You are here
Home > Preporuke > Ranjivosti jezgre operacijskog sustava

Ranjivosti jezgre operacijskog sustava

==========================================================================
Ubuntu Security Notice USN-2752-1
September 29, 2015

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 15.04

Summary:

Several security issues were fixed in the kernel.

Software Description:
– linux: Linux kernel

Details:

Benjamin Randazzo discovered an information leak in the md (multiple
device) driver when the bitmap_info.file is disabled. A local privileged
attacker could use this to obtain sensitive information from the kernel.
(CVE-2015-5697)

Marc-Andr� Lureau discovered that the vhost driver did not properly
release the userspace provided log file descriptor. A privileged attacker
could use this to cause a denial of service (resource exhaustion).
(CVE-2015-6252)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
linux-image-3.19.0-30-generic 3.19.0-30.33
linux-image-3.19.0-30-generic-lpae 3.19.0-30.33
linux-image-3.19.0-30-lowlatency 3.19.0-30.33
linux-image-3.19.0-30-powerpc-e500mc 3.19.0-30.33
linux-image-3.19.0-30-powerpc-smp 3.19.0-30.33
linux-image-3.19.0-30-powerpc64-emb 3.19.0-30.33
linux-image-3.19.0-30-powerpc64-smp 3.19.0-30.33

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2752-1
CVE-2015-5697, CVE-2015-6252

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.19.0-30.33

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJWClwoAAoJEC8Jno0AXoH0u8oP/jPc+HtZDShpxKTaSuL8wIG/
KymuiYs+PFmURmd5Dkam5l1b9fB2OedtFx9HD3NYwI7c11+0DvjQCN9OFW4yQDgg
Q+8DQBnNnd0ZgET6grBBswJDFhHTumwwGesq49EnGsP/4LJP9+aKLk/kJxb4jXUs
BkEvMoRfYR5JbjAkKrdzCTQ/rrNM6qwgJ18e19NdpVQ1YDDNx8kj0GgZ1peazuxD
7VEcx9xuRJuWjfO/t5ZaAzmIc5KxK1tJa7ORzLsj39dcNM7VKWM8b1JnvPZgaFzm
KTt2+pInieAP1VCIHtlIBOYruYUFmKGbZwB0bYZcPRNHrR9Urw7YLzVq6QVij7Po
qrEl3eLLBSbUlHV63skVa5THPCFAdXNoyJgQjKnsyPlMd28f/eTEv1nVNQ3t80nu
iLVO52wHLRD0qCck4wMeM5AmkMtUo+6+TBiI2JQKcut6trDFLSG/CV5IAJ/DMLNU
httzP8j4ENGLQkbeAuStvcRbCE9W0X+gwkptHYJAVhar3jJLh0tYaBMkXNyVR0ws
57mAWSQpwDVazStYoUEbhlgvxZuFREmj6KPwHdhk08zkCQBDxAZ6oEvylOs/B+f8
8nbtBdcaYlZpA9RZnvkKUagQiJwtW7aGoxZfSAe2v3o4sqkJjPC9QqcVBjKbhXao
l82WvmujYq1bWjY/DfWH
=/YRj
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2751-1
September 29, 2015

linux-lts-vivid vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
– linux-lts-vivid: Linux hardware enablement kernel from Vivid

Details:

Benjamin Randazzo discovered an information leak in the md (multiple
device) driver when the bitmap_info.file is disabled. A local privileged
attacker could use this to obtain sensitive information from the kernel.
(CVE-2015-5697)

Marc-Andr� Lureau discovered that the vhost driver did not properly
release the userspace provided log file descriptor. A privileged attacker
could use this to cause a denial of service (resource exhaustion).
(CVE-2015-6252)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-3.19.0-30-generic 3.19.0-30.33~14.04.1
linux-image-3.19.0-30-generic-lpae 3.19.0-30.33~14.04.1
linux-image-3.19.0-30-lowlatency 3.19.0-30.33~14.04.1
linux-image-3.19.0-30-powerpc-e500mc 3.19.0-30.33~14.04.1
linux-image-3.19.0-30-powerpc-smp 3.19.0-30.33~14.04.1
linux-image-3.19.0-30-powerpc64-emb 3.19.0-30.33~14.04.1
linux-image-3.19.0-30-powerpc64-smp 3.19.0-30.33~14.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2751-1
CVE-2015-5697, CVE-2015-6252

