You are here
Home > Preporuke > Sigurnosni nedostaci jezgre operacijskog sustava

Sigurnosni nedostaci jezgre operacijskog sustava

==========================================================================
Ubuntu Security Notice USN-3364-1
July 24, 2017

linux, linux-raspi2, linux-snapdragon vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux: Linux kernel
– linux-raspi2: Linux kernel for Raspberry Pi 2
– linux-snapdragon: Linux kernel for Snapdragon processors

Details:

It was discovered that the Linux kernel did not properly initialize a Wake-
on-Lan data structure. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2014-9900)

It was discovered that the Linux kernel did not properly restrict access to
/proc/iomem. A local attacker could use this to expose sensitive
information. (CVE-2015-8944)

Alexander Potapenko discovered a race condition in the Advanced Linux Sound
Architecture (ALSA) subsystem in the Linux kernel. A local attacker could
use this to expose sensitive information (kernel memory).
(CVE-2017-1000380)

Li Qiang discovered that the DRM driver for VMware Virtual GPUs in the
Linux kernel did not properly validate some ioctl arguments. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2017-7346)

Jann Horn discovered that bpf in Linux kernel does not restrict the output
of the print_bpf_insn function. A local attacker could use this to obtain
sensitive address information. (CVE-2017-9150)

Murray McAllister discovered that the DRM driver for VMware Virtual GPUs in
the Linux kernel did not properly initialize memory. A local attacker could
use this to expose sensitive information (kernel memory). (CVE-2017-9605)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.4.0-1065-raspi2 4.4.0-1065.73
linux-image-4.4.0-1067-snapdragon 4.4.0-1067.72
linux-image-4.4.0-87-generic 4.4.0-87.110
linux-image-4.4.0-87-generic-lpae 4.4.0-87.110
linux-image-4.4.0-87-lowlatency 4.4.0-87.110
linux-image-4.4.0-87-powerpc-e500mc 4.4.0-87.110
linux-image-4.4.0-87-powerpc-smp 4.4.0-87.110
linux-image-4.4.0-87-powerpc64-emb 4.4.0-87.110
linux-image-4.4.0-87-powerpc64-smp 4.4.0-87.110
linux-image-generic 4.4.0.87.93
linux-image-generic-lpae 4.4.0.87.93
linux-image-lowlatency 4.4.0.87.93
linux-image-powerpc-e500mc 4.4.0.87.93
linux-image-powerpc-smp 4.4.0.87.93
linux-image-powerpc64-emb 4.4.0.87.93
linux-image-powerpc64-smp 4.4.0.87.93
linux-image-raspi2 4.4.0.1065.66
linux-image-snapdragon 4.4.0.1067.60

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://www.ubuntu.com/usn/usn-3364-1
CVE-2014-9900, CVE-2015-8944, CVE-2017-1000380, CVE-2017-7346,
CVE-2017-9150, CVE-2017-9605

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-87.110
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1065.73
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1067.72

—–BEGIN PGP SIGNATURE—–

iQIcBAABCgAGBQJZdoF5AAoJEC8Jno0AXoH0ZisQAJU7P+2iiyQWZzhAzCP7BtAx
0EXGQXPONAdsQp+Hez4jz/E7QnR5s88qFqj2fHvlYUIX8QTsmHEk3r2pOOnCVyFF
ARYD0/LBZQfDLyXVJyI9NuTFIY4zijV0fQxV+aUSGRiAY5p5P2vH7dvTaxlA/9PL
m7FngsJ55RbvVjCiSJvr4J+yr73jjf+faL2xVeGL0d94BHOqpceiDJYpBja7Y54+
49b0ejrOj5sk9UHCK+MihXVnnSjh7e+d3/rcon4Hsdf0dh9tKv+ycDeZoSkL2UrK
y2t9JT0iY9XHkBkxPUHS/bXOgempe+yfY2CJp2qL7Py4dPFUM4QK7zGez5J+xH0i
gf12ZO2QmoQtlGjrx/XOaXlOLp4CmE29Dgb1UJrHMcBeESVQjP8sfJMJE4796EmK
6rmjK4xwFZDT66UAzCAdYTdONVCONprJqtEZL+X/Mp20cddhtiPHLzNC/yUZKy+d
341gibMjC4aB6Bz1qoTABHn8uZbWQxiUCP9CUyrNrMjG8NipPNWpWqQ/evRWoZR8
8IOZ+OmKo6U6btRupJOVS5O8uppJ+omvQjkPRXAxCWviLWt2WCPLAmR6l9fd2WnP
mQaPJ8NsHyrZH/+uesqpvBIWgZ397PhOGz5V7wcZdO11nGeO7CP0bJ0DI45O1nrY
7zZTfjOqP0ZnmMI9FSla
=eseF
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3364-2
July 24, 2017

linux-lts-xenial vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

USN-3364-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.

