You are here
Home > Preporuke > Sigurnosni nedostatak u jezgri operacijskog sustava

Sigurnosni nedostatak u jezgri operacijskog sustava

==========================================================================
Ubuntu Security Notice USN-2525-1
March 12, 2015

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 10.04 LTS

Summary:

The system could be made to crash or run programs as an administrator.

Software Description:
– linux: Linux kernel

Details:

It was discovered that the Linux kernel’s Infiniband subsystem did not
properly sanitize its input parameters while registering memory regions
from userspace. A local user could exploit this flaw to cause a denial of
service (system crash) or to potentially gain administrative privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
linux-image-2.6.32-73-386 2.6.32-73.141
linux-image-2.6.32-73-generic 2.6.32-73.141
linux-image-2.6.32-73-generic-pae 2.6.32-73.141
linux-image-2.6.32-73-ia64 2.6.32-73.141
linux-image-2.6.32-73-lpia 2.6.32-73.141
linux-image-2.6.32-73-powerpc 2.6.32-73.141
linux-image-2.6.32-73-powerpc-smp 2.6.32-73.141
linux-image-2.6.32-73-powerpc64-smp 2.6.32-73.141
linux-image-2.6.32-73-preempt 2.6.32-73.141
linux-image-2.6.32-73-server 2.6.32-73.141
linux-image-2.6.32-73-sparc64 2.6.32-73.141
linux-image-2.6.32-73-sparc64-smp 2.6.32-73.141
linux-image-2.6.32-73-versatile 2.6.32-73.141
linux-image-2.6.32-73-virtual 2.6.32-73.141

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2525-1
CVE-2014-8159

Package Information:
https://launchpad.net/ubuntu/+source/linux/2.6.32-73.141

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJVATZHAAoJEAUvNnAY1cPYNIwP/1hn+0mE9kxBB7plKsJ4Bu7U
OjQ4S0tZ0yUVZ0S70wVfO1gRo+8TgGT2mchCCuPW8xVP/h0kkxzd2Hv/rEQZCOHe
5cBegVPB/J+U3HZu0VsAVfJ/utsBSSZl4I0eDYfe/2/X0hSlYTSXXQhkKq3zWnDb
z9JbQMlYUoDnVW41wERlimOpopw2+Z4IYa9cRWEwBZDt1yXLK+dtlpJcIfakwSaU
SlV3feeyqPgi8WHXvzdOhhSKHwGRz1NGSouuTkfQDuaY/iCuiR2p+8LTMgRFggNU
/6dHAw+Z42q5AT81qG9A15y0y2Kv2jBLjazZ5HU4LgXhTnytQ1YE7OJ35PItRDsV
X2omk2fwXBZWRm2yaoJdhjJNoKx0lU677sEdZc7gFdPD+3zMAJKXeuydlCAk/L6H
SM+E2KF5wZuq5F0Vk9fCGOolLKCAfAkz6T1+EYWmLaVB3DPWx6ZhyptZMJaphSLg
oBNjdpEGz3suY4Pc+mQsDBMt/x63ZIKh53KrBduxb84z5Iv6Geeb2XttRNLqhByc
emobkQYBb9xbCmjwU0+zOowkxZObbxb5MjNl0aN0HtdmqajVcfwOg5mIRXDZwalf
H5KkQXQCtlW1jItrwr7XyWwbSJOzrQ01gaOQdf8Ia7Sdunn3YxLuKyHel2XfK8+V
+nyTspWYRT4r8TWWCD5a
=2uQe
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2526-1
March 12, 2015

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 LTS

Summary:

The system could be made to crash or run programs as an administrator.

Software Description:
– linux: Linux kernel

Details:

It was discovered that the Linux kernel’s Infiniband subsystem did not
properly sanitize its input parameters while registering memory regions
from userspace. A local user could exploit this flaw to cause a denial of
service (system crash) or to potentially gain administrative privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.2.0-77-generic 3.2.0-77.114
linux-image-3.2.0-77-generic-pae 3.2.0-77.114
linux-image-3.2.0-77-highbank 3.2.0-77.114
linux-image-3.2.0-77-omap 3.2.0-77.114
linux-image-3.2.0-77-powerpc-smp 3.2.0-77.114
linux-image-3.2.0-77-powerpc64-smp 3.2.0-77.114
linux-image-3.2.0-77-virtual 3.2.0-77.114

