You are here
Home > Preporuke > Ranjivosti jezgri operacijskog sustava Ubuntu

Ranjivosti jezgri operacijskog sustava Ubuntu

  • Detalji os-a: LUB
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2178-1
April 26, 2014

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.10

Summary:

Several security issues were fixed in the kernel.

Software Description:
– linux: Linux kernel

Details:

A flaw was discovered in the Kernel Virtual Machine (KVM) subsystem of the
Linux kernel. A guest OS user could exploit this flaw to execute arbitrary
code on the host OS. (CVE-2014-0049)

Al Viro discovered an error in how CIFS in the Linux kernel handles
uncached write operations. An unprivileged local user could exploit this
flaw to cause a denial of service (system crash), obtain sensitive
information from kernel memory, or possibly gain privileges.
(CVE-2014-0069)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
linux-image-3.5.0-49-generic 3.5.0-49.73
linux-image-3.5.0-49-highbank 3.5.0-49.73
linux-image-3.5.0-49-omap 3.5.0-49.73
linux-image-3.5.0-49-powerpc-smp 3.5.0-49.73
linux-image-3.5.0-49-powerpc64-smp 3.5.0-49.73

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2178-1
CVE-2014-0049, CVE-2014-0069

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.5.0-49.73

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTW7/GAAoJEAUvNnAY1cPYvBUP+wZkUtLzSH6WPvmumvZUapSr
8OllKP+ubl0WVe67vM0WczNA2nwMBRd2aNgxV4qEBXIlEX0GA99cJjh5di4b6syA
KzPNcdhDmyFagll46Ga3T+gVeCu1P2IlzUymEceTXQ9JAvIqAE3jcBYp/sQKlhGP
ux1TPQIAnwL3Yg2Eyj95Dn8mh43oexIUofXvK4RfvjY86ZAjxmcfpkOpiMHU3ERC
MCjvi3++TW6xG837kWBRRG0MoP3k5jzvwvuWLhpdO0T0A+5+xSQGRxihHR9ILCMh
kIWYSfLgQU9Hl+PGAmTyXDj4IA888iwpNwxuy709cjGmwsxrn+klCQWf5JRTi7kM
esg5hvOv+J4UU4BxYTJ1Fg0Zdgts6NHUHC36AS2t3jqIkh3d+/qc4UGbpEdE1Pga
WWNj8FTJjO5C+dFuk9HL15/dAqhCSqIzg3DisRHEzg0Y3antoa4//BDeh0kxvfeP
rY2ptbCjvPKLrbVbe+o9fKeDdnfqejEVyfoeJRbRDTuGcft10QlMVrZ0IfCaUyUs
DEr6nB02zWNoM9dgChSk0hn/CWniGh7cI0rXF9eNr4zdHnGC3tZpn7E/tynD+Vqb
LhOSEthgWWd59VOeDU6QKUEB3HLHUpwOANRrtn1s3agpy+tFV4BeYXBBo4o/dHdB
ajp41NEUvbbJFa+q98pK
=7SHb
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2179-1
April 26, 2014

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 13.10

Summary:

Several security issues were fixed in the kernel.

Software Description:
– linux: Linux kernel

Details:

A flaw was discovered in the Kernel Virtual Machine (KVM) subsystem of the
Linux kernel. A guest OS user could exploit this flaw to execute arbitrary
code on the host OS. (CVE-2014-0049)

Al Viro discovered an error in how CIFS in the Linux kernel handles
uncached write operations. An unprivileged local user could exploit this
flaw to cause a denial of service (system crash), obtain sensitive
information from kernel memory, or possibly gain privileges.
(CVE-2014-0069)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
linux-image-3.11.0-20-generic 3.11.0-20.34
linux-image-3.11.0-20-generic-lpae 3.11.0-20.34

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2179-1
CVE-2014-0049, CVE-2014-0069

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.11.0-20.34

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTW7/lAAoJEAUvNnAY1cPY4pgP/jcFNxt12eKYdm9qJ4QhEg1c
MZz14VE6ryxVarzaBTeYUPfnKuIStsAyMCprABP5vHTmicXV2hcJ7uyj2ljH57u9
5GLs4OUgmCPyYKdgK3HWNDu/NqFhpPMA+iTDpX+8ywmtjbX91cMMLafAA28+9soX
E53mz0JjPm7Qb/ZjFI/wNWm2ghlNiQjMSOMngwfl8oYAgctP30XKiBdZz6AWpYiJ
LbKwwkNFY88JiQTbqGtcd6j/LJpNUKXgvoQUT3KGZjiD+ykmr+BhSEWc8MGBO0X/
wwsCq2xiAAI/9hiNt1F94oK5T2t5C+6xq/Jn42+0ngyw+v4K4QqHNSjJfOsybScR
hOCEdcoDqsw1p+SUHjMcuey5tg6D77z2GoiO6AikEK8dmNrKXKWkhEsQh749GxL7
z5TnRd7sJfH4bNz2MDqERSDLCG8lZmq1QfFAvxNZQ4mPsaop+yrKUkUAn2raFrTF
104UDOTiiIyXktsGK5Gn2vrV1CWrhqxL6BU//e+ZEiMm8gfMZObk5AWNoxvPEGnG
DWydY2KhseKFoC6Ywgo/hwY9/KjBMnvwrPjezIvxCAOYasL88lbiqlFiQXjCx0IC
lFjGBML0lNGePJgcsKi0WUiY/wTeIi87MbJpWe1lgp8WwJcj8fUxpC+WIQGBaeuy
mcIvYwZG9sEnb64/IyBo
=4I/v
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2177-1
April 26, 2014

linux-lts-saucy vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
– linux-lts-saucy: Linux hardware enablement kernel from Saucy

Details:

A flaw was discovered in the Kernel Virtual Machine (KVM) subsystem of the
Linux kernel. A guest OS user could exploit this flaw to execute arbitrary
code on the host OS. (CVE-2014-0049)

Al Viro discovered an error in how CIFS in the Linux kernel handles
uncached write operations. An unprivileged local user could exploit this
flaw to cause a denial of service (system crash), obtain sensitive
information from kernel memory, or possibly gain privileges.
(CVE-2014-0069)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.11.0-20-generic 3.11.0-20.34~precise1
linux-image-3.11.0-20-generic-lpae 3.11.0-20.34~precise1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2177-1
CVE-2014-0049, CVE-2014-0069

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-saucy/3.11.0-20.34~precise1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTW7+rAAoJEAUvNnAY1cPYHBYP/ijOdjSah7VuuQHALELkrop+
ofCt1vnF0fZ0lu81Y60v7AZixyxgHK5MdgjVi/Eaw0nINLdgNQcJPCtUazAlAe5a
5luqOb5A5IixgZulAFapMbmEWH34KRxBseLPwZAzrKZvQKVbXdXgbJcZmbKhgzUH
1Wvlrl3ZF7OZL8ioakBCyEUExHQGYLkeVX24gbxa9woOedM2Jx0U2GwT9FgvLX41
1c+eorzm1jppOdtM6Xwl9a2DbV7v56ItMvTulUKv/Le42TDmcjWGFR0PiyTuBdCK
lFWrLdf9nAtXypg/SicnjeXcCvEGaM6PHOnWpK+dygmcMv/d1QOypc52mUqPl0Lg
4Lh9Zh0nsX8iCqN8JzvunuWWCHsHutZm1WAAd0YXeeDZIfb/jePkposXtp1DSdxB
eX1ighfjWMkBwUaK5Y9lzfRILj31idBBmky+t/WO3uYxVBdIjhQbfYo16dAncQWn
Rl3eYI1t7dKG5DZBn3JaRWeGfuY7HTfWNOrNSQHPRANXMjLkRKqdtca8eNyMl2I9
GYJFanMWLkWDsLsI/mZrrIKon2C6silmVEPK+WivqQ6NM1h2MLaixQZdXzHxwjYq
VoZ8NxYnKJrIwtxdla6NKaT4EazGA5VgzsHpGSsWsO9CQD2M7lUNZHoFMfvcTwrs
xPFsHGBF3NNDDnWHd8Hk
=qSwy
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2175-1
April 26, 2014

linux-lts-quantal vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
– linux-lts-quantal: Linux hardware enablement kernel from Quantal

Details:

A flaw was discovered in the Kernel Virtual Machine (KVM) subsystem of the
Linux kernel. A guest OS user could exploit this flaw to execute arbitrary
code on the host OS. (CVE-2014-0049)

Al Viro discovered an error in how CIFS in the Linux kernel handles
uncached write operations. An unprivileged local user could exploit this
flaw to cause a denial of service (system crash), obtain sensitive
information from kernel memory, or possibly gain privileges.
(CVE-2014-0069)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.5.0-49-generic 3.5.0-49.73~precise1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2175-1
CVE-2014-0049, CVE-2014-0069

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-quantal/3.5.0-49.73~precise1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTW79vAAoJEAUvNnAY1cPY/kUP/3Q6lbEffX7Om40ypuLDDYb9
b6FpY2UMxFNudL0MsBJx6HTX69M6gRom6B/61M1or8YAHNhClna4GV4eX5wM5Bgi
/xwScPcGUGko57J4Ho33NaQhJJXgW45yuEcO7VpNBVaX+01a0ZDQ5dAxqrsMueeE
XI7LYUbm5rzYJSsHZiKksoFZ4AjVTyC3bMKDgHHduCeIIQK+Vc+TAjdk+iy1Gugw
2RTxIyYU7hf5Rp7rs1HFT7QVa7zqBEimuzAhq8MvoPnRW02cmaJ3668INp+d/5tB
iKeMrCAcsbuy4YQnM4aAysQ8889UO6Z0w8LMdi4WlEtOqWop/vHx6RU8b2uJ31Rl
rt5v2E4JPCrIq02FoWt2OJyfJxTcZUK4FVktJ/Lofais716lEPRGIMpHF3LYpEHi
RgG7caMelLLP6Z4IP1ztes3289aRVMRE5s+e31jcmkUxhiLjqRR1xrNHL6IhqTDb
2tf0NGvgqyFvRV9H6N0esr+uN0JkzG02AXOYR4SE7+OUuhMDG9c/ryoiEQt8AxLo
UShWQedCYrNepWmxDS7Ef8IwKCbgt8vzAvyLFfuOReihEC0m0Zr6kGA9mYoTpB/N
GWt/pstv2qvGQVMKdsfVkz3N7UwOB1F3A1ciAAgUIMEhxBkLj6dL5xOfJLujbV5a
r61y0vk5/PTQ9pv6paHl
=KCcP
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2176-1
April 26, 2014

linux-lts-quantal vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
– linux-lts-raring: Linux hardware enablement kernel from Raring

Details:

A flaw was discovered in the Kernel Virtual Machine (KVM) subsystem of the
Linux kernel. A guest OS user could exploit this flaw to execute arbitrary
code on the host OS. (CVE-2014-0049)

Al Viro discovered an error in how CIFS in the Linux kernel handles
uncached write operations. An unprivileged local user could exploit this
flaw to cause a denial of service (system crash), obtain sensitive
information from kernel memory, or possibly gain privileges.
(CVE-2014-0069)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.8.0-39-generic 3.8.0-39.57~precise1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2176-1
CVE-2014-0049, CVE-2014-0069

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-raring/3.8.0-39.57~precise1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTW7+LAAoJEAUvNnAY1cPYt1wP/1JrTts6KipDsg6eZQQn71qq
9Xl82RCoIQU95JoYWDy/nKk2r97oeYzCjiRjxCjsNpU5S5PiZSXIhWscCItvXe8O
MdQaNF7kfZdCBnVH7anIO+reD4UOojIJoOVjCrgT9yF3UJWWbetLr2HtIcLzI1MI
VSR8KUJ2LF/MC29cWra/FW7mwpvAjSXCIMD5QRSDASFlmGHXUpmGjbe1dXz5WjYs
3SNGR88vnKsl87FpCGU1TXfM13x12re89+53Ma/wbWiD1yVVV5Mbrzx7RDKLRVqm
3AI0Xn9yQneQ8DmQq6mJOrchQE2Gzv3CjhASFHrDcK/lxJJs9mK9LiM9UUxwghFe
Jbsw/OK5XmuSPlQ84qzANMTR6OhCv7DLbNze5QoESD6Y3jhxnBF5mydDXFrtU6ay
t4B2Q3woTxAgk2Pcq8wiPKcf3QczEgsSj6pp4voAT8+k1OdCu9xTGlM8gWWnun+7
yE412TPDXsbGjTGjurRiktPgIch9jjAHGFWH1LjdEq95cxzDClrsN8X9MiIqnsnc
0kXADAsRsWuI2IPZH42hIuidK999a7gtlRfLRaxuJFPqwAG09NREVVoh/SvS5x0B
AkPPBRM9wHyxUAHXJ63yBqTKnxMsf7u7dtShEjqWuKzajO7iwldqrIJpBApxznhv
5043Z2EjRLQEgJMe2VZh
=BX0j
—–END PGP SIGNATURE—–

7e

AutorTomislav Protega
Cert idNCERT-REF-2014-04-0002-ADV
CveCVE-2014-0049 CVE-2014-0069
ID izvornikaUSN-2178-1 USN-2179-1 USN-2177-1 USN-2175-1 USN-2176-1
Proizvodlinux, linux-lts-saucy, linux-lts-quantal i linux-lts-quantal
Izvorhttp://www.ubuntu.com
Top
More in Preporuke
Ranjivosti jezgre operacijskog sustava Ubuntu 10.04 LTS

Otkrivene su ranjivosti u linux i linux-ec2 verzijama jezgri za Ubuntu 10.04 LTS. Ranjivosti su se očitovale greškama u implementaciji...

Close