You are here
Home > Preporuke > Sigurnosni nedostatak jezgre operacijskog sustava

Sigurnosni nedostatak jezgre operacijskog sustava

==========================================================================
Ubuntu Security Notice USN-3266-1
April 25, 2017

linux, linux-raspi2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.10

Summary:

The system could be made to crash under certain conditions.

Software Description:
– linux: Linux kernel
– linux-raspi2: Linux kernel for Raspberry Pi 2

Details:

Alexander Popov discovered that a race condition existed in the Stream
Control Transmission Protocol (SCTP) implementation in the Linux kernel. A
local attacker could use this to cause a denial of service (system crash).

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.10:
linux-image-4.8.0-1035-raspi2 4.8.0-1035.38
linux-image-4.8.0-49-generic 4.8.0-49.52
linux-image-4.8.0-49-generic-lpae 4.8.0-49.52
linux-image-4.8.0-49-lowlatency 4.8.0-49.52
linux-image-4.8.0-49-powerpc-e500mc 4.8.0-49.52
linux-image-4.8.0-49-powerpc-smp 4.8.0-49.52
linux-image-generic 4.8.0.49.61
linux-image-generic-lpae 4.8.0.49.61
linux-image-lowlatency 4.8.0.49.61
linux-image-powerpc-e500mc 4.8.0.49.61
linux-image-powerpc-smp 4.8.0.49.61
linux-image-raspi2 4.8.0.1035.39

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
http://www.ubuntu.com/usn/usn-3266-1
CVE-2017-5986

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.8.0-49.52
https://launchpad.net/ubuntu/+source/linux-raspi2/4.8.0-1035.38

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJY/r0KAAoJEC8Jno0AXoH0lXwP/iJbE/UH5jPX9vKthLUQ85ys
x2uACqyll4zpJmO7Ox8TUiA9ZhWyPxTAcpnUfDCImTZSN+0zLqJLxrP03G2R8jR/
Es0fAcOsUobe2PmHhtvRtUvrEughmhvpE4EJOE3lTU00vQTfc0BEFSjPTVuZ3KEA
ZO6/8aThD6X17wMPaNUxSg/Ihe1NVZ+ujfN0XC7Ip/0RWtzuQL4T5P7HDeJ8Ugl4
0CU0KM9mqtBs2MYfAUh/A4Xut4iIOT9EJu+OxMxTqcIgHdcxFxnud/AeewOHMqc2
S7bczD9qBok4DERWmQU0vlQ0iEWQuzGQ/Yya+fHA2TOe5JaW6taoU7Wvu7zksVH0
WereWP6ej0i0FLa5vQ+mWIqPvD79oKeu3BgiRarNAI523rcNYal/3e68NX6mXqt2
Ln4J+YWDFSFXV0VZ8iICh1IJFE+K8qi2G9UVcHeYgNSAfHn0wl6a6IgcX+y2BpOu
eRY1vcL5fa+xEuy1/tXw+Qhwv3oLIxKFEis/ITJP2kKVtH9RcsLRuAbZOM5elLyU
uKN1/0cZjAUwTq5nsuTkGlz5EIX/Cgy3ubqOvSIkSmdag5gVgL9VGCuGlPQ7ssAg
lq2y1jwulE79J49Kwk8eAMhNUIMlNEKfbZeaGe/xR9zKWQ9cOcEcugsZ/nDadI+g
1XN/eFjDIHnw7b6w77Eq
=b1S3
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3266-2
April 25, 2017

linux-hwe vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

The system could be made to crash under certain conditions.

Software Description:
– linux-hwe: Linux hardware enablement (HWE) kernel

Details:

USN-3266-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS.

Alexander Popov discovered that a race condition existed in the Stream
Control Transmission Protocol (SCTP) implementation in the Linux kernel. A
local attacker could use this to cause a denial of service (system crash).

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.8.0-49-generic 4.8.0-49.52~16.04.1
linux-image-4.8.0-49-generic-lpae 4.8.0-49.52~16.04.1
linux-image-4.8.0-49-lowlatency 4.8.0-49.52~16.04.1
linux-image-generic-hwe-16.04 4.8.0.49.21
linux-image-generic-lpae-hwe-16.04 4.8.0.49.21
linux-image-lowlatency-hwe-16.04 4.8.0.49.21

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
http://www.ubuntu.com/usn/usn-3266-2
http://www.ubuntu.com/usn/usn-3266-1
CVE-2017-5986

Package Information:
https://launchpad.net/ubuntu/+source/linux-hwe/4.8.0-49.52~16.04.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJY/r0TAAoJEC8Jno0AXoH0EZgP/RnC+0cX0Z4z66lSPIRT40tB
JqXwBMHrqhLrNHtfJg/ioG80AS+oqwvf6uJwYTunIfzsrmaorEKjKwhKDjXJV3wc
xelOGzrjMZgA8n2CYMLwDcHiEtKrRjcuOc622fd7JNq8OYnyqtL2tN75Y7W6y97o
j0cV2Y/PfWax4yv+yvgRj3HCXi7fNRWVUOJHqN0P8GaaX2yBEji3xIdp3TSe4PIZ
LHF+BGpaRwddfrHpNUj4ZuN6084I1LBpZYAAYnJgVqRROlhE0a0zdduUIR4TVQ9W
nKezA73fl1q1bgFc5qHenoT1vvip5SlyJbNTnKCjT0oQStxfqLeAEHreUGv6tzum
/9JF6RpkyDvoTid+Qahmpc1RhkJXKYxj3KFbDm2gIFRsb3WFs512sx6zMrmJ71eI
B+X5QZxGvZhECgUHvQnM0w8Hyj3EIOeYLgf3dK7Dw+GlMQMwXW1uJouPtPds1FdL
f1Neo0yOWjbyvuFIaIgZ3r+dqABr1ZsAaGGi8tNQdRQ4AABMStq6aGXB75uNStqk
I9GVSwLF5EaHgCw+p679DKipD3wLVYlwqxXayx2l+/s7RlGI5EDjhV+01+bP3fy3
0KY1Dg31cByY8SL3W4NbC+GBYr1IaF1dTl0SBEiguvbV8igBGhRbySAO2rREtKCg
EJedzc+3pe6INhX+HRFb
=q7em
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci u radu programske jezgre operacijskog sustava Ubuntu 16.04 LTS. Otkriveni nedostaci potencijalnim lokalnim napadačima omogućuju izvođenje...

Close