You are here
Home > Preporuke > Ranjivost jezgre operacijskog sustava

Ranjivost jezgre operacijskog sustava

  • Detalji os-a: LUB
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2761-1
October 05, 2015

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

The system could be made to crash or run programs as an administrator.

Software Description:
– linux: Linux kernel

Details:

Dmitry Vyukov discovered that the Linux kernel did not properly initialize
IPC object state in certain situations. A local attacker could use this to
escalate their privileges, expose confidential information, or cause a
denial of service (system crash).

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-3.13.0-65-generic 3.13.0-65.106
linux-image-3.13.0-65-generic-lpae 3.13.0-65.106
linux-image-3.13.0-65-lowlatency 3.13.0-65.106
linux-image-3.13.0-65-powerpc-e500 3.13.0-65.106
linux-image-3.13.0-65-powerpc-e500mc 3.13.0-65.106
linux-image-3.13.0-65-powerpc-smp 3.13.0-65.106
linux-image-3.13.0-65-powerpc64-emb 3.13.0-65.106
linux-image-3.13.0-65-powerpc64-smp 3.13.0-65.106

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2761-1
CVE-2015-7613

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-65.106

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJWEtl/AAoJEC8Jno0AXoH0VgwP/jQU5Rnt93cgJip32Iv40+og
WrHZ7GlsN739cOMw79YSCi5AcqcOx9mDQrIVO8wypjMQ7FNYsX9Vn3EPS72XKEAE
le/b2BK4uIhX/Hzl78s7FupDWhWRFHOlbTUy/WXgvAu1sZFBVTmOEjPuxNRV0PtI
SHOUhyNsMql/8vWMNrNvjYnd/Z5OoQBS9eiT9iFAxOuUjh0uDaWTbXXLT0lI7Mck
JnN9pNT2rsCNgE4J6y4T38XtrnRUA9bABNsupxF4jhM+lIqaSA17P4QqMXaTibH8
Y3apNO8/ROZagz72a1O7MEj9RIBdBrdI7vVwRWtkDoWEvdysMUPI+L6Xr6wdAPF4
hxg+6Z+0+L1EY0Ne/fSqudNjdgnLzzHb+f1ELD7yQP9jxB6BYBjqlxK761829QWw
iYrYE/V63s1H7iuFbLtyEgtBX38yaokYr8q3ZZHrZrpTnJRtUluNOa5J3NmiSimT
hrNqGiOVSu+hgRsL92QbjRaIVAQerRi29wp3na1PUnvu+PGoLdAiPaG/2SW0Ns/W
uMvNSmyKQUO8E6TEM+5R9ggbNVwP78XJ6E/LBI+lECdg9n84wgV7NGwXWfzHMcdH
4Bsag9+ihl9IqZ8F1uVhEBdsQvyFMa52HyPOMO5H/GX53rlT/TZN1nP7JIdrk767
E7gT1my+GN311t2KAp8w
=kufG
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2762-1
October 05, 2015

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 15.04

Summary:

The system could be made to crash or run programs as an administrator.

Software Description:
– linux: Linux kernel

Details:

Dmitry Vyukov discovered that the Linux kernel did not properly initialize
IPC object state in certain situations. A local attacker could use this to
escalate their privileges, expose confidential information, or cause a
denial of service (system crash).

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
linux-image-3.19.0-30-generic 3.19.0-30.34
linux-image-3.19.0-30-generic-lpae 3.19.0-30.34
linux-image-3.19.0-30-lowlatency 3.19.0-30.34
linux-image-3.19.0-30-powerpc-e500mc 3.19.0-30.34
linux-image-3.19.0-30-powerpc-smp 3.19.0-30.34
linux-image-3.19.0-30-powerpc64-emb 3.19.0-30.34
linux-image-3.19.0-30-powerpc64-smp 3.19.0-30.34

