- Detalji os-a: LUB
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LUB
==========================================================================
Ubuntu Security Notice USN-2379-1
October 09, 2014
linux vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
– linux: Linux kernel
Details:
Steven Vittitoe reported multiple stack buffer overflows in Linux kernel’s
magicmouse HID driver. A physically proximate attacker could exploit this
flaw to cause a denial of service (system crash) or possibly execute
arbitrary code via specially crafted devices. (CVE-2014-3181)
Ben Hawkes reported some off by one errors for report descriptors in the
Linux kernel’s HID stack. A physically proximate attacker could exploit
these flaws to cause a denial of service (out-of-bounds write) via a
specially crafted device. (CVE-2014-3184)
Several bounds check flaws allowing for buffer overflows were discovered in
the Linux kernel’s Whiteheat USB serial driver. A physically proximate
attacker could exploit these flaws to cause a denial of service (system
crash) via a specially crafted device. (CVE-2014-3185)
Steven Vittitoe reported a buffer overflow in the Linux kernel’s PicoLCD
HID device driver. A physically proximate attacker could exploit this flaw
to cause a denial of service (system crash) or possibly execute arbitrary
code via a specially craft device. (CVE-2014-3186)
A flaw was discovered in the Linux kernel’s associative-array garbage
collection implementation. A local user could exploit this flaw to cause a
denial of service (system crash) or possibly have other unspecified impact
by using keyctl operations. (CVE-2014-3631)
A flaw was discovered in the Linux kernel’s UDF filesystem (used on some
CD-ROMs and DVDs) when processing indirect ICBs. An attacker who can cause
CD, DVD or image file with a specially crafted inode to be mounted can
cause a denial of service (infinite loop or stack consumption).
(CVE-2014-6410)
James Eckersall discovered a buffer overflow in the Ceph filesystem in the
Linux kernel. A remote attacker could exploit this flaw to cause a denial
of service (memory consumption and panic) or possibly have other
unspecified impact via a long unencrypted auth ticket. (CVE-2014-6416)
James Eckersall discovered a flaw in the handling of memory allocation
failures in the Ceph filesystem. A remote attacker could exploit this flaw
to cause a denial of service (system crash) or possibly have unspecified
other impact. (CVE-2014-6417)
James Eckersall discovered a flaw in how the Ceph filesystem validates auth
replies. A remote attacker could exploit this flaw to cause a denial of
service (system crash) or possibly have other unspecified impact.
(CVE-2014-6418)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-3.13.0-37-generic 3.13.0-37.64
linux-image-3.13.0-37-generic-lpae 3.13.0-37.64
linux-image-3.13.0-37-lowlatency 3.13.0-37.64
linux-image-3.13.0-37-powerpc-e500 3.13.0-37.64
linux-image-3.13.0-37-powerpc-e500mc 3.13.0-37.64
linux-image-3.13.0-37-powerpc-smp 3.13.0-37.64
linux-image-3.13.0-37-powerpc64-emb 3.13.0-37.64
linux-image-3.13.0-37-powerpc64-smp 3.13.0-37.64
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-2379-1
CVE-2014-3181, CVE-2014-3184, CVE-2014-3185, CVE-2014-3186,
CVE-2014-3631, CVE-2014-6410, CVE-2014-6416, CVE-2014-6417,
CVE-2014-6418
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-37.64
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJUNmvRAAoJEAUvNnAY1cPYvaMP/3GL2DYO7CSQpCh+mR2VM8Q6
6KVzaiv3PuXGbuwp4mMumMz932wC83yMkARgvIrkf6wlJOdzPbCsi4cGI2KKI+N0
gWv/XPBP+9vBBVcahRYBlR2biIqYtEEHiLWLsZWk2pebOyYh4WzEwebqfwwlePku
+qiHBZIUHRwV+QTSVW9trGLNMLXOuRb7wcgn8KFGVV5RC9HiELIQRDY5r4CwfgHS
3HWpm6bJZ8MS4tM534SJFEUT0mJMaGefW9B917IVUUkRXk+R3K1PsQHzjoqDAN7/
LjZziBS+I/GsebC/mi4s49HKHheT+XYyBcvLUO4WjH9UlpC5pSze3Ox6hNay3fDf
fThrhgEwmt+2P7/XzeDIXxpyCEL1MA/LIWmtUb3kPToUuf2+EU85Ea8EwGL2x+ir
J1w7Na+YP0gf7YpDJnz463TinoEKBRCP+pOrkfZWvb04oG1Wgc1MrXTGo2pKkvW9
Gb4uzOG86lf5Yv93JCzrMHzRcqT4sBcdWqVXy4Xs2oWm8IvWgGpokmpjGvBV8w+0
gCZPC4HfNpJ974uw7om6AF/ycXYno8U/HHhfy2HQNqPXvuopW7zCHmgTauwy58CH
cHfOP5dRY/xp0roksP4u9sSTIObdIrxRcFFuVO1inBBfk38TcROHZCMHsSscj8r/
wsvSVRmmmW4pK4hn4I+O
=A5gK
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-2378-1
October 09, 2014
linux-lts-trusty vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
– linux-lts-trusty: Linux hardware enablement kernel from Trusty
Details:
Steven Vittitoe reported multiple stack buffer overflows in Linux kernel’s
magicmouse HID driver. A physically proximate attacker could exploit this
flaw to cause a denial of service (system crash) or possibly execute
arbitrary code via specially crafted devices. (CVE-2014-3181)
Ben Hawkes reported some off by one errors for report descriptors in the
Linux kernel’s HID stack. A physically proximate attacker could exploit
these flaws to cause a denial of service (out-of-bounds write) via a
specially crafted device. (CVE-2014-3184)
Several bounds check flaws allowing for buffer overflows were discovered in
the Linux kernel’s Whiteheat USB serial driver. A physically proximate
attacker could exploit these flaws to cause a denial of service (system
crash) via a specially crafted device. (CVE-2014-3185)
Steven Vittitoe reported a buffer overflow in the Linux kernel’s PicoLCD
HID device driver. A physically proximate attacker could exploit this flaw
to cause a denial of service (system crash) or possibly execute arbitrary
code via a specially craft device. (CVE-2014-3186)
A flaw was discovered in the Linux kernel’s associative-array garbage
collection implementation. A local user could exploit this flaw to cause a
denial of service (system crash) or possibly have other unspecified impact
by using keyctl operations. (CVE-2014-3631)
A flaw was discovered in the Linux kernel’s UDF filesystem (used on some
CD-ROMs and DVDs) when processing indirect ICBs. An attacker who can cause
CD, DVD or image file with a specially crafted inode to be mounted can
cause a denial of service (infinite loop or stack consumption).
(CVE-2014-6410)
James Eckersall discovered a buffer overflow in the Ceph filesystem in the
Linux kernel. A remote attacker could exploit this flaw to cause a denial
of service (memory consumption and panic) or possibly have other
unspecified impact via a long unencrypted auth ticket. (CVE-2014-6416)
James Eckersall discovered a flaw in the handling of memory allocation
failures in the Ceph filesystem. A remote attacker could exploit this flaw
to cause a denial of service (system crash) or possibly have unspecified
other impact. (CVE-2014-6417)
James Eckersall discovered a flaw in how the Ceph filesystem validates auth
replies. A remote attacker could exploit this flaw to cause a denial of
service (system crash) or possibly have other unspecified impact.
(CVE-2014-6418)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
linux-image-3.13.0-37-generic 3.13.0-37.64~precise1
linux-image-3.13.0-37-generic-lpae 3.13.0-37.64~precise1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-2378-1
CVE-2014-3181, CVE-2014-3184, CVE-2014-3185, CVE-2014-3186,
CVE-2014-3631, CVE-2014-6410, CVE-2014-6416, CVE-2014-6417,
CVE-2014-6418
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-37.64~precise1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJUNmuoAAoJEAUvNnAY1cPYiE8QAMBueLMYQ5VVVuPRtk7Lc3SF
gvJBInHjsUUtA2XSfGCiqDonf9aoW9/JHX5m4cOFCGPGgUg3ptH9zvaBY0G1AUX7
eUTSKESayTxlaEH2Fw7iMwitmzIOHc/2bCfcOHWD4+sGf0QrgqpoxdMOAQ+eou9M
ChkXgw5QO3mPQd654nc9xXXjMRdn2QuZrPE8lJxyCWnMLYCj3EjxNXfKbfhTPB/u
6tHY0P7HEvcYnOBM9j97JfUWvyiTi3Vj1g4vHO2Tg5dvSGAYD8VY/Nq8S+5ep1q1