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2526-1
CVE-2014-8159

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.2.0-77.114

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJVATZvAAoJEAUvNnAY1cPYFKMP/0B4Q89VVH9KUaRX1uDsSqjQ
zMaQCJbnAMm9hGfv4FRwWTl1kr8fAz9uE7oEXihvFAlouPRa6KVJnx8Q2cBf273O
yVA5cpJAvMJ1Jp8EmiK+jQz0HDepk3gpdGK3bp0+DrWvmMvM18A4CWDkcfpsaIn2
lMZ9iUTIhQCeO/4nsT+yAe4GNzbF6bAB8BkxZxhdLvbEPNLaDOFW12Lg1uR2Hy9+
7OPAAjAWxN/5g5JTfDy9PSHDmolAunzW3n1ZNqkgpXbRUXbExiw3Rk/hhmKVXB3w
esr4rGUk7hvMkGQTN9z7TKX5Cvdnyua3BhLXAQoxlYY3CAhkZhv+e0H019emOdpP
WI5l1FlUJCzsgajsxSTl4ikQawV5N03J73iGt2bnBf+Y84J8jUI5C00iNRtFi+QS
0z++JIed6JIa5fOeHQKqjNaW7o56vdx5G+zzyOkKXT+zqwxalLEZRQ02XetDkfNf
Zo9SgskXREeAENEfHSFzqW2OxAPWOnD7qnGdH2KQaeuX5TolAQvBY51jVLymnvLm
wX2S5kgVbi2hufca4Z62zdKlT0xlU6TZmYBW6KoQ/Wyg00tqjxxwvES81PlpvHoI
dQ0bTJNEHu9UPKp9WWNvuJBAEYj3GdmWorxw/QYz0vWg5dsCFWiWldxIYDMq+5JP
BYsv2TpJu2Ob07WO4d5z
=L9QV
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2527-1
March 12, 2015

linux-lts-trusty vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 LTS

Summary:

The system could be made to crash or run programs as an administrator.

Software Description:
– linux-lts-trusty: Linux hardware enablement kernel from Trusty

Details:

It was discovered that the Linux kernel’s Infiniband subsystem did not
properly sanitize its input parameters while registering memory regions
from userspace. A local user could exploit this flaw to cause a denial of
service (system crash) or to potentially gain administrative privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.13.0-46-generic 3.13.0-46.79~precise1
linux-image-3.13.0-46-generic-lpae 3.13.0-46.79~precise1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2527-1
CVE-2014-8159

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-46.79~precise1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJVATaWAAoJEAUvNnAY1cPYTTkP+QEn3jJ+5WRGCIIaxXVgX95B
u004ZCwidgfVHmoMaRqoQ+jkx2jWFO/auz0yXJZs6w/DbSFTT2MySZH1307EQwkl
7qwptSTxXcmhraese7mDXn2Y1sV6DVo8oUjKX/DXAwiLkEozseZFTIB9GSNX9/h7
fdfGhaqEPyhnGAGu9gfJJzaYZmuSKgh+ML0mhKnAoZ24KRSpDATqXR5kpdY41tvl
gP3blKSqm7itanFpeCVSnoliD9elUun5zuCErhydoKsKNUEa5dIlKNL7j/p9YVZB
/KvI4A4uO824l/cMLm6x/WlOpuT6qs0Xrg3MUFlgNKKv0MNVui1m117MT0Ix8xMW
j5ekvLpp9gQPIuT4HA1EIqkggMS10Teoc3iwXh3btr0IcP+aHNaea7SL1zKS5+q+
1cn99s5V1vs8kmh/lgRBmxRxlkqe8BjU2NYX1iAPYeTSg6eDOtLF0pbqpqY3RFua
TJHBqNhXo3Ss/46J+jQHhrMz4kS9ZCr/rEsBNaRhCQatvEKySbJAbGneyfrTL79y
t3ZVa5Unzqbfc2xuogHHJ8SWaipQ9YztfJYE+BlUAwh9BMmHqqJNsF8eapEwgkEx
O+5WXIuKqmhZcOJcn78SWCutczYtSEs6Ic8Y+iVOXUaVuVY8DaP+LSw5CYjI3vWz
W+74HokTc19MYIt2QR61
=PgWi
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2528-1
March 12, 2015

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

The system could be made to crash or run programs as an administrator.

Software Description:
– linux: Linux kernel

Details:

It was discovered that the Linux kernel’s Infiniband subsystem did not
properly sanitize its input parameters while registering memory regions
from userspace. A local user could exploit this flaw to cause a denial of
service (system crash) or to potentially gain administrative privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-3.13.0-46-generic 3.13.0-46.79
linux-image-3.13.0-46-generic-lpae 3.13.0-46.79
linux-image-3.13.0-46-lowlatency 3.13.0-46.79
linux-image-3.13.0-46-powerpc-e500 3.13.0-46.79
linux-image-3.13.0-46-powerpc-e500mc 3.13.0-46.79
linux-image-3.13.0-46-powerpc-smp 3.13.0-46.79
linux-image-3.13.0-46-powerpc64-emb 3.13.0-46.79
linux-image-3.13.0-46-powerpc64-smp 3.13.0-46.79

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2528-1
CVE-2014-8159

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-46.79

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJVATayAAoJEAUvNnAY1cPYXLYP/AyvFmMw/tWBScM4PAjpdT4C
oqtKigWq2TavQGAgv6Jevi74VCOPWE6PS/J7/wLJ30Gug2ApjyEUqNgBjSboDImd
OYox0Mwvpkyz2C7eOv54pDLvifdELyj8XDEXvaLAH1gSKtZGLEotMJv9ttlVwcmU
2OgeumvT3+mzGRe3ItoebMoFTGGYmKFsVS+8Lud4qsf5Gxkao4Ra7c5q9LkNwMaK
79F+XCZOA4WbSAK66npFuwK7bYwImLRGXnO0c03xqtjcLAlqKP54io/NK1nTc342
YeOJxJ4bBn3ao+i37YfW+gsZbScdkEXcpxHhKYGyVsA9NLYKwCy0XPbRHGBuXL8W
M2vKEL7V3rCmUsNHZ/0ecE6R/brMMtdHl4s0ZE4ofwzk4d/a3fMV7cuo2ZvNBOiX
l/jzQv86/091JJ2WIJ2bZBL2GE9V/eD28pRfiEOr1vJ4IwodDC0oCOXS+HQFCgLg
IPmLvAWxFWI8Tm5A1Wks8ognEeconsl0/vKvnbVJMVjltpG0BZN5B7uhemRbUZle
yGJi108ukI3XFHH428gkUlYRAApYwM1mm/YpQoxyc2X/+tuygj/ZcG/DEynTR56s
OgcAw4ugCEuCHlxbqMbg8VFC4nPC2zOAkOyElOtN0ceXgnIWQf4+4G0mwPI2sOy4
uwCeZ1q+y7yQron9q6+s
=mDK5
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2529-1
March 12, 2015

linux-lts-utopic vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

The system could be made to crash or run programs as an administrator.

Software Description:
– linux-lts-utopic: Linux hardware enablement kernel from Utopic

Details:

It was discovered that the Linux kernel’s Infiniband subsystem did not
properly sanitize its input parameters while registering memory regions
from userspace. A local user could exploit this flaw to cause a denial of
service (system crash) or to potentially gain administrative privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-3.16.0-31-generic 3.16.0-31.43~14.04.1
linux-image-3.16.0-31-generic-lpae 3.16.0-31.43~14.04.1
linux-image-3.16.0-31-lowlatency 3.16.0-31.43~14.04.1
linux-image-3.16.0-31-powerpc-e500mc 3.16.0-31.43~14.04.1
linux-image-3.16.0-31-powerpc-smp 3.16.0-31.43~14.04.1
linux-image-3.16.0-31-powerpc64-emb 3.16.0-31.43~14.04.1
linux-image-3.16.0-31-powerpc64-smp 3.16.0-31.43~14.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2529-1
CVE-2014-8159

