You are here
Home > Preporuke > Sigurnosni nedostatak u jezgri operacijskog sustava

Sigurnosni nedostatak u jezgri operacijskog sustava

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2640-2
June 21, 2015

linux regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 LTS

Summary:

The system could be made to crash under certain conditions.

Software Description:
– linux: Linux kernel

Details:

The Fix for CVE-2015-1328 introduced a regression into the Linux kernel’s
overlayfs file system. The removal of a directory that only exists on the
lower layer results in a kernel panic.

We apologize for the inconvenience.

Original advisory details:

Philip Pettersson discovered a privilege escalation when using overlayfs
mounts inside of user namespaces. A local user could exploit this flaw to
gain administrative privileges on the system.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.2.0-86-generic 3.2.0-86.124
linux-image-3.2.0-86-generic-pae 3.2.0-86.124
linux-image-3.2.0-86-highbank 3.2.0-86.124
linux-image-3.2.0-86-omap 3.2.0-86.124
linux-image-3.2.0-86-powerpc-smp 3.2.0-86.124
linux-image-3.2.0-86-powerpc64-smp 3.2.0-86.124
linux-image-3.2.0-86-virtual 3.2.0-86.124

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2640-2
http://www.ubuntu.com/usn/usn-2640-1
http://bugs.launchpad.net/bugs/1465998

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.2.0-86.124

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJVhwnPAAoJEAUvNnAY1cPYYlkP/jNZxYRHwHafrj9Wbv2xHyWm
yTaD+Hi/kqYUccra9bvUxTjFFafTg6/SLqPpB5y4IU4WaldOU2TJEuwDTAdBlTtR
+WHNGfY/AG2YYX++qqUpsahd5svokuS0Xty/QcbSYX1e3HtJ+ZQAh/xYVJg+xJ0E
yZ4LjB2O9xSGvK3jLGz0lrv3YrsEwYbcubNcM5rHGVFJA9NeqAEjEsng8v5MLydd
bBgtxE6XCQnY3B+XilOOh5nFlxK0F5/8PjFhj/IMSQQl3izuFwV9F+ln2FOPQTQf
QRUdeDmeqcNnLN4uu4Ls0k4k/5NdE7Ns8A5m98VHwf1St0Wt13K+YA3N4J34qBJU
FZqrnYFl6yblsARtD9N8YUxnV4ielhnoupT7Bi5yPhlvS5cefl+m4v8K8qFmCuVi
RlAuo8mFIeP38O+g4dw8DDa6mjgWffPebHm1/dTzMorMGTMUI4rBzB0Uk4h0ypez
fflXK3cXnQm2ooop1AYSIsgNezWQnqe/YGfULpOIvYYd3KpRAxdYd5jQ6bzcl4GH
H0v6yW3PFb1E5c/zr2ejK/QmbynEL1EhyqXz4Wsqc0luJWoLsqjwOsfqYXsid2X9
cBwNyy4xv0DJSz+C0jWkvMHtl3vxK6L42gSmXuc82UHAJwrXqvmN9vcZmGvA9/E0
kswyIkr3UyMJRzBVVPfC
=Kaa4
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2646-2
June 21, 2015

linux regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.10

Summary:

The system could be made to crash under certain conditions.

Software Description:
– linux: Linux kernel

Details:

The Fix for CVE-2015-1328 introduced a regression into the Linux kernel’s
overlayfs file system. The removal of a directory that only exists on the
lower layer results in a kernel panic.

We apologize for the inconvenience.

Original advisory details:

Philip Pettersson discovered a privilege escalation when using overlayfs
mounts inside of user namespaces. A local user could exploit this flaw to
gain administrative privileges on the system.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
linux-image-3.16.0-41-generic 3.16.0-41.57
linux-image-3.16.0-41-generic-lpae 3.16.0-41.57
linux-image-3.16.0-41-lowlatency 3.16.0-41.57
linux-image-3.16.0-41-powerpc-e500mc 3.16.0-41.57
linux-image-3.16.0-41-powerpc-smp 3.16.0-41.57
linux-image-3.16.0-41-powerpc64-emb 3.16.0-41.57
linux-image-3.16.0-41-powerpc64-smp 3.16.0-41.57

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2646-2
http://www.ubuntu.com/usn/usn-2646-1
http://bugs.launchpad.net/bugs/1465998

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.16.0-41.57

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJVhwpmAAoJEAUvNnAY1cPYwEkP/2wCS9O32hiZdv2wfwNpP1kH
j5HqFVfBtuaUtFuc9NVkX5VM/JJbf5u8BARNrmHioXRQBbyfsjgf+47HmC7Yqetg
pR24I97p1K3s0bQJmZtJiX7NZy1N8n2jj0b4ERggBwWzKPvT4GJbCx7PPEOLIPjF
XAg7HMND3UbSMuVEpDgIric2ycR36lxu4kQf0D499E/brMi16kmXc9sBeSqyW4zR
8B4nNsfy48GVAlZIdBvREl4NUGV0EfGaVjwr0L0HDK0Ly7r7y+YsvezgdMHiT4eD
i53ug2r3tR0d8+uzi5ZrjLrgsV2+mdAiFxAStZqpqhu7Ua9/tyfHyD4/oFCmN7y2
CuSPHqsWW7AAe1U+ksZMiw/ANVc9ZiCIjFnVCv8hSMWFFMv+5KdJqu8PrFE6eiJ+
0F4E243A3exWkLsTv775vT+vcNMruHmNoZVgZmpQp2p3A7GQmdPbX7Oi3bTAMxyC
cK3+07nKVi7TEU+fQx7/gdNEQGhce3UNPuMw0/JcwvbcfbfE4MZzkWKe2CCRl22v
lute08bvVx39ov3HWuOUShEFkjV1lpC0VKnIgxJpmciY4uBmhLc51fleolQMJdj0
HxuYhXYiGrosAkCIoOKpIzXJpmfeAruWOAJNKnsuWDHON6akAF//FZ/YCAHJVcj5
Z23pys4HNxL9sQ2XtWNl
=XBbN
—–END PGP SIGNATURE—–

==========================================================================
Ubuntu Security Notice USN-2644-2
June 21, 2015

linux-lts-utopic regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

The system could be made to crash under certain conditions.

Software Description:
- linux-lts-utopic: Linux hardware enablement kernel from Utopic

Details:

The Fix for CVE-2015-1328 introduced a regression into the Linux kernel's
overlayfs file system. The removal of a directory that only exists on the
lower layer results in a kernel panic.

We apologize for the inconvenience.

Original advisory details:

 Philip Pettersson discovered a privilege escalation when using overlayfs
 mounts inside of user namespaces. A local user could exploit this flaw to
 gain administrative privileges on the system.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  linux-image-3.16.0-41-generic   3.16.0-41.57~14.04.1
  linux-image-3.16.0-41-generic-lpae  3.16.0-41.57~14.04.1
  linux-image-3.16.0-41-lowlatency  3.16.0-41.57~14.04.1
  linux-image-3.16.0-41-powerpc-e500mc  3.16.0-41.57~14.04.1
  linux-image-3.16.0-41-powerpc-smp  3.16.0-41.57~14.04.1
  linux-image-3.16.0-41-powerpc64-emb  3.16.0-41.57~14.04.1
  linux-image-3.16.0-41-powerpc64-smp  3.16.0-41.57~14.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-2644-2
  http://www.ubuntu.com/usn/usn-2644-1
  http://bugs.launchpad.net/bugs/1465998

Package Information:
  https://launchpad.net/ubuntu/+source/linux-lts-utopic/3.16.0-41.57~14.04.1


