You are here
Home > Preporuke > Sigurnosni nedostatak jezgre operacijskog sustava Ubuntu

Sigurnosni nedostatak jezgre operacijskog sustava Ubuntu

==========================================================================
Ubuntu Security Notice USN-3034-2
July 14, 2016

linux-lts-trusty vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 LTS

Summary:

The system could be made to crash under certain conditions.

Software Description:
– linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise

Details:

USN-3034-1 fixed a vulnerability in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 LTS.

Jan Stancek discovered that the Linux kernel’s memory manager did not
properly handle moving pages mapped by the asynchronous I/O (AIO) ring
buffer to the other nodes. A local attacker could use this to cause a
denial of service (system crash).

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.13.0-92-generic 3.13.0-92.139~precise1
linux-image-3.13.0-92-generic-lpae 3.13.0-92.139~precise1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
http://www.ubuntu.com/usn/usn-3034-2
http://www.ubuntu.com/usn/usn-3034-1
CVE-2016-3070

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-92.139~precise1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJXiBb0AAoJEC8Jno0AXoH0htAP/j6hi7Y1vt4k5F43AC8ftl/u
eAbNoweFBAuXktLs6jDgFA7d3lASeat8ia8KTUN+dRebX5VqAptgiINR2AbRQOg9
Keac0Bhdp7/Gri3W+pbnQxPggNExzAekhfMRecmLoqd8WOeQWGU0HymdrYSaaO6b
pwVN60Wu4VnRik5rkgH5l4aVfWs7+iod7mwxfVwrydU8sqlwCSOWOuObEbCQ89pC
8U5aHlFIiIMlvsOJA6cDsJqQkaTGAjgVITSHBC6OXdHN3CxIPv5+yC182MF/00WU
I42ErZRhUYfMicxGIaAbVlT27wq9nC4eFvN5qkT4C+uCsSSBBYbhcUHYN7++wPz1
5842sVl0N+Pldit40kAz8a2GV2YDSn0X9bySMqqP4jUjaTvlIefbYAqK1aGPvQfH
0QgSca5VuwEx80mEDJLS+nT/9wYPUCtWr7I56JPaCI1m6dETRW5s7R5+H05EXPX9
isYFt+nllxQxXSMaLCO8BAthcWvEM3i1zar4KWblymb9fYKPEsPpTBQMf8fITLE5
T0r+g95b2ubU79mk/iAg1M2sP41P1r/tQn7MBrED9V7K4ynkKKEOnIgmdgvKRkXy
FJkSDlkjG1AB1Uq1bzspBdx1xDlkQ5qcxMH+APs0EzB5j2g3EDDqgllMYvfLON9Y
tjFZTUg8fMh4PcOp+6r6
=mAvS
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3034-1
July 14, 2016

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

The system could be made to crash under certain conditions.

Software Description:
– linux: Linux kernel

Details:

Jan Stancek discovered that the Linux kernel’s memory manager did not
properly handle moving pages mapped by the asynchronous I/O (AIO) ring
buffer to the other nodes. A local attacker could use this to cause a
denial of service (system crash).

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-3.13.0-92-generic 3.13.0-92.139
linux-image-3.13.0-92-generic-lpae 3.13.0-92.139
linux-image-3.13.0-92-lowlatency 3.13.0-92.139
linux-image-3.13.0-92-powerpc-e500 3.13.0-92.139
linux-image-3.13.0-92-powerpc-e500mc 3.13.0-92.139
linux-image-3.13.0-92-powerpc-smp 3.13.0-92.139
linux-image-3.13.0-92-powerpc64-emb 3.13.0-92.139
linux-image-3.13.0-92-powerpc64-smp 3.13.0-92.139

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
http://www.ubuntu.com/usn/usn-3034-1
CVE-2016-3070

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-92.139

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJXiBblAAoJEC8Jno0AXoH0H68P/A7OaNozEiEF2QtAwtBpQvV0
sS9B9ATT6BOysVIlvgL1aLJmoJ6GCxbwGZgqTyqcHpQH1d0qaYxobG8XHdjOYBvU
CH/vES2j7LCtx96kopK4VJOJBVE6dJGY4svrUmWW/sAxVhpxN3My3IgCyMX/hreY
VUO6Br7/XTuYk5ROAr6Uu2n0TsDc2Vfjc8kKUYw7XCN5+fkmJ6LXqd9BLI0X9/pl
VZ9V7lmO93OlMC7NoC/PO07ZlNwIhf1u5wIAcXkiyyg/P23FQNAPykFo71gSzCid
C1JW3woz2cMcARI8L0bZDgAfID6pXbwKmV0pKrk4gnhboE7B/ocBm2SGI8/9vcNT
4pW6m6naMmTu6H0MLIyKmneNINphwt1NitGxC9/f9o5aSjEKgJaUwbgZGC0pbpZW
e2fzfOkPHdiOz2RzMq4jk+zbFDMNCVA5mhf9lQ482TgZVB39kgzMS8EFPXfDD7e8
VrFaGZMxEYwSofa877r4qTjXm7XCPLC2KUoVSgsELsPuExUlicRd8xHZlSpRPXrP
CgyRe9Fid0ueEYcV2P0qCaCJkyete7L8ovQyC1zywWegN5xktFJPez/T3liJ1luL
+lNAaa0DxvwrMDSBS168IVtrhgTqtPuhhlyBRpNxzgflLRliX9SAXlRaJj4/e2RU
yaKNNR1vaH2oZdTwyCV7
=QjNO
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3037-1
July 14, 2016

linux-lts-vivid vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

The system could be made to crash under certain conditions.

Software Description:
– linux-lts-vivid: Linux hardware enablement kernel from Vivid for Trusty

Details:

Jan Stancek discovered that the Linux kernel’s memory manager did not
properly handle moving pages mapped by the asynchronous I/O (AIO) ring
buffer to the other nodes. A local attacker could use this to cause a
denial of service (system crash).

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-3.19.0-65-generic 3.19.0-65.73~14.04.1
linux-image-3.19.0-65-generic-lpae 3.19.0-65.73~14.04.1
linux-image-3.19.0-65-lowlatency 3.19.0-65.73~14.04.1
linux-image-3.19.0-65-powerpc-e500mc 3.19.0-65.73~14.04.1
linux-image-3.19.0-65-powerpc-smp 3.19.0-65.73~14.04.1
linux-image-3.19.0-65-powerpc64-emb 3.19.0-65.73~14.04.1
linux-image-3.19.0-65-powerpc64-smp 3.19.0-65.73~14.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
http://www.ubuntu.com/usn/usn-3037-1
CVE-2016-3070

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-vivid/3.19.0-65.73~14.04.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJXiBckAAoJEC8Jno0AXoH0acgQAJkkry6DxEhsLMi6DoA8VGSc
FjcODyr0FoYbpzKDJJ77kX4DeQRc84N8UqSXAI4lJ5X+G9AFYPVIFCeUlX6NZ27k
TEaQR7XJXK7fBAfy2ZCKQdKzNt8eIDGFARSgrUsOPCTnTgutW/axtqBGRnn08o76
9iaOpNK7RR9+iTVwRi8xG8tbhDgulAJY8l3XCn7y1NmJ2FwdkLxqztTI2SWdWPMc
cCHXvLm5QjcWOjKY9jPZRPvdutZkmDbr1cMR0LQPj/l7aB4mFlo4RkVfMnGHKJ68
uLGV6qN4MzPvW67Jgeh13jWX3GWfjvxgYqSUnjm0QQnKCCTztmSpukq61+T3s7km
b4H0S5QPOm4jFFe7XUBB/9G5FCy9mcKdyA7F4VXVDaxMviokER647DCxmlY0mEnI
T16ONbkVgADb0HI1eNpZyEIqxpoySr1uVxqvCguPtuvxC2vSAZJ+yn1RqQz3X6LJ
y454cxeieRhaTylF/Msrc8K3tOZhp+GjmjECkucHAhJ9p03M/1RktSs2P937cymX
a8qSbHp+G3AayV0ChlEBf1nNG5ccFdFMSRSZI2SqGo1reSsxPkivsa2kTQRsuDMm
wB5nNz5qSpHASYXC0JeAF9ZCHa/2WTt2CNyTFzjJnn3lpUteO9LMQQ/Yu0nbt/XA
uWjVDFKK5e1k1wDwxBBu
=7Xu5
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3035-1
July 14, 2016

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 15.10

Summary:

The system could be made to crash under certain conditions.

Software Description:
– linux: Linux kernel

Details:

Jan Stancek discovered that the Linux kernel’s memory manager did not
properly handle moving pages mapped by the asynchronous I/O (AIO) ring
buffer to the other nodes. A local attacker could use this to cause a
denial of service (system crash).

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.10:
linux-image-4.2.0-42-generic 4.2.0-42.49
linux-image-4.2.0-42-generic-lpae 4.2.0-42.49
linux-image-4.2.0-42-lowlatency 4.2.0-42.49
linux-image-4.2.0-42-powerpc-e500mc 4.2.0-42.49
linux-image-4.2.0-42-powerpc-smp 4.2.0-42.49
linux-image-4.2.0-42-powerpc64-emb 4.2.0-42.49
linux-image-4.2.0-42-powerpc64-smp 4.2.0-42.49

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
http://www.ubuntu.com/usn/usn-3035-1
CVE-2016-3070

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.2.0-42.49

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJXiBcBAAoJEC8Jno0AXoH0QJ4P/2j9F+kfHqI63B2P0S52p0pi
Z57KE+ZjsL43Bj26ku/3z+EMRHtrk8Aaq7nkHVzo3mJND8PAIRwvLPPC8wEGO5Sf
v1/k5zFfFDd/pumfafwgfyC5PWIhhsTENLC5eOxdm+trXz/YxVWxXlS0KTNMNEPO
S11Jaws4XdrqU9QI9j2EqF10+uQaDzRROsYzY+aTLtGGUI21j4vwFgU3ol7+t1Xe
pUO8VV2lgDlANq0FU98ywPfxAE9J5iT5OX8ldRfJGOpslzX1l2SjZuGKth8QuD+O
Fve6PCcm9vnfBnlEHYQ0yOStGOsXPHMyT0xJ6Bc2ip67D9TK1Ow8Xx4fHiDzSLHF
ntQ/5pZd437DsEc/akqBuuAOQn6UZjPzUAY2oNB+4qZukczI/6hVzc146YO7aSs1
0Jix9YD0IJ1p0UeNDGpmFhYCWeY5iymDTKZcFieyWyjwHsuw3deVZQsy3VixsOSA
4zhsfdMHZ9L8yqjJz0Mij263DqI1xNoejrggj8Ka3thPeXXPlN2G2CJ1MD1EUTWn
I196POWWRvrOrvPkY0w6zmM0aUbsnFkwHn1Qjit54l1BVZcMeejL9ZYYMD4ES2Mj
kloRWkWSTFQBpbE7kBsoP+Ja/AKFqY1IEfnVAhrbjVwddT7KiCSKnkReDXVdFi5O
DcmVbn+XeBYoPmRRfT4h
=qnzE
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3035-3
July 14, 2016

linux-lts-wily vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

The system could be made to crash under certain conditions.

Software Description:
– linux-lts-wily: Linux hardware enablement kernel from Wily for Trusty

Details:

USN-3035-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS.

Jan Stancek discovered that the Linux kernel’s memory manager did not
properly handle moving pages mapped by the asynchronous I/O (AIO) ring
buffer to the other nodes. A local attacker could use this to cause a
denial of service (system crash).

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-4.2.0-42-generic 4.2.0-42.49~14.04.1
linux-image-4.2.0-42-generic-lpae 4.2.0-42.49~14.04.1
linux-image-4.2.0-42-lowlatency 4.2.0-42.49~14.04.1
linux-image-4.2.0-42-powerpc-e500mc 4.2.0-42.49~14.04.1
linux-image-4.2.0-42-powerpc-smp 4.2.0-42.49~14.04.1
linux-image-4.2.0-42-powerpc64-emb 4.2.0-42.49~14.04.1
linux-image-4.2.0-42-powerpc64-smp 4.2.0-42.49~14.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
http://www.ubuntu.com/usn/usn-3035-3
http://www.ubuntu.com/usn/usn-3035-1
CVE-2016-3070

