Sicherheit: Mehrere Probleme in Linux

Lesezeichen hinzufügen

--===============7298596909316232118==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="FUFe+yI/t+r3nyH4"
Content-Disposition: inline

--FUFe+yI/t+r3nyH4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-4901-1
April 06, 2021

linux-lts-trusty vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise
ESM

Details:

Adam Nichols discovered that heap overflows existed in the iSCSI subsystem
in the Linux kernel. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2021-27365)

It was discovered that the LIO SCSI target implementation in the Linux
kernel performed insufficient identifier checking in certain XCOPY
requests. An attacker with access to at least one LUN in a multiple
backstore environment could use this to expose sensitive information or
modify data. (CVE-2020-28374)

Adam Nichols discovered that the iSCSI subsystem in the Linux kernel did
not properly restrict access to iSCSI transport handles. A local attacker
could use this to cause a denial of service or expose sensitive information
(kernel pointer addresses). (CVE-2021-27363)

Adam Nichols discovered that an out-of-bounds read existed in the iSCSI
subsystem in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or expose sensitive information (kernel
memory). (CVE-2021-27364)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
linux-image-3.13.0-185-generic 3.13.0-185.236~12.04.1
linux-image-generic-lts-trusty 3.13.0.185.170

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-4901-1
CVE-2020-28374, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365

--FUFe+yI/t+r3nyH4
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAmBr5AYACgkQLwmejQBe
gfQHTw/9GQDLkbYAxma+mN4gIXsKVatlPQb2RQ9gaUD0CZMvdS1UKNpABRvWRUHn
DFx118Ujx8HPxzBZza8tgHgpMbfiAyOncrLI+U93hpb2piyJgzwRnNGKNGQb7xLO
6l9Abt+6ZEUw4k0g/lChibBncSeqIOUfrq6Z+YSl2RhyQKGa5Uo5z/f7Wqle6j5S
rhYQeXUjvhEKJTM3aFdzzBM/NTc04rerNleE2Dzld/pKT9ECORNBaw5sUIqNl0+B
QjFsmpcG2bmCqIm70rSdDWHlj/N/vftvK9fmiLPhmUpMKjN/YmEQG1jGjVK6kMT2
gOiBKQFSonLBJZMWERj9e3l2l4BbB4J47C9ot7PwqFTogfDxZCSKws2LnPbO6yur
vIoLOHJNL2WojgmaUD20Y8xsKSYoxBUegMsoRGsbJx+RrhiEc3Ll4z7rDMeOofrq
bwHmTcKTL2qCNtfXOPy2qQB5tXeNcy7ANwiUPw3CZiv6Jb/8P0KgxtIBDcxmNUwy
BwOkZNcZf0aUoqrhA9sXXfojSEwUNTC6fGKjthjWyMPLsAA8/iHonu2nAt04gsm2
kn8NDr+gQiY6tNmwpy5f2CszM11OvK3OhHqzglB5qkS3XwqajfJ29riYwXc/sZ5K
CO7X+FnaBVKm9wE7pCjqTnOfWErrXYq5/UYRmiVEWsE7f4osj6k=
=vf8J
-----END PGP SIGNATURE-----

--FUFe+yI/t+r3nyH4--

--===============7298596909316232118==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce