You are here
Home > Preporuke > Ispravak zakrpe za jezgru operacijskog sustava

Ispravak zakrpe za jezgru operacijskog sustava

  • Detalji os-a: LUB
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2598-2
May 09, 2015

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

USN-2598-1 Introduced a regression in the Linux kernel.

Software Description:
– linux: Linux kernel

Details:

USN-2598-1 fixed vulnerabilities in the Linux kernel, however an unrelated
regression in the auditing of some path names was introduced. Due to the
regression the system could crash under certain conditions.

This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

A race condition between chown() and execve() was discovered in the Linux
kernel. A local attacker could exploit this race by using chown on a
setuid-user-binary to gain administrative privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-3.13.0-52-generic 3.13.0-52.86
linux-image-3.13.0-52-generic-lpae 3.13.0-52.86
linux-image-3.13.0-52-lowlatency 3.13.0-52.86
linux-image-3.13.0-52-powerpc-e500 3.13.0-52.86
linux-image-3.13.0-52-powerpc-e500mc 3.13.0-52.86
linux-image-3.13.0-52-powerpc-smp 3.13.0-52.86
linux-image-3.13.0-52-powerpc64-emb 3.13.0-52.86
linux-image-3.13.0-52-powerpc64-smp 3.13.0-52.86

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2598-2
http://www.ubuntu.com/usn/usn-2598-1
https://launchpad.net/bugs/1450442

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-52.86

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJVTVkNAAoJEAUvNnAY1cPYUwUP/iIsA6zn861H0WQ4tHYCF99z
0K1d5ya2m6SZrQR8xjOfCylps2/KzQS8QK6wFq6Agdr2k40V+cKT47zhbxBrFbMN
TTGAomxjNn2YiaN9h876amLAAG51S8qVFvgmTySJwelNG697M5coghyHhBDsAY34
piYjKRhY/AmnWc8sRzrZwH2cxgmfPQbPGjnkk10ISObCrxEoCwgXNqF0MKvkIR2H
bCI+BQrbq0f/ruAHd7HEtk2ZMEXP1zO0Sbb7Ny28GKMT1DOn/Qdg/HO14LKkFEoO
4ZcvliZP/AcQjkOr4pn2mi3For0C2JEfJg9ym6Wrhs17qf4z4IyN9MFzs4LxqDJ7
xn7fvS/ygUO6oOc5Sg6hqZcPV1stVBpfDdj6fKevgi+v0xGiL2k2IFiglbo5T6Tm
MVCq695dUEk5KdaE6s3dL/kw9e5kXDZB94ubzN7DALerxjPoFLphr4On2M6Ut89G
1wP2rIo2i1sOiQx0uyXXay+0tGJxSIrtextdxy7zYVLVz/YqGCQOO83IZD1T/AQ9
x+ZAnZZm4GJB72jU3ucdstih+L+PfWuLk0dIS895xtxmI/V/YCrxDySuy2IyTkA/
SIOwz7fBAko20pTSuNLXw+ox+eRKa1TgDiqN0LA32SGsS4evJZ3H+i84mVo61Tx0
iytS8lRH+5DWv2vMgNIk
=C/Ux
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2600-2
May 09, 2015

linux regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.10

Summary:

USN-2600-1 Introduced a regression in the Linux kernel.

Software Description:
– linux: Linux kernel

Details:

USN-2600-1 fixed vulnerabilities in the Linux kernel, however an unrelated
regression in the auditing of some path names was introduced. Due to the
regression the system could crash under certain conditions.

This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

A race condition between chown() and execve() was discovered in the Linux
kernel. A local attacker could exploit this race by using chown on a
setuid-user-binary to gain administrative privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
linux-image-3.16.0-37-generic 3.16.0-37.51
linux-image-3.16.0-37-generic-lpae 3.16.0-37.51
linux-image-3.16.0-37-lowlatency 3.16.0-37.51
linux-image-3.16.0-37-powerpc-e500mc 3.16.0-37.51
linux-image-3.16.0-37-powerpc-smp 3.16.0-37.51
linux-image-3.16.0-37-powerpc64-emb 3.16.0-37.51
linux-image-3.16.0-37-powerpc64-smp 3.16.0-37.51

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2600-2
http://www.ubuntu.com/usn/usn-2600-1
https://launchpad.net/bugs/1450442

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.16.0-37.51

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJVTVlLAAoJEAUvNnAY1cPYc2kP/AvNSQqMrpdejHs4M8wAiWox
hMh5MjTyIMQ5J68dEM1iQ/LyPgBY+5LVNITKoxWaxkAwNWaiGINB/05SvGC4NNBJ
PBA9IN4hWb6EYhiE1ePip0SRswovyDgYmPCnCJ77HlexA+jSuYJ5AdYajv4QxbQh
RlTtw2iH8Xb7iHFb2cpRhSOG+tEYxS58Vofg95TJdS2gnIU1KdZdD28vkf35UmFl
ToMrZX8kVZiQfE2J9TD7aSQgwCHOnfMb2MXeJzKm8c6/jwikttw4exhyYBc5eJd8
+hNuKBJNCvOnpfWhqH+f3BL0mS14WF2VmiNBEaXhEIemHY1xWau6drsnzxYskLcp
IHeSqv9ra5k9IOev53K3OXibAtY/mV96pjoFxcMpL9AIKj42GtcOuUZBfGV8WL/c
gir36KlI7l42lAA+mEoNcctNCVCMMtztCZqw++PJMk0BXyMba6FIIT6u7KTRE5nd
bEczMjwxGwu/Ubbm9atqwKrtGjLUIfpIKw8NT4vwBoPmeNypFdXzPnYsbTSLNzUd
Ix2lXiMCaMOqub5yDRxjIbRVKt432yUcurVyOR5tdSbJsQndkYAu/sU6gayApLsL
7Ovi0I7hZ5CARz6KSRdQ7FOJEDVS6cgsTamU6CG0H/TIJjvwZI4i+IQaWJnToPFi
Xf695D8oaEYb1+t9/NQL
=MM8s
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2597-2
May 08, 2015

linux-lts-trusty regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 LTS

Summary:

USN-2597-1 Introduced a regression in the Linux kernel.

Software Description:
– linux-lts-trusty: Linux hardware enablement kernel from Trusty

Details:

USN-2597-1 fixed vulnerabilities in the Linux kernel, however an unrelated
regression in the auditing of some path names was introduced. Due to the
regression the system could crash under certain conditions.

This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

A race condition between chown() and execve() was discovered in the Linux
kernel. A local attacker could exploit this race by using chown on a
setuid-user-binary to gain administrative privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.13.0-52-generic 3.13.0-52.86~precise1
linux-image-3.13.0-52-generic-lpae 3.13.0-52.86~precise1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2597-2
http://www.ubuntu.com/usn/usn-2597-1
https://launchpad.net/bugs/1450442

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-52.86~precise1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJVTVjtAAoJEAUvNnAY1cPYeVsP/1uj4GJ0T6+RjHIhZmSiXwo4
5QeqIBpAr2Gd4sxNgNUO+1r+SpQCOMdtBf/xTC8LhmqHfA+w5ubJgrDdoGD2y5Rf
Jt5mGrL08nAzcUpqpoEMQ2TxZQebF1EjErrE1CE0nBMd+IKpwtguzC+Zol9XEUNd
T8J6+aQ3EFpKqiCNgMHTrtmFfBj8LG2hzn6jAREW+rsnM09DzpYD6/lXarM/356b
WZpy/7WFJvm8m3QiS8sRx2q+9XMPpY+YUP7On21LGTYeRz9qS6dKLvKSW6dJrXgQ
7IQd/Er+G3UC5YJZqNn1+VySF49/5APOam1p00O9fq46IQ5V+rpyFsLMD5cm6Xyt
CISnb+Y50JO9akMOsPYXQMhtSNEwv+doqQYVRA/Rhhb7X/ZRfzbCdC81Gkrz0bGP
8s/4H/+bXuP81QI5JW8H1tsab4FjtGK9Bur2ruZz4Q7EAFw+aTpzepuJeVuSslXg
83OGRGjY1UByFu4hdEu1T7+fAFwbHIWGoPu3SScITNYWf0ejhManjbq52diRoNOO
11GpJBFx6k+vbnzOWg6shxdissYT7krVJczJbncqXuPnxLsosx7pkOuA42ugHNNe
Aj2myztRVgwAzSEx7hz1303UGCWq8tZOTzarCc6+jf6zZRQxa8DcPIyV+30peE5c
27r7SWgfA2BcSk+ZWUsb
=Kj34
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2599-2
May 09, 2015

linux-lts-utopic vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

USN-2599-1 Introduced a regression in the Linux kernel.

Software Description:
– linux-lts-utopic: Linux hardware enablement kernel from Utopic

Details:

USN-2599-1 fixed vulnerabilities in the Linux kernel, however an unrelated
regression in the auditing of some path names was introduced. Due to the
regression the system could crash under certain conditions.

This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

A race condition between chown() and execve() was discovered in the Linux
kernel. A local attacker could exploit this race by using chown on a
setuid-user-binary to gain administrative privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-3.16.0-37-generic 3.16.0-37.51~14.04.1
linux-image-3.16.0-37-generic-lpae 3.16.0-37.51~14.04.1
linux-image-3.16.0-37-lowlatency 3.16.0-37.51~14.04.1
linux-image-3.16.0-37-powerpc-e500mc 3.16.0-37.51~14.04.1
linux-image-3.16.0-37-powerpc-smp 3.16.0-37.51~14.04.1
linux-image-3.16.0-37-powerpc64-emb 3.16.0-37.51~14.04.1
linux-image-3.16.0-37-powerpc64-smp 3.16.0-37.51~14.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2599-2
http://www.ubuntu.com/usn/usn-2599-1
https://launchpad.net/bugs/1450442

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-utopic/3.16.0-37.51~14.04.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJVTVktAAoJEAUvNnAY1cPYkA4P/ig+3mmyt8iY9QWdr/5gxYtu
Ag1LDw2qleWtkGIas5Nh1R0gX43i65gA1fV9MLPDoKLWtktm+L7qOtlzhsENeGIK
2pMOS0qruxPM7JcZ+Isi/RH8rwrzOiFpkL6ybS5a6fRSYORX7UER1MQVWiXafNhT
OuM8gU4iPdLTIWyZ/HARcEEwtsHaId157rjnRK6vFk2zYmi6Gh1vrtVIxhAQhX62
GwfykoJxXwugJHEwwLl25K9Zr7JGC8/E5/5wfzvdQUYUWRhpqN3D4xKw4kJ3oJbs
qU9nnELT8lIODLKj1z4MJN8btnHhcVmaTTtrD3NqPRWDlB+qHXhD4kNwCYHMoTIm
wB7GHMQl2/AUdlNXEp5fJFzIS3QrhtBn9rG2yPBWzMxFLVB/JBBdhpC5/yr0zPOb
wxIOynqXNG7R9yF9tU9hlG97D5bZAYGpTWUG0knKQtulWMOZriNUsdrXvvAXuz+k
vTQXgUiFDh/QU2tFNiM6E/c2BVQIuarVMMhNDUIRHnkAjXmkjGRkaaQbS+1J4R4n
ILKKcd7Mxu1pd2uAx/WMeiL+rKKzB/WPvrs/5M8zzjCUWXqNdiXVUrLCGXUE6oXf
2w7iNt0Weknh0UMNITtFOvdiM8IztSInLXPkDI/Yso8yzKG3r1zbTLURkGCizTki
5ggOgWP2orCfJjV6xVfo
=xCMe
—–END PGP SIGNATURE—–

AutorTomislav Protega
Cert idNCERT-REF-2015-05-0016-ADV
ID izvornikaUSN-2598-2 USN-2598-1 USN-2600-2 USN-2600-1 USN-2597-2 USN-2597-1 USN-2599-2 USN-2599-1
Proizvodlinux
Izvorhttp://www.ubuntu.com
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa proftpd

Otkriven je sigurnosni nedostatak u programskom paketu proftpd za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje kopiranje proizvoljnih datoteka....

Close