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-wily/4.2.0-42.49~14.04.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJXiBcQAAoJEC8Jno0AXoH0o10QAIVrB5bQSorHx0Be5JF+o/qy
MQ99byICJ8/6wJBxnctCXyVKT4YWTvga6Cx1APTefE9DJt3wveceEPoJfy6HysC7
dbeQ2PogR0lLlp7b0Xu5Re1bU9p3q3+/BDAwlHs0p+cidHD1FZ6d5R5ZJszBWf9i
ne7u7UsKVJtmHCwpBZwFOkQD+g8H5cEpdn9Od7gWI2+fN6wqDoYiwV5R0t8Mw39u
mQbBfDJMr85Bl4+lUH+nSoQxjNAJCEDBoUqqpeVphCDpuY5I4tGmD3DLyLMlDYzD
HjrbkKghBsRvn4Wj0tnVf8ST00zeqr79B3/leENdAPknCjE/ILAqOyuwrusAhz7l
OyHL2w3D6lKlf1vMudkZ/oO5RYYdbvKtdBmCozASi4Zt/UpjTWxHX6Q2bgDR/T5g
LXBZUw93mnDhRHuSUVFJQNPedFMOXBEUAGJx2WHawpQ7WMDlfTiIpBFGqm6rCesP
SFLk5aoBDfi2r8oYdxDODmWhvYKXPIJS3ieHgYwqOcTcKA+etLhK+YJ321YJd5+O
qh4IkpzQn2iENDGHoTE4sJbWX1ZiIDaiOAzgGSAW50qP2l1v25r+FEHGPKzYfX0v
JUfCRMxcctJYMZG7l9PIFBdJHJEW/KHsGifQpwX9a/O51v8R9yDVDdbtPzy2P/QH
gnPA7w5SdoeWixIlCTWP
=dwqV
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3036-1
July 14, 2016

linux-lts-utopic vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

The system could be made to crash under certain conditions.

Software Description:
– linux-lts-utopic: Linux hardware enablement kernel from Utopic for Trusty

Details:

Jan Stancek discovered that the Linux kernel’s memory manager did not
properly handle moving pages mapped by the asynchronous I/O (AIO) ring
buffer to the other nodes. A local attacker could use this to cause a
denial of service (system crash).

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-3.16.0-77-generic 3.16.0-77.99~14.04.1
linux-image-3.16.0-77-generic-lpae 3.16.0-77.99~14.04.1
linux-image-3.16.0-77-lowlatency 3.16.0-77.99~14.04.1
linux-image-3.16.0-77-powerpc-e500mc 3.16.0-77.99~14.04.1
linux-image-3.16.0-77-powerpc-smp 3.16.0-77.99~14.04.1
linux-image-3.16.0-77-powerpc64-emb 3.16.0-77.99~14.04.1
linux-image-3.16.0-77-powerpc64-smp 3.16.0-77.99~14.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
http://www.ubuntu.com/usn/usn-3036-1
CVE-2016-3070

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-utopic/3.16.0-77.99~14.04.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJXiBccAAoJEC8Jno0AXoH0pdwP/R87CRruBv7+nieMr2l7GG5E
TM66/Iirq98Ex2ko6ooRgkZqOSldVwt1mz1InLB26bcd2ptcce67dDtSICoTIPaH
Id2SjHWGXVTlWaehijzLE4KWA+27h8YdJV6iDWQqWBAzfYN0OBDjA+bCtXThtYqH
T8iDcUWvkbBgVSPG+Hpztv3JZmjZkqzAdtgNTSN7uOLhVQW8FZKsTDGXewbezGea
wlMxi6HUZygHri8qzSd1xjn6iHD8LoCNpVU6mXmIQYqWEgEUjAkMqzBweB+1/6Ng
3aFjKGepE831lPsxe4tWkPOe5+VtZuIKHqEAIVdKCbWbOMiI7t9jnrnHgNQQhVhH
S7uJ+emRYI30DLuuF6rusw47ljB0b/GSWGOxJ/Gx2VSB4G9ODS2o/GNQxhB8X5MY
5RJXfTtyGRHGPiO0+6AW4564C8G4EhFnMM3BXdYxTjQdr54zWIFYzJjd8saiI9DB
hVzZLE8zswsPNxijjZZA+PCDGA4vzW2HFrkivs8/AhQiZmcptKFjnj8fYqWWy98a
H0tqilBLkwBQgzkdcDYQAP8gJo0hzIjmVldRKu8ffjhfd9GaOQrMDSmjIs70AEW/
J1YgBbVfRteOY2BCKc/xQzdvC3vkd7YgcgcgS8pe3J6T9DUMUQBjoH6Axdx6cFKb
Ul2snhHh62ln5JvAmfxK
=kLRx
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskih paketa MozillaFirefox, MozillaFirefox-branding-SLE i mozilla-nss

Otkriveni su sigurnosni nedostaci u programskim paketima MozillaFirefox, MozillaFirefox-branding-SLE i mozilla-nss za SUSE. Zahvaćeni su razni dijelovi paketa, a ovisno...

Close