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVhwpHAAoJEAUvNnAY1cPYwLwP/RdBHv8J+xQjeHQpL/69XmKE
Gz3JJNi7TuB140Ue6TzsWDMY5+zx/cd324bL5BG7qpBAWutqy5iU06a/VxU6GF5J
Jx691GbEHz6lMgCwpRpeKmqnTglnqcZEkf4Hp2VNQumyFjMPQ4bAv2GexHF6/c2k
jEamm7t5s1UP8Pxh7w0IrDVpU8ZVOOq6NoaXCNd+d1JYT1FkVaRRcoDpyJk8VpKz
1jlxH6FAtz9QI9GYEMc0ZM4BndLWPx4m9ULGqyewR+azGl1eOEWEsS15OSqCXTzn
u9mYv3KIRzMypq3Q3z79vuyfmObd/yUaDELlJMMQtRRSDkwIPcte0GDWkIyuQ7Sn
1X7iYvK1TJ9tf/x0BcF55U6hoSIoyZBF2V7FQkaDuFFwN9gAu8W4s4vlZEpfQjvH
glKlKxl3Xt9iN4SyJZ4JPeN+Tz42DAJQF2g/K0MtyZBxVLL6plhNUblabaV4r+ao
LAe6YWt3y0LTmkmjMdfiMUvE+KYoZnv/4naJrPHwuH+rrU10pszIVUZjL1VhkzAF
OqPBJl6K6DVG0jEIfSmin0GscPWi7ZwbLXQURmj9HLu1W3SJ8wJMUZnnTbhqdqSL
YqwqqDM81efGEeFLoFwFW2PBYXJ4RMnd5qAAUFx8iY3vcoTbCsDYcjkhKAiPPKEi
gI+rTa4kzr6fPxmufRSg
=B9nd
-----END PGP SIGNATURE-----
-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-2643-2
June 21, 2015

linux regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

The system could be made to crash under certain conditions.

Software Description:
- linux: Linux kernel

Details:

The Fix for CVE-2015-1328 introduced a regression into the Linux kernel's
overlayfs file system. The removal of a directory that only exists on the
lower layer results in a kernel panic.

We apologize for the inconvenience.

Original advisory details:

 Philip Pettersson discovered a privilege escalation when using overlayfs
 mounts inside of user namespaces. A local user could exploit this flaw to
 gain administrative privileges on the system.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  linux-image-3.13.0-55-generic   3.13.0-55.94
  linux-image-3.13.0-55-generic-lpae  3.13.0-55.94
  linux-image-3.13.0-55-lowlatency  3.13.0-55.94
  linux-image-3.13.0-55-powerpc-e500  3.13.0-55.94
  linux-image-3.13.0-55-powerpc-e500mc  3.13.0-55.94
  linux-image-3.13.0-55-powerpc-smp  3.13.0-55.94
  linux-image-3.13.0-55-powerpc64-emb  3.13.0-55.94
  linux-image-3.13.0-55-powerpc64-smp  3.13.0-55.94

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-2643-2
  http://www.ubuntu.com/usn/usn-2643-1
  http://bugs.launchpad.net/bugs/1465998

