drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Linux
Name: |
Mehrere Probleme in Linux |
|
ID: |
USN-4901-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 ESM |
|
Datum: |
Mi, 7. April 2021, 23:17 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27365
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27364
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28374
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27363 |
|
Applikationen: |
Linux |
|
Originalnachricht |
--===============7298596909316232118== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="FUFe+yI/t+r3nyH4" Content-Disposition: inline
--FUFe+yI/t+r3nyH4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-4901-1 April 06, 2021
linux-lts-trusty vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise ESM
Details:
Adam Nichols discovered that heap overflows existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-27365)
It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. (CVE-2020-28374)
Adam Nichols discovered that the iSCSI subsystem in the Linux kernel did not properly restrict access to iSCSI transport handles. A local attacker could use this to cause a denial of service or expose sensitive information (kernel pointer addresses). (CVE-2021-27363)
Adam Nichols discovered that an out-of-bounds read existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2021-27364)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 ESM: linux-image-3.13.0-185-generic 3.13.0-185.236~12.04.1 linux-image-generic-lts-trusty 3.13.0.185.170
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://ubuntu.com/security/notices/USN-4901-1 CVE-2020-28374, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365
--FUFe+yI/t+r3nyH4 Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAmBr5AYACgkQLwmejQBe gfQHTw/9GQDLkbYAxma+mN4gIXsKVatlPQb2RQ9gaUD0CZMvdS1UKNpABRvWRUHn DFx118Ujx8HPxzBZza8tgHgpMbfiAyOncrLI+U93hpb2piyJgzwRnNGKNGQb7xLO 6l9Abt+6ZEUw4k0g/lChibBncSeqIOUfrq6Z+YSl2RhyQKGa5Uo5z/f7Wqle6j5S rhYQeXUjvhEKJTM3aFdzzBM/NTc04rerNleE2Dzld/pKT9ECORNBaw5sUIqNl0+B QjFsmpcG2bmCqIm70rSdDWHlj/N/vftvK9fmiLPhmUpMKjN/YmEQG1jGjVK6kMT2 gOiBKQFSonLBJZMWERj9e3l2l4BbB4J47C9ot7PwqFTogfDxZCSKws2LnPbO6yur vIoLOHJNL2WojgmaUD20Y8xsKSYoxBUegMsoRGsbJx+RrhiEc3Ll4z7rDMeOofrq bwHmTcKTL2qCNtfXOPy2qQB5tXeNcy7ANwiUPw3CZiv6Jb/8P0KgxtIBDcxmNUwy BwOkZNcZf0aUoqrhA9sXXfojSEwUNTC6fGKjthjWyMPLsAA8/iHonu2nAt04gsm2 kn8NDr+gQiY6tNmwpy5f2CszM11OvK3OhHqzglB5qkS3XwqajfJ29riYwXc/sZ5K CO7X+FnaBVKm9wE7pCjqTnOfWErrXYq5/UYRmiVEWsE7f4osj6k= =vf8J -----END PGP SIGNATURE-----
--FUFe+yI/t+r3nyH4--
--===============7298596909316232118== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|