Login
Newsletter
Werbung
Sicherheit: Preisgabe von Informationen in Linux (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in Linux (Aktualisierung)
ID: USN-4303-2
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 ESM
Datum: Di, 17. März 2020, 14:41
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2732
Applikationen: Linux
Update von: Preisgabe von Informationen in Linux

Originalnachricht

 

--===============3654138798423389147==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature";
 boundary="c7hkjup166d4FzgN"
Content-Disposition: inline


--c7hkjup166d4FzgN
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-4303-2
March 17, 2020

linux-lts-xenial, linux-aws vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 ESM

Summary:

The system could be made to expose sensitive information.

Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

USN-4303-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 ESM.

Paulo Bonzini discovered that the KVM hypervisor implementation in the
Linux kernel could improperly let a nested (level 2) guest access the
resources of a parent (level 1) guest in certain situations. An attacker
could use this to expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  linux-image-4.4.0-1064-aws      4.4.0-1064.68
  linux-image-4.4.0-176-generic   4.4.0-176.206~14.04.1
  linux-image-4.4.0-176-generic-lpae  4.4.0-176.206~14.04.1
  linux-image-4.4.0-176-lowlatency  4.4.0-176.206~14.04.1
  linux-image-4.4.0-176-powerpc-e500mc  4.4.0-176.206~14.04.1
  linux-image-4.4.0-176-powerpc-smp  4.4.0-176.206~14.04.1
  linux-image-4.4.0-176-powerpc64-emb  4.4.0-176.206~14.04.1
  linux-image-4.4.0-176-powerpc64-smp  4.4.0-176.206~14.04.1
  linux-image-aws                 4.4.0.1064.65
  linux-image-generic-lpae-lts-xenial  4.4.0.176.155
  linux-image-generic-lts-xenial  4.4.0.176.155
  linux-image-lowlatency-lts-xenial  4.4.0.176.155
  linux-image-powerpc-e500mc-lts-xenial  4.4.0.176.155
  linux-image-powerpc-smp-lts-xenial  4.4.0.176.155
  linux-image-powerpc64-emb-lts-xenial  4.4.0.176.155
  linux-image-powerpc64-smp-lts-xenial  4.4.0.176.155
  linux-image-virtual-lts-xenial  4.4.0.176.155

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://usn.ubuntu.com/4303-2
  https://usn.ubuntu.com/4303-1
  CVE-2020-2732


--c7hkjup166d4FzgN
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl5wM+EACgkQLwmejQBe
gfSjTQ//do2PumwBFkStLgCaDmLjuDox5v1aVydGaQv53g458DbX+WsfZ53CDcM4
6mdVHQNneyq9y4s5k5B1km+m8JvE6Bu+Dqt6wcHxNDJSpJcR7FEV1FhlDtGVZQp5
T6BYLXCTc0nE/znyEVpVYWiS+7Eh9Eo75OchxNMPmkJ6p5kBCXgAK2C6RevXTBv4
RpuMbaYdBWkb4wAL2ggNDSZBKi3EEl31j4rQp8KgWWlPo0NC+c+2UEw3NW01gV1e
DJuqMW31ONsLVqZwVnWS+nqwBtOuMDyPl0dxBRSvZe2Z8Ie2e5izP4/gpM3ygf3h
vn6Q4Yu3Da1LwpWeaJartW0S5z4ydbJ2xnsedNgvZrN5dT8++FS10a7mKzSRHqo/
c34yAqTIkfoqx3L7ORfQ6fobkMEnNXosicGJxShjdQ6iee5BXCtJeSHrNDxIqKfv
PehbZ+WaUDNP0ZWZbIvBsLqelfxDtRLXACeJf+gCb5T5TORICLyossbYZILMv5qw
93G5frucBhW0KSsG9XjAeJWLp1B3WTzRAwl7ZvLhAy+e9nKulUHZcHbsVT0aRbkI
HgEnOI+xRMrDaNK3Lday/MPOAxXqER+M38A4r3aC+ZGlLpcyFR63Pa++BQ6Fx8We
kIUP4ju92tsKb19FF7h6c5060diudYnSryVxSDl0z2aJv9iZMA8=
=vR1N
-----END PGP SIGNATURE-----

--c7hkjup166d4FzgN--


--===============3654138798423389147==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung