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid a.out binary. (CVE-2019-11191) As a hardening measure, this update disables a.out support.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: apparmor-profiles 2.10.95-0ubuntu2.11 python3-apparmor 2.10.95-0ubuntu2.11
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/4008-2 https://usn.ubuntu.com/4008-1 CVE-2019-11190
Package Information: https://launchpad.net/ubuntu/+source/apparmor/2.10.95-0ubuntu2.11
--=-q2VPDCumCgqkv/w3f+gt Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEECtyyz6azUy6AZBzSkGeI6zGnN/8FAlz4IfAACgkQkGeI6zGn N/9nuQ/7BNpzhvHhBolYYckriwPtQzVUtONiBL7LbOamkNz5XCoNad0cfaGYZArr 6YO/PihzFZfOG5TMUqE4c1P/qNhmdnuNyiP7mgzARt7rbe6+YLCrMcGBAl15oC9e yAjaW6yAuIa+en4WSdon3yzcj3jDG6tVO00z8D4QHYQOuaPadwL/mNVQP8ojNXtj b8vDEEm4KIfM7VjhmD7HQLvAW7PphieA3FTkaQSCZ8qwtABCY3qNL5yIAbtIGqHT yGaX0TjW3zYTp6KL/b7zavmcbP+t5ynAyhfUnLlhVO1w570NV+6fWPuyecFLsLJE lDy8gu+UUWOgDdhaQiS8tgzVHzHgVEdLrXakaNPLnhntkgW4cY3r5oRdvKgwOfaV TK6P3XHITwlmeFIr2aCoZ8hOl8sNC91npRis0dGHW5Zc9EzvRE7BqYWi11aVeRwl v/psABfNm7Uhg7I2LpyLE0Ebi5hPzwRt59pfs1G7P7hN714mo2AnwDq5yQqWaA+C vl3haWFCAZ4rcdPNiZS4R8PpMLI6yPrmP7DJJaRuNWY5kpKFA6HDNANw5Q6QRngC 1cxImGFU1Sc46yvAAbtY4ZGkLRGhy8o/PE/9YbUfreBiBZWd6XAxjFX+0Gv+TkqN 6upAp4FHkU5+q7phIO0prZiRGNIMx1I2HTcCmx7zud5hJfiRViQ= =W2dk -----END PGP SIGNATURE-----
--=-q2VPDCumCgqkv/w3f+gt--
--===============3181294385384254328== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============3181294385384254328==--
|
|
|
|