Package Information:
  https://launchpad.net/ubuntu/+source/linux/3.13.0-55.94


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVhwooAAoJEAUvNnAY1cPY5akQAIDk6X2wfKLxr9CGFnqrqr/k
EweIqRbnK5VdOs5g7dwuzKwM722D0gYCU5midjrQUMNoDbRAnE3Nq4brghAuZO9X
usuGCsEl5pyDAHDGrjI5y61ZISfspdOR7r91XrdRK+neBRgI8v/AGxDGyQOULuaR
z8lAUmy/0pqZNsLQxWpEtSA/2jkk9kxRbw2YKKuId2RjrtwbecAtbO4USaUqi74R
+6G0AkGmhv0Hrds9m8c7ArAws98NbVQLnC93cSfcEqTVkrwNwyf/Xh5H3PKVhwR8
GEZ2KN4s99LsgV7Wnwbs0RfFgq7KLySqeTTIimw5A8WYa73BZXqqhn2v2qdwKYch
4qLQMXAlaP8CmntobPS3X9oZG1YVYDzKiOJpj5YR+tRiTmn0ll+mueWChXgnJNk5
kPp2lDHih2L8zqRFEE4vJo9fKnj5sOWDgPv/4AgYcjsT5dSMK+GAN8ofssUkGly+
DEAHiucysu7olCtL/XyauDl2apx5f0c4tMQJ5w+lzLw+gpM7Y3ggK2iM77BpLqEq
pcUHD2OCAWb8GApQmVUrH4woQ1WUdJ9cCnqQOtXDw7Uw8CGWDY7RN7gveLq/RCjO
8AOYfP03C8E0XFnRElCviuFFo3KCIwV7wf8K5R6BwgEkkK6t8iZK5wqXxXw1TpuU
PGJ+FCMzLc1a9Qnt5WVo
=p0+x
-----END PGP SIGNATURE-----
-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2642-2
June 21, 2015

linux-lts-trusty regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

The system could be made to crash under certain conditions.

Software Description:
- linux-lts-trusty: Linux hardware enablement kernel from Trusty

Details:

The Fix for CVE-2015-1328 introduced a regression into the Linux kernel's
overlayfs file system. The removal of a directory that only exists on the
lower layer results in a kernel panic.

We apologize for the inconvenience.

Original advisory details:

 Philip Pettersson discovered a privilege escalation when using overlayfs
 mounts inside of user namespaces. A local user could exploit this flaw to
 gain administrative privileges on the system.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
  linux-image-3.13.0-55-generic   3.13.0-55.94~precise1
  linux-image-3.13.0-55-generic-lpae  3.13.0-55.94~precise1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-2642-2
  http://www.ubuntu.com/usn/usn-2642-1
  http://bugs.launchpad.net/bugs/1465998

Package Information:
  https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-55.94~precise1


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVhwoLAAoJEAUvNnAY1cPYfSoP/RPAhW+HaHgcZM03qILq8z7T
kRnxBRa7zBcPXD5dtApCpuJCTXk3wUEEEnFL6m1LyKLgtyjN7IaNcSJZPy1iO9iC
BGMTjhPYIF5kaLEsQ4OkXTj/k/uJDm4/hE6WBt4tsmzyY1UiEAiuou+t5YMZJ/L+
6S07Fj9sppsTBfENicGi0PdXNYd1KvmKNe7x9vzM1kV7ONWbMWELurXkgcmxhWac
LVkeuMAs8nwnB00glYGyTK+hlLxdwGrz8NI1H1FExo8gFTMjZC/U10cqGFjcZAqA
XZZfQwVr5vRal/sNjvhdMP2FJ4LpXx3y6RiOo3a9qsB4Z279m8kM4tHSVWrGw0p6
o8Ig9FmxkvQw0iuaw8Ky+0Xq6Z292/j1X9/KAxynEAhYJNsP7PAKb78pelVGARai
VJLAiGNa/YRx+YWdVexAgyOcroCSK5MFTnuRmByYi9Eo+75bLBINSzOBvfuW1shT
0RzkCl9igoodr0wFQte2srmO3Sn5cVR/GH1/PFJ7/z7jWCEr63KY6D0qa/rFNNso
WhcsEudzwA8R693RXj7tRzAOLbG/hb9EL5U0M5RYZ3s/drkS/BX0Kvxx7EvMEb4b
+STUUoq3Cb8PVSB09JDiPREPgcqwyOMd18ficB/nAZKe8DMK6oTPTajR3pPzBerH
SE5B4XYUeO6eGgFMB3rP
=canR
-----END PGP SIGNATURE-----
-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
AutorMarko Stanec
Cert idNCERT-REF-2015-06-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa Drupal

Otkriven je sigurnosni nedostatak u radu OpenID modula za programski paket Drupal. Otkriveni nedostatak potencijalnim napadačima omogućuje neovlaštenu prijavu na...

Close