You are here
Home > Preporuke > Sigurnosni nedostaci u jezgri operacijskog sustava

Sigurnosni nedostaci u jezgri operacijskog sustava

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3070-1
August 29, 2016

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
– linux: Linux kernel

Details:

A missing permission check when settings ACLs was discovered in nfsd. A
local user could exploit this flaw to gain access to any file by setting an
ACL. (CVE-2016-1237)

Kangjie Lu discovered an information leak in the Reliable Datagram Sockets
(RDS) implementation in the Linux kernel. A local attacker could use this
to obtain potentially sensitive information from kernel memory.
(CVE-2016-5244)

James Patrick-Evans discovered that the airspy USB device driver in the
Linux kernel did not properly handle certain error conditions. An attacker
with physical access could use this to cause a denial of service (memory
consumption). (CVE-2016-5400)

Yue Cao et al discovered a flaw in the TCP implementation’s handling of
challenge acks in the Linux kernel. A remote attacker could use this to
cause a denial of service (reset connection) or inject content into an TCP
stream. (CVE-2016-5696)

Pengfei Wang discovered a race condition in the MIC VOP driver in the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash) or obtain potentially sensitive information from kernel
memory. (CVE-2016-5728)

Cyril Bur discovered that on PowerPC platforms, the Linux kernel mishandled
transactional memory state on exec(). A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2016-5828)

It was discovered that a heap based buffer overflow existed in the USB HID
driver in the Linux kernel. A local attacker could use this cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2016-5829)

It was discovered that the OverlayFS implementation in the Linux kernel did
not properly verify dentry state before proceeding with unlink and rename
operations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2016-6197)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.4.0-36-generic 4.4.0-36.55
linux-image-4.4.0-36-generic-lpae 4.4.0-36.55
linux-image-4.4.0-36-lowlatency 4.4.0-36.55
linux-image-4.4.0-36-powerpc-e500mc 4.4.0-36.55
linux-image-4.4.0-36-powerpc-smp 4.4.0-36.55
linux-image-4.4.0-36-powerpc64-emb 4.4.0-36.55
linux-image-4.4.0-36-powerpc64-smp 4.4.0-36.55

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
http://www.ubuntu.com/usn/usn-3070-1
CVE-2016-1237, CVE-2016-5244, CVE-2016-5400, CVE-2016-5696,
CVE-2016-5728, CVE-2016-5828, CVE-2016-5829, CVE-2016-6197

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-36.55

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJXxJAoAAoJEC8Jno0AXoH0638QAI7oFW4KPTOiLtkW2MZf+BUy
3TWsM1w0hwXo3MahkdMFBKbOKm7tqMNir9tELt/H/ms4V0BjStXt1EivRMILr9WZ
P3Fa6Ok6qWmYvW+JD4aFfzLcacTpnle/1NqhcUrIM8f7xAnwrCyvUS4HVhazhDHx
Ikrro53UFG06uMpKPAPF3224xP+UTZwfTOT5KKNke5gS+190YDFMUiGUAfRhtV57
lhkn2wndsrq4mqJXuXJOha7eEI1+SBeItbLgmV2sigTT1MVJ6uQZB0sdMDSo5zKh
qH5cTOGs7OVHRLm5WdsdK8SmxZ+eQCswXWuPgL7IREJRrmflWwG0EU41DJf+0KBG
o0FHa0gjBQKO3uLFUhHjEd1rS+D8VjX0Wtf+rPzbd04Zv+Q9KvJd+AdhXF5VsG4h
XWGiu11q6b2bUXMeXDuldPav1ZeimAORdBF/BVQRGb4nRDe3KuDhwnK2FYNXnob7
23CGVk6nmHDldf0pjm0G7KkCtWfhIqOWlqYpcYJwCr/0DI9X8kCAgiE10BLwV6Yh
N9/QRa8QYz/VaCA23aCMNoydUwyMgrbKsBLxh0JPkONCpSb5zuCnaJ2AclKHtyDz
VgVlLLpdcQhcP3j9v8fGOQGAQPnd+8wSJGVg5k5c+TGG3f58NlWkF3DbqVQdhIUD
rQEUVGKfR06j4IS8LcNH
=kHo1
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3071-2
August 29, 2016

linux-lts-trusty vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
– linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise

Details:

USN-3071-1 fixed vulnerabilities in the Linux kernel for Ubuntu
14.04 LTS. This update provides the corresponding updates for the
Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for
Ubuntu 12.04 LTS.

Kangjie Lu discovered an information leak in the Reliable Datagram Sockets
(RDS) implementation in the Linux kernel. A local attacker could use this
to obtain potentially sensitive information from kernel memory.
(CVE-2016-5244)

Yue Cao et al discovered a flaw in the TCP implementation’s handling of
challenge acks in the Linux kernel. A remote attacker could use this to
cause a denial of service (reset connection) or inject content into an TCP
stream. (CVE-2016-5696)

Pengfei Wang discovered a race condition in the MIC VOP driver in the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash) or obtain potentially sensitive information from kernel
memory. (CVE-2016-5728)

Cyril Bur discovered that on PowerPC platforms, the Linux kernel mishandled
transactional memory state on exec(). A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2016-5828)

It was discovered that a heap based buffer overflow existed in the USB HID
driver in the Linux kernel. A local attacker could use this cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2016-5829)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.13.0-95-generic 3.13.0-95.142~precise1
linux-image-3.13.0-95-generic-lpae 3.13.0-95.142~precise1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
http://www.ubuntu.com/usn/usn-3071-2
http://www.ubuntu.com/usn/usn-3071-1
CVE-2016-5244, CVE-2016-5696, CVE-2016-5728, CVE-2016-5828,
CVE-2016-5829

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-95.142~precise1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJXxJA/AAoJEC8Jno0AXoH0UWwP/RIoHFlUCBgpHAC1FMsDuPIC
uEx9NtTp5+R2Wk7al5s5C4rm8v1H8NAOv/rEPMFq4SXOaM2rJMaDAk4k/CRPnwSq
+nQliKvEpU3iLkEcljKCWsuJ2tRC6mPFAQOVsYhEEqY7hn80xszIb22FZYkLo6+Z
/eRK5mWd00ZAwtzQD/EBGnAeCYCBnnhsaapimanoAoepsAFD9kyAJDwFNq6RrJ/e
co/rz3+Vurr+AQjhcxgT1ozWys1BHWFMTV3rqcKQM4x1ONwW1pd7Qa7ClmXzc37K
0OHywCDvL8X674YDg7ANWCW0gDcfxccC9A8Fdxlt85XfFXGu08hHzTGj4GiKZAzz
7xEB0dnJo7tlpmPHdJxP9Fxn9BuYE0Nu46UC30d4WVeyHfkwsi08xfjiy7Bn0gSZ
FrFixpk/xU4ztXqzrbefQzdyHZCrrO7YcLcmjMfC8SMQ1O49qPzzhSFcbQSUFul3
q28yHEWZvC65tvnQIQVzEKPonoSZEaw72SczdGdDUC6xYqf95SYzYss19/g4vlK5
+3cXG/7XzWSvZhWKBDOXhowtR8RUlEMYaNxf6JG9OPQZDm5ovFaTA5Db5mBbXb41
IClGpVsuqbSj289NCeabPiZ2KitYqYHscGjuYK4CPCH3LNONvU2xaPwuXsZkBsN1
2Be3dmgX8hEhQMs99RUO
=fwpv
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3071-1
August 29, 2016

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
– linux: Linux kernel

Details:

Kangjie Lu discovered an information leak in the Reliable Datagram Sockets
(RDS) implementation in the Linux kernel. A local attacker could use this
to obtain potentially sensitive information from kernel memory.
(CVE-2016-5244)

Yue Cao et al discovered a flaw in the TCP implementation’s handling of
challenge acks in the Linux kernel. A remote attacker could use this to
cause a denial of service (reset connection) or inject content into an TCP
stream. (CVE-2016-5696)

Pengfei Wang discovered a race condition in the MIC VOP driver in the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash) or obtain potentially sensitive information from kernel
memory. (CVE-2016-5728)

Cyril Bur discovered that on PowerPC platforms, the Linux kernel mishandled
transactional memory state on exec(). A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2016-5828)

It was discovered that a heap based buffer overflow existed in the USB HID
driver in the Linux kernel. A local attacker could use this cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2016-5829)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-3.13.0-95-generic 3.13.0-95.142
linux-image-3.13.0-95-generic-lpae 3.13.0-95.142
linux-image-3.13.0-95-lowlatency 3.13.0-95.142
linux-image-3.13.0-95-powerpc-e500 3.13.0-95.142
linux-image-3.13.0-95-powerpc-e500mc 3.13.0-95.142
linux-image-3.13.0-95-powerpc-smp 3.13.0-95.142
linux-image-3.13.0-95-powerpc64-emb 3.13.0-95.142
linux-image-3.13.0-95-powerpc64-smp 3.13.0-95.142