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2762-1
CVE-2015-7613

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.19.0-30.34

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJWEtlzAAoJEC8Jno0AXoH0CFcQAIEcqS8FvqLUAOwdwUgzVjj8
DuU645bjDRqailwGQgs9pdbRtJTFohBIE5SgJ9w+lFx2dAkni26gSzcRGJQOqlUl
cfKhy51H59vFbY9x99HTnp0L09K+c+KHsEcZ/pZPHGin9o3JMwUw/l2dyIEhsXEm
ep7/IZku+KfIzSVq4E8sWl3zPCKeA1WixrMUzzXt2/vM+kgqEUK1eWzzFA2P+8Eh
oduDkLD0tA/8LhP3XUNFuPTZyWJa767Pm9mJ1DPvUHuaQOWuO/1hn4tGigTgEKR1
6nbVBqVwErh4/Y6GMF7A1EExhKVMGE0BXB5pMHJlBLUi3OHiAwyp1LLvGnIgw1ov
fkwC+zVO8qhZWkiC7Ze3MatquzLrPHlAzcGMv5bXGQLv0fF4GVzQ+D8wjr0glDcz
VQu1wyPVQdm7HuUVD4kC1+txfBYtbtEoJveFbDjXNTmS9i8Ty2IMWK43HPmP/p7n
25IEHQNT7WqfAg7CAaoMRCbRrZ3PEINZQ4R9xWcqk7jaQOOU7Hgj3xPh7lvPx+DC
rImnkuguWjK0w7XvsNJ205WZ+jqFLI/0oCmSYpO5goubj4iVf6kSX6eT1MYEJPgi
I1tAkCrg82hKsXVH1ah5Mv7aGnUIftkL734PtVpYah3FbOx9SRB2ZnKlkC7iXOGd
e/nhZIogAXPD8Knxe+yD
=h3Va
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2763-1
October 05, 2015

linux-lts-trusty vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 LTS

Summary:

The system could be made to crash or run programs as an administrator.

Software Description:
– linux-lts-trusty: Linux hardware enablement kernel from Trusty

Details:

Dmitry Vyukov discovered that the Linux kernel did not properly initialize
IPC object state in certain situations. A local attacker could use this to
escalate their privileges, expose confidential information, or cause a
denial of service (system crash).

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.13.0-65-generic 3.13.0-65.106~precise1
linux-image-3.13.0-65-generic-lpae 3.13.0-65.106~precise1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2763-1
CVE-2015-7613

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-65.106~precise1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJWEtlpAAoJEC8Jno0AXoH0mUkP/3IRI9vCJD3jgUgfmTdw3LOF
QxJSiaKsjL8Lqh0pqCmxWaJu3I1XiBo2tzeyC9hBLUIKVdnCPKDYWjEHX3klCJnW
G05QklgD2c5WKsoNEUfti9yUQLfh56lzsFji7b8J7cHPxQND9Hd++4xY1kTtMgoS
GsDQO277hgXcGa1omQ23rkAapznMMa8N/JL0Dnf/K5GCbxyHKztJagvrzSL0xkIM
zmzk3/irlaPUCaM5Z6YXCl1mzD3qycn9Wo06WOrLLHZVXwxccHuU6J9iOewL5Uki
q2KiNXofEQlioyjesYAVzFx0PCvYwYDd483/HWeEzfyiUK0rESdSUSwAD4tmG+YJ
rDPLhGTlMsfIkAVDy6Ei4CZmnPcJxQetsT5eC0+gnVBJsVxmWpggv3hw1E/bWqv5
Y6v+Kyj3zHETtEzgTN1cnvKqBd8hxf2EZyKzCgmRgp76/HGisIt5od79dfVyzwI8
Q+QhBIECbdlKI/GsaCWd7KrJ/x/3K8oD1ynQDsYlX6hOCB4m/TmXoqsV8g6et0Fi
guSe1PEiTMzXPM30sS+fe1S2AVO75VJzQaUU9uu9OwpSEMPTFd5TC6n6vBwrgBoP
gPXPoYxQTGwtJJOljSeXiXIVw92OVDD32TlPXkGVBvxFrv3DcZ593FkPBsh8+t0d
PHTcGTJ+AGBdSpBK8m8n
=i+v/
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2764-1
October 05, 2015

linux-lts-utopic vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

The system could be made to crash or run programs as an administrator.

Software Description:
– linux-lts-utopic: Linux hardware enablement kernel from Utopic

Details:

Dmitry Vyukov discovered that the Linux kernel did not properly initialize
IPC object state in certain situations. A local attacker could use this to
escalate their privileges, expose confidential information, or cause a
denial of service (system crash).

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-3.16.0-50-generic 3.16.0-50.67~14.04.1
linux-image-3.16.0-50-generic-lpae 3.16.0-50.67~14.04.1
linux-image-3.16.0-50-lowlatency 3.16.0-50.67~14.04.1
linux-image-3.16.0-50-powerpc-e500mc 3.16.0-50.67~14.04.1
linux-image-3.16.0-50-powerpc-smp 3.16.0-50.67~14.04.1
linux-image-3.16.0-50-powerpc64-emb 3.16.0-50.67~14.04.1
linux-image-3.16.0-50-powerpc64-smp 3.16.0-50.67~14.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2764-1
CVE-2015-7613

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-utopic/3.16.0-50.67~14.04.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJWEtlRAAoJEC8Jno0AXoH0QDsQAJvC0WcWgAGCq9OQeXc8uv5h
AGcbmg/EhoBeLVEzkgiZfVTjDl4o7H4+x/qei/Dh8k2g9I9edfWQDVvGQ1hzx4rF
sfrC6rJplwxDtmNA8cjlHa0uqf7tBYbvZN/6CLBpbv0ISUBs1FZS1SaL46tAz/ve
FJpwqnKePF0dBjp7TGRbgHmUWYX4Px6VGy18mbgzjnzm+y4LUUwZ0l8YfIeT0tKe
Vf32QOV6flLr2oGQRM5Cx7xDaQ4TLU0PTNwpXnzngviXhmTUF8bnwN7Liy3gfc8c
nZWxySD4HPxEhE5aF9pqkT4DBqZ4r6f3+ompufSL7lSfRPLi6CBW+3XLeuzGjtrl
Ca3LbZol+63ueuqZbW0Z7mNU3vJXDi/rO6nkjt+oCYMvX5oUBsax196Xs01GAJFh
grWaXvPTCSiPEGSlE2XZq9HREC0HulKz2g0/jRy5j4DEcrWVAVqSPBKCQC1FZN5f
WGzZ2vLRJDTGGBL6R/rKtNXWSAQRzyR9B+E1Zh3RSYU6yaYw7D4ZGwDtXfOW0ePS
xB2YW3jrcdEvhJNWD0sGh4/TQ7mlX1JmWydYzR4iEJPukUvdeZH3YNCj21f0Aajy
7h10q+ssO1RXgYeA3ga8y5E6lKOAgjrBpHQM+2EimmsHzvFjdufoHFwk1PRmpTgh
SbMEyYTlgAO38aa0BCcq
=Le2E
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2765-1
October 05, 2015

linux-lts-vivid vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

The system could be made to crash or run programs as an administrator.

Software Description:
– linux-lts-vivid: Linux hardware enablement kernel from Vivid

Details:

Dmitry Vyukov discovered that the Linux kernel did not properly initialize
IPC object state in certain situations. A local attacker could use this to
escalate their privileges, expose confidential information, or cause a
denial of service (system crash).

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-3.19.0-30-generic 3.19.0-30.34~14.04.1
linux-image-3.19.0-30-generic-lpae 3.19.0-30.34~14.04.1
linux-image-3.19.0-30-lowlatency 3.19.0-30.34~14.04.1
linux-image-3.19.0-30-powerpc-e500mc 3.19.0-30.34~14.04.1
linux-image-3.19.0-30-powerpc-smp 3.19.0-30.34~14.04.1
linux-image-3.19.0-30-powerpc64-emb 3.19.0-30.34~14.04.1
linux-image-3.19.0-30-powerpc64-smp 3.19.0-30.34~14.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2765-1
CVE-2015-7613

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-vivid/3.19.0-30.34~14.04.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJWEtlAAAoJEC8Jno0AXoH0PtsP/RF7MijRRyO75enu/bHzh8Ct
nYo3DRhLqePEy8FHkTK1TGYbVZbFKtUF5SPTlSI1f0jGmJnAs5ZIbnegy2UMjgXo
ukSLf4R6ojU+jXyudcosfGiERVEEfhGVa370ElKG7b7NIrmv83u+E6Pc/JESAgW0
cIxjPVkBqEEo6VWNLiNL4rQwPNNzBxyQ8b9kfw70gN9sQB8yZdjU94tZl43Psal7
aGur4S7mbpdNq7CaojICXsu0INlg0GLUBE0V+TgjGQ+UumB4PM+fcchMLEEQf3l4
Vtk4/xrReFrnLGuvnxvkpUkHqI+PP/1NoJFNCNojONDroJ5MMqbD+p2gkM8pOdcc
nd1wnsVCLP8T3HQg8PHeva11LUnMqo48ooUWNc3MiWIina7jfo8ultg8J/te3Ckn
V7OAtb5oN2ugSjcEOgPLnOcnUvMIGn0rtEhKxaFsO+OOn35U7YNMg34l7PFztDjI
yt1d66sy1ZZIoIXbo+TVR8AzS5BhhdZMQTZ146kSxIMTi9SSNxS1V/75q5PfRL4M
7fotKtvmLLmYVOqLFJK9BFbWAudnWkTna3nznGZa5FJqZounliW9EEuy/JF4821Z
XxtBV0aGhl+zHA7lSzSyBYov4fMBbTgzzDbquD9FEpwFPwVufd9lN2ys3Dqh12dX
Y6XDUcY7sa/zUwsuWGf/
=TU5O
—–END PGP SIGNATURE—–

AutorTomislav Protega
Cert idNCERT-REF-2015-10-0014-ADV
CveCVE-2015-7613
ID izvornikaUSN-2761-1 USN-2762-1 USN-2763-1 USN-2764-1 USN-2765-1
Proizvodlinux
Izvorhttp://www.ubuntu.com
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa libvpx

Otkriven je sigurnosni nedostatak u programskom paketu libvpx za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje izvođenje napada uskraćivanja...

Close