drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in Linux (Aktualisierung)
Name: |
Preisgabe von Informationen in Linux (Aktualisierung) |
|
ID: |
USN-4303-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 ESM |
|
Datum: |
Di, 17. März 2020, 14:41 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2732 |
|
Applikationen: |
Linux |
|
Update von: |
Preisgabe von Informationen in Linux |
|
Originalnachricht |
--===============3654138798423389147== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="c7hkjup166d4FzgN" Content-Disposition: inline
--c7hkjup166d4FzgN Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-4303-2 March 17, 2020
linux-lts-xenial, linux-aws vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
Summary:
The system could be made to expose sensitive information.
Software Description: - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
USN-4303-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM.
Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested (level 2) guest access the resources of a parent (level 1) guest in certain situations. An attacker could use this to expose sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: linux-image-4.4.0-1064-aws 4.4.0-1064.68 linux-image-4.4.0-176-generic 4.4.0-176.206~14.04.1 linux-image-4.4.0-176-generic-lpae 4.4.0-176.206~14.04.1 linux-image-4.4.0-176-lowlatency 4.4.0-176.206~14.04.1 linux-image-4.4.0-176-powerpc-e500mc 4.4.0-176.206~14.04.1 linux-image-4.4.0-176-powerpc-smp 4.4.0-176.206~14.04.1 linux-image-4.4.0-176-powerpc64-emb 4.4.0-176.206~14.04.1 linux-image-4.4.0-176-powerpc64-smp 4.4.0-176.206~14.04.1 linux-image-aws 4.4.0.1064.65 linux-image-generic-lpae-lts-xenial 4.4.0.176.155 linux-image-generic-lts-xenial 4.4.0.176.155 linux-image-lowlatency-lts-xenial 4.4.0.176.155 linux-image-powerpc-e500mc-lts-xenial 4.4.0.176.155 linux-image-powerpc-smp-lts-xenial 4.4.0.176.155 linux-image-powerpc64-emb-lts-xenial 4.4.0.176.155 linux-image-powerpc64-smp-lts-xenial 4.4.0.176.155 linux-image-virtual-lts-xenial 4.4.0.176.155
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://usn.ubuntu.com/4303-2 https://usn.ubuntu.com/4303-1 CVE-2020-2732
--c7hkjup166d4FzgN Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl5wM+EACgkQLwmejQBe gfSjTQ//do2PumwBFkStLgCaDmLjuDox5v1aVydGaQv53g458DbX+WsfZ53CDcM4 6mdVHQNneyq9y4s5k5B1km+m8JvE6Bu+Dqt6wcHxNDJSpJcR7FEV1FhlDtGVZQp5 T6BYLXCTc0nE/znyEVpVYWiS+7Eh9Eo75OchxNMPmkJ6p5kBCXgAK2C6RevXTBv4 RpuMbaYdBWkb4wAL2ggNDSZBKi3EEl31j4rQp8KgWWlPo0NC+c+2UEw3NW01gV1e DJuqMW31ONsLVqZwVnWS+nqwBtOuMDyPl0dxBRSvZe2Z8Ie2e5izP4/gpM3ygf3h vn6Q4Yu3Da1LwpWeaJartW0S5z4ydbJ2xnsedNgvZrN5dT8++FS10a7mKzSRHqo/ c34yAqTIkfoqx3L7ORfQ6fobkMEnNXosicGJxShjdQ6iee5BXCtJeSHrNDxIqKfv PehbZ+WaUDNP0ZWZbIvBsLqelfxDtRLXACeJf+gCb5T5TORICLyossbYZILMv5qw 93G5frucBhW0KSsG9XjAeJWLp1B3WTzRAwl7ZvLhAy+e9nKulUHZcHbsVT0aRbkI HgEnOI+xRMrDaNK3Lday/MPOAxXqER+M38A4r3aC+ZGlLpcyFR63Pa++BQ6Fx8We kIUP4ju92tsKb19FF7h6c5060diudYnSryVxSDl0z2aJv9iZMA8= =vR1N -----END PGP SIGNATURE-----
--c7hkjup166d4FzgN--
--===============3654138798423389147== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|