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-vivid/3.19.0-30.33~14.04.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJWClwcAAoJEC8Jno0AXoH0J6MP/3RehRkaOLjpEtvwb2hysl4f
g1Gwl6gja1XdkY0uWGN6GN2dPWDps02BLVOWJh887YR/T+4Tb4dL49XrlBzxfiHD
CgY9HLxrx4QyEUFZMhvH0Yu/ZWqTsWgVReTzk9PeGs+CNnjoy9IPGDzp4VkiY9XB
J/plorSTDfSsiSkUStltlPOlNlXyMcwCUQ5frEoywr42Imqp+sKpBqLrbVjD3QKe
UfqnZ+1CrjO2iCsXHJqiHVLnX7gxrsAMXY+NYEv+/sEddmotkCBuYWQwtMb6DK6Y
CDyCTZTYCayeZQUIm5DuPKbW6PCCXyfJVkf9Po4AqOXNqyMcz9i0qqYCiW2ehXhF
xqC4Y4UDIOYnhEaSG5jTAI4Kz3hLM5yxqYjM8MgucjGBp+V2GHpgurrmLOX+EUXe
ORyMOVHNeAkryajD6m0mvEdyH8b90MmE4FxWjmhSc9e2pXjU1tNZzY3ccdJb8511
1h+uJ81EpTnrvcC0hnbrkLVhYgo7YKZ+KI/u8+rboyFSyoX1siksvTg18Gsk9kJN
7q78xFtJODu2eni9/Lb4ExJsceMEjp0IJgsdTECAW2H00w4Yi3zIGnmOvYN1FnUE
4glsCYK24Aas+PRy1TQdQ9DVvV+tEWFXLQ46EM/axkLFHMqA6t1r4N/RYhFPJxvM
EwGiuAQ1G4ENX96J8Kha
=FV/2
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2749-1
September 29, 2015

linux-lts-trusty vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
– linux-lts-trusty: Linux hardware enablement kernel from Trusty

Details:

Benjamin Randazzo discovered an information leak in the md (multiple
device) driver when the bitmap_info.file is disabled. A local privileged
attacker could use this to obtain sensitive information from the kernel.
(CVE-2015-5697)

Marc-Andr� Lureau discovered that the vhost driver did not properly
release the userspace provided log file descriptor. A privileged attacker
could use this to cause a denial of service (resource exhaustion).
(CVE-2015-6252)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.13.0-65-generic 3.13.0-65.105~precise1
linux-image-3.13.0-65-generic-lpae 3.13.0-65.105~precise1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2749-1
CVE-2015-5697, CVE-2015-6252

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-65.105~precise1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJWClwEAAoJEC8Jno0AXoH0SFwP/0j9fAwnMBrBUV+85yeU7ZKd
BtZMP2jcPODCHPt488uV5LEI8cJPsCBm16xN4Zbe9jtsEw6/jNc3UtpXS92jMuPi
rV2ReAadyn92OFXw2gjdu31CtabsYJKhLdpVF76bZlMhT47OHxcCbpwOpKIbASa8
gZhyMHZToH6XCxqosb6vaGErijyQhcoKSY8AU4xmrAdqBlQQOeS5DxqCkH0qW8xG
BvAxJ7a8HL+kKzf8ES2X1qR1+tAssO7kmQyu/Wr1j67iG++CUnUzSHtP8O97lTkI
qgCHEjQT3rQw9lwNcP1GCHydbvfxvocboQKQm2kWCLPOaznXqcK5utGB36FHQD3W
pSsaY/moHstPeRO2n8QrX/aZ+maIi0CPPTsDLtUiitZz/P5bEsxnn79fjxB2DaPV
1NE7QyYndMq4q8LPtv56q4gvjC/O6567qsB+nIwN6nuNO79U90KJn9gbDXYGd4z3
G+545MZKVdgV3/WdFUMQ6z+vmFGDOpE686uFEWGT8IFGft0c1LrLkG/BNftCrJos
ovBaYS7RtRwCj++sbVCgoQu1YsfredCN17p/kLHu/M1ilTLqvOzJxOudijz2bAh4
27FwsgY6wc3HDVzLLpTmgq6CbUH4evxBSQaS8kYp4T9lHRf2Yja9X4KbAKNgXXc1
D1NLNLbL1VEim30D5cJD
=Kuar
—–END PGP SIGNATURE—–

Top
More in Preporuke
Ranjivosti jezgre operacijskog sustava

Otkrivene su dvije ranjivosti u jezgri operacijskog sustava Ubuntu 14.04 LTS. Prva ranjivost nalazila se u funkciji get_bitmap_file (drivers/md/md.c) uzrokovana...

Close