PulGZcxhJ02aPTmZR6u5/7FseR2YG8Hle1ugJPAIpRoWaLHKBz/kxrhwZxArdWFy
d39kclTznFrT9VYL33dg/QK/loLTbBAk+iWNP7kfhYqyHQe/iBkL2IhETWoIG7UC
T3xK9JpdHSUbcCwsu9RdSCWLbi1x1ZU3f2bIC68N7FR+EL8fwdpV6NNJDZPdgt59
eLJuN+bFuF6erVkdro8NA1zv5niXC8AsbvAtNKK2/0vIvzKVBOZ8tEuzeegyENxs
9ZfFtwrXHFjz1ronRjIbd4x2vNOcESy8KgcqJ5kBA7u6XXEdn3LEEXIkmooUxd+Z
iVxM1J9BumizseSNvYjUfJXw0EGEnJwWfgc9utG0PqChaZRsnQiJpuCF7v8x4urK
YKMpubt6//tsdO3b/yhR
=3izh
—–END PGP SIGNATURE—–
—
==========================================================================
Ubuntu Security Notice USN-2376-1
October 09, 2014
linux vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
– linux: Linux kernel
Details:
Steven Vittitoe reported multiple stack buffer overflows in Linux kernel’s
magicmouse HID driver. A physically proximate attacker could exploit this
flaw to cause a denial of service (system crash) or possibly execute
arbitrary code via specially crafted devices. (CVE-2014-3181)
Ben Hawkes reported some off by one errors for report descriptors in the
Linux kernel’s HID stack. A physically proximate attacker could exploit
these flaws to cause a denial of service (out-of-bounds write) via a
specially crafted device. (CVE-2014-3184)
Several bounds check flaws allowing for buffer overflows were discovered in
the Linux kernel’s Whiteheat USB serial driver. A physically proximate
attacker could exploit these flaws to cause a denial of service (system
crash) via a specially crafted device. (CVE-2014-3185)
Steven Vittitoe reported a buffer overflow in the Linux kernel’s PicoLCD
HID device driver. A physically proximate attacker could exploit this flaw
to cause a denial of service (system crash) or possibly execute arbitrary
code via a specially craft device. (CVE-2014-3186)
A flaw was discovered in the Linux kernel’s UDF filesystem (used on some
CD-ROMs and DVDs) when processing indirect ICBs. An attacker who can cause
CD, DVD or image file with a specially crafted inode to be mounted can
cause a denial of service (infinite loop or stack consumption).
(CVE-2014-6410)
James Eckersall discovered a buffer overflow in the Ceph filesystem in the
Linux kernel. A remote attacker could exploit this flaw to cause a denial
of service (memory consumption and panic) or possibly have other
unspecified impact via a long unencrypted auth ticket. (CVE-2014-6416)
James Eckersall discovered a flaw in the handling of memory allocation
failures in the Ceph filesystem. A remote attacker could exploit this flaw
to cause a denial of service (system crash) or possibly have unspecified
other impact. (CVE-2014-6417)
James Eckersall discovered a flaw in how the Ceph filesystem validates auth
replies. A remote attacker could exploit this flaw to cause a denial of
service (system crash) or possibly have other unspecified impact.
(CVE-2014-6418)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
linux-image-3.2.0-70-generic 3.2.0-70.105
linux-image-3.2.0-70-generic-pae 3.2.0-70.105
linux-image-3.2.0-70-highbank 3.2.0-70.105
linux-image-3.2.0-70-omap 3.2.0-70.105
linux-image-3.2.0-70-powerpc-smp 3.2.0-70.105
linux-image-3.2.0-70-powerpc64-smp 3.2.0-70.105
linux-image-3.2.0-70-virtual 3.2.0-70.105
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-2376-1
CVE-2014-3181, CVE-2014-3184, CVE-2014-3185, CVE-2014-3186,
CVE-2014-6410, CVE-2014-6416, CVE-2014-6417, CVE-2014-6418
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.2.0-70.105
— ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
| Autor | Tomislav Protega |
| Cert id | NCERT-REF-2014-10-0013-ADV |
| Cve | CVE-2014-3181 CVE-2014-3184 CVE-2014-3185 CVE-2014-3186 CVE-2014-3631 CVE-2014-6410 CVE-2014-6416 CVE-2014-6417 CVE-2014-6418 |
| ID izvornika | USN-2379-1 USN-2378-1 |
| Proizvod | linux |
| Izvor | http://www.ubuntu.com |