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-utopic/3.16.0-31.43~14.04.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJVATbPAAoJEAUvNnAY1cPYs5UP+gM32ZTUL3bauIVfpgXssWYU
OJcN/3Da+E4o61eDSy3cKzkdmFt5OqrQTigHab6aBTUGTb7jz70Hg707ZCMawaB/
/fC38D9iSC+GLc4fW/bTjzycedIZecz6Att2N/oSHp5txTpM+AJOnHytiP5XErYH
E+j2uHp9JUQ8p7uAJ2WfDOr26jFD31xfxWhyZCxsXpaRHpS9CM1kkDwn57C5r2Co
umahEMrDgbc8FLG4mWhMni5pz5YC+v6gVc6Kn4QAqZODpRtfBzQ/r34NSNNZqGkg
uv1MfOUsKB1SUOf4UkzjQXYaSNMiVwhzXz99EqDxl2APPEIy3ReGnGm5nqIYGFMM
bJNYbb3FcSY6niTDWC7sl7OeyfeTkxZA07Eli4kODHXqtLNTxifmQkn7KcglNXMV
dSuzTGGu/9Ve+Ch+w8tCAK3fOn2m9wLzFjPPBmgHah/4FbvME7IBZQrpMxOtpEN1
98iv4VUCyohojV7XQHHYmPHfBCvnqqYruldOP1JcwrdXSnen81AT8iXdkEAApB+M
EsK4pStYsxA/B34qZ3u2Jvn+t6veq2QkBq3b3MbIwjIr4y7a9lU0ie0wH1FpsZgi
269eVgKHZVReqYOmW/VrRsOdDSgGl/7KFdjsu7uda8/ysb5V6j7amg9VJ8qDvt2Q
WiUcxQ50DQ1QnCwW4LRC
=4Ipt
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2530-1
March 12, 2015

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.10

Summary:

The system could be made to crash or run programs as an administrator.

Software Description:
– linux: Linux kernel

Details:

It was discovered that the Linux kernel’s Infiniband subsystem did not
properly sanitize its input parameters while registering memory regions
from userspace. A local user could exploit this flaw to cause a denial of
service (system crash) or to potentially gain administrative privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
linux-image-3.16.0-31-generic 3.16.0-31.43
linux-image-3.16.0-31-generic-lpae 3.16.0-31.43
linux-image-3.16.0-31-lowlatency 3.16.0-31.43
linux-image-3.16.0-31-powerpc-e500mc 3.16.0-31.43
linux-image-3.16.0-31-powerpc-smp 3.16.0-31.43
linux-image-3.16.0-31-powerpc64-emb 3.16.0-31.43
linux-image-3.16.0-31-powerpc64-smp 3.16.0-31.43

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2530-1
CVE-2014-8159

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.16.0-31.43

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJVATbwAAoJEAUvNnAY1cPY2bIQALXJ/I23yCliFLWlKbWpZQXG
+tHRMHeSOYppqbR9MA835YxHlkzdCmuK0ysXosxi/mECxTlGEZuN5/ZIwlmQLWdY
i333OXp7veZ7Jmebd2qUr5e+xYkzeX+tFPB7qNnBye5ALeBtcxk7R+8r3KpOm1X9
LP+m2mWzODcrN82vuIsvADSMfMEA59hbszXoDCvc3jhIEOMbooGQ5cENBujitXDu
0ttEkxyZ/Wk8DgEQNgBkbnHJi0VNr1eKg7vQhQkOhadZgkj8MvrUJEK7DVc44LaA
wXWYcW7XvswkrfGZoB87/EZoucEflS95c9khM0ce7XNoPS2lWmmw8OYMFoOzwDWB
gGqGncx8OniVHZWVQOQ4du+HU/+fhssr4TZEHLFMCpjoPhgsCZXvmlNonWU+anrH
N7W1y1OLPP/TPQyEJidO4YJrMCHcztnqSd1/tBgMGXykxJ2cLCR0EVDuwDsmtv3X
Yms0NeitstEpef8Z3n7yHLXN+Q1qjg5A0bZIFxtzgo8dyyZrNZ5jFGTUs9plkaXH
Gi8u1roNdks8pZMa9zGjequs93dXtfRvnCwZY064YJQ49pguXeCISQnU3pDLUAkQ
w8UMUaxS0ZuUaO8A8PNTasq/i94AdGP1Qkbki5nL4gra82yzl9IN+HoyXcLe6wqS
3ze6SzF1ASmfw590uZ3E
=8HMO
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci u jezgri operacijskog sustava

Otkriveni su sigurnosni nedostaci u jezgri operacijskog sustava Suse. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje napada uskraćivanja usluge, otkrivanje osjetljivih...

Close