It was discovered that the Linux kernel did not properly initialize a Wake-
on-Lan data structure. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2014-9900)

It was discovered that the Linux kernel did not properly restrict access to
/proc/iomem. A local attacker could use this to expose sensitive
information. (CVE-2015-8944)

Alexander Potapenko discovered a race condition in the Advanced Linux Sound
Architecture (ALSA) subsystem in the Linux kernel. A local attacker could
use this to expose sensitive information (kernel memory).
(CVE-2017-1000380)

Li Qiang discovered that the DRM driver for VMware Virtual GPUs in the
Linux kernel did not properly validate some ioctl arguments. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2017-7346)

Jann Horn discovered that bpf in Linux kernel does not restrict the output
of the print_bpf_insn function. A local attacker could use this to obtain
sensitive address information. (CVE-2017-9150)

Murray McAllister discovered that the DRM driver for VMware Virtual GPUs in
the Linux kernel did not properly initialize memory. A local attacker could
use this to expose sensitive information (kernel memory). (CVE-2017-9605)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-4.4.0-87-generic 4.4.0-87.110~14.04.1
linux-image-4.4.0-87-generic-lpae 4.4.0-87.110~14.04.1
linux-image-4.4.0-87-lowlatency 4.4.0-87.110~14.04.1
linux-image-4.4.0-87-powerpc-e500mc 4.4.0-87.110~14.04.1
linux-image-4.4.0-87-powerpc-smp 4.4.0-87.110~14.04.1
linux-image-4.4.0-87-powerpc64-emb 4.4.0-87.110~14.04.1
linux-image-4.4.0-87-powerpc64-smp 4.4.0-87.110~14.04.1
linux-image-generic-lpae-lts-xenial 4.4.0.87.72
linux-image-generic-lts-xenial 4.4.0.87.72
linux-image-lowlatency-lts-xenial 4.4.0.87.72
linux-image-powerpc-e500mc-lts-xenial 4.4.0.87.72
linux-image-powerpc-smp-lts-xenial 4.4.0.87.72
linux-image-powerpc64-emb-lts-xenial 4.4.0.87.72
linux-image-powerpc64-smp-lts-xenial 4.4.0.87.72

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://www.ubuntu.com/usn/usn-3364-2
https://www.ubuntu.com/usn/usn-3364-1
CVE-2014-9900, CVE-2015-8944, CVE-2017-1000380, CVE-2017-7346,
CVE-2017-9150, CVE-2017-9605

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-87.110~14.04.1

—–BEGIN PGP SIGNATURE—–

iQIcBAABCgAGBQJZdoGvAAoJEC8Jno0AXoH0q3QP/0Eq4JpN89rhPukOQXikc6Ec
tAgkoKYjClqLJC7EdU25mBt5nAzHkfTp61GSY4Ef9fYo9apD98yuFv9GyFJqYJkc
QPqMh+8gTcjwJavXE1p+nIf5oaf66veQZKT5WIFoDocosorMifZNtofLGbWRiMqK
to9CsqZlGXB6lVuwihz7EiHyCPl2sskplEgm0gN4k8XFlQfT0gBbpaHc1iBTvi96
nAC7r7yPhtVFicacjl0xSAK1DoBgoT92ZfCWd930EKhOtmtfqV743+3bnhWII7Zd
K4/Pi00UW95dmfHl3MtrkHWgqIzpkpa/B3qEvZSw+4aCouSTx2OGfyIaDB25KZWd
r/Q9W7IMCHLzKtD/Rleib20KNQ/zUpaaNasD9nn+LrjhEZhHJ9LV7eTl07P/jtoX
yhWv4XCFK9qLYu0OAY9O4ZnsvaLH92RNHOm2NGDdupFsJjWfiFR1V+Cji2pD2y2s
MvJyWikZ7RyIHPkrC/SnTozrkZyrc1gMp1zTsJhINIGVug20tvNlt9eRJxCpm0Yo
FhWTf8MGas5xxh/Oe684sPYiQtsJ1GDrriIRtW1VFbLoDc/6qRnE5jZMlMTp8esf
ypC78M7QaEtGAXyD0S0XG41zPSGliU/UcytEr2kW1rsNSiZSeosK4UEv8gvx5Cjn
pBqw6E+2+RJM0qFl90BV
=rPft
—–END PGP SIGNATURE—–

 

==========================================================================

Ubuntu Security Notice USN-3364-3

July 25, 2017

 

linux-aws, linux-gke vulnerabilities

==========================================================================

 

A security issue affects these releases of Ubuntu and its derivatives:

 

– Ubuntu 16.04 LTS

 

Summary:

 

Several security issues were fixed in the Linux kernel.

 

Software Description:

– linux-aws: Linux kernel for Amazon Web Services (AWS) systems

– linux-gke: Linux kernel for Google Container Engine (GKE) systems

 

Details:

 

It was discovered that the Linux kernel did not properly initialize a Wake-

on-Lan data structure. A local attacker could use this to expose sensitive

information (kernel memory). (CVE-2014-9900)

 

It was discovered that the Linux kernel did not properly restrict access to

/proc/iomem. A local attacker could use this to expose sensitive

information. (CVE-2015-8944)

 

Alexander Potapenko discovered a race condition in the Advanced Linux Sound

Architecture (ALSA) subsystem in the Linux kernel. A local attacker could

use this to expose sensitive information (kernel memory).

(CVE-2017-1000380)

 

Li Qiang discovered that the DRM driver for VMware Virtual GPUs in the

Linux kernel did not properly validate some ioctl arguments. A local

attacker could use this to cause a denial of service (system crash).

(CVE-2017-7346)

 

Jann Horn discovered that bpf in Linux kernel does not restrict the output

of the print_bpf_insn function. A local attacker could use this to obtain

sensitive address information. (CVE-2017-9150)

 

Murray McAllister discovered that the DRM driver for VMware Virtual GPUs in

the Linux kernel did not properly initialize memory. A local attacker could

use this to expose sensitive information (kernel memory). (CVE-2017-9605)

 

Update instructions:

 

The problem can be corrected by updating your system to the following

package versions:

 

Ubuntu 16.04 LTS:

  linux-image-4.4.0-1022-gke      4.4.0-1022.22

  linux-image-4.4.0-1026-aws      4.4.0-1026.35

  linux-image-aws                 4.4.0.1026.29

  linux-image-gke                 4.4.0.1022.24

 

After a standard system update you need to reboot your computer to make

all the necessary changes.

 

ATTENTION: Due to an unavoidable ABI change the kernel updates have

been given a new version number, which requires you to recompile and

reinstall all third party kernel modules you might have installed.

Unless you manually uninstalled the standard kernel metapackages

(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,

linux-powerpc), a standard system upgrade will automatically perform

this as well.

 

References:

  https://www.ubuntu.com/usn/usn-3364-3

  https://www.ubuntu.com/usn/usn-3364-1

  CVE-2014-9900, CVE-2015-8944, CVE-2017-1000380, CVE-2017-7346,

  CVE-2017-9150, CVE-2017-9605

 

Package Information:

  https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1026.35

  https://launchpad.net/ubuntu/+source/linux-gke/4.4.0-1022.22

 

—–BEGIN PGP SIGNATURE—–

 

iQIcBAABCgAGBQJZd9bGAAoJEC8Jno0AXoH0H8QP/R8LlxMonoIv3zB3rt3WP8kr

nkTm1Iu0ZbuQ011xXh6HUOXrpkzboM8GcPBclgEBSsB3ifbUEQIyXphiBAQ8FwQ0

6gG9j+N7haFyq4jaVCGmtn0p2IEQTSq/Nni8cLldfKChppKYvHUOB+jfKJY7II5+

dnWySZuWVoMVhWbk3SX2K2FxG91Vhndgck3hpCMjRB2YJ+SxOx1K2hBd5UfqhUPk

jCm329MBvZ7LxjHJspcs2M2ja1mJ4Zc5XBzpL/e1yRBoWC5FnJgLLjriNWQYNN6w

FpESVLf6OzhR8ricsqzGTZ10xJglpIsxxKwWj7/Oj+vLiaIRm+Lr0cTZdHTcFdbu

vF0WEcp8tlz6KyTkKa7uIu8p6lU0gIL/3h2sK6mdaZQ6LT3q1cRswdxX+mH9yZcC

b9VTE8C0XuF2BFr3RJ1k4T5XgP3JwS0nH5AERZNB8QKsrWHw9DAZ8iMwbeEVQhkd

erbgQSXf4ba8EDRsTxn2YS3nebgWngG0qrMLEKVgO+wxVjhLAk9XDQ7I29PsylWt

KpszREwZHJeOzGuUxxuJLB2HtQ9OnPq0cD0Ge+FatlDDEQB5VvYElSpDrheFILC8

/J3zjFlmgzuOcdB43NWfYKXD+3Ap4eYC2rhp3IajTZ05cLmTNot22f3PUf8VbqE/

knlBA6sDyIuTUzR6njVw

=Jdyk

—–END PGP SIGNATURE—–

– 

 
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa rubygem-rack-cors

Otkriven je sigurnosni nedostatak u programskom paketu rubygem-rack-cors za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje zaobilaženje sigurnosnih ograničenja....

Close