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
http://www.ubuntu.com/usn/usn-3071-1
CVE-2016-5244, CVE-2016-5696, CVE-2016-5728, CVE-2016-5828,
CVE-2016-5829

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-95.142

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJXxJA0AAoJEC8Jno0AXoH0OyoQALChWhClTSidp6TSOwkOiI5T
eAHeOnvdnGP2S53L1S7ksJhRmt84Hk7jCp1pxsLYXaPWV+ZhApCeV2+vWWioSPWO
ot9uq1ZusBLOdhl1Xsz9ZtCjC9bzf7IGQWyLu7hiThQaisUJ4dvMiwd1iZLu/tdQ
Yg1BvI99O3ma4tAirtD1RrahZtem85TL3+7v+fClmf567OJcOG1hfsbwVxF+4z24
bftrHV7iStNVBy2LqEUTZP6EZbabAu4RXfMVeR16OfdyM3tvv4dVsdEKlbmiEbzg
CFcNI4T4EIjU3OFahbkIMZSZM/eMoufN3Pr2Dgpvjf/UoZT8p5ru0r7hhli8ZNhT
umc771keceiihR7iuWxnPPdyOOGQ1xynHzEYyoS5xNKm+qEr5dHPwlg8C63Pe6dE
YeqemDqYUiTCv4F3CU1LIbDvyPMooV5s89fJyxVpfLRZPDDTxxMl+DRZ9l3ZPf9k
2DfdEtRZxVQTpg/HnEcFH2hyjq5MrZnxd/o9AKfE7XEEYdEsv2/cDjwQ6ng0PaMM
bePsh3rv0BJd6GvZvOujE3z7vEZeumT4MjjWgagOKkGRZaZhqFph2zd3cZnaTZxf
6IMEvbSZPcWqDMUwK3t8lVIfuU9TjwSJN5vlA7r0Cwh8B4COV1er99ax8oUgcJNA
2TRsoSqIwWTCdXRYzM6P
=adSW
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3072-1
August 29, 2016

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
– linux: Linux kernel

Details:

Kangjie Lu discovered an information leak in the Reliable Datagram Sockets
(RDS) implementation in the Linux kernel. A local attacker could use this
to obtain potentially sensitive information from kernel memory.
(CVE-2016-5244)

Yue Cao et al discovered a flaw in the TCP implementation’s handling of
challenge acks in the Linux kernel. A remote attacker could use this to
cause a denial of service (reset connection) or inject content into an TCP
stream. (CVE-2016-5696)

It was discovered that a heap based buffer overflow existed in the USB HID
driver in the Linux kernel. A local attacker could use this cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2016-5829)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.2.0-109-generic 3.2.0-109.150
linux-image-3.2.0-109-generic-pae 3.2.0-109.150
linux-image-3.2.0-109-highbank 3.2.0-109.150
linux-image-3.2.0-109-omap 3.2.0-109.150
linux-image-3.2.0-109-powerpc-smp 3.2.0-109.150
linux-image-3.2.0-109-powerpc64-smp 3.2.0-109.150
linux-image-3.2.0-109-virtual 3.2.0-109.150

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
http://www.ubuntu.com/usn/usn-3072-1
CVE-2016-5244, CVE-2016-5696, CVE-2016-5829

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.2.0-109.150

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJXxJBFAAoJEC8Jno0AXoH0L9AP/A1mPIP4ab+S4Umsa2AfFXtI
L/jwuRqARNfBQ+3Tdoc7H4hFqhxjKYYL0UuNv6Ue2wkIwu+rHOZeq8PcxgqmBTwk
lN6aU5AnHqFemhslCmh9Ki5ECx1EN9/WxFhe/6WA9KnNyxaqAFMpQgBdw13MbGQY
MbNR1V7GXo1EMlfemb+RwJIAKXvZeYUjrBscX+9pHRBy8WfrAqZWWIPmJdC9kPVG
eKWf383kb3OZzIvrQ/8GfVqi35mopxdH1O9k0FEAqCB/z/pp9Czyo4Rycong/kx/
fdl1OvOaAwy/25Cn5XJPuvUQ2vB026WwWDEGNZSW/FF84OLdX0MKV5Z1J9sPLdeH
6mPSG7mp3ZG8Rn5jAhi7XfRkQVmXv3MsL5SgkB1CPqif2Wdf3TGmetLWQNEHFs+z
2Dx4SBaAEu142QdxEmg0zGjroBEHyzS7Yuls1HxxVpPwZAoA/0La485kqtjf/bRF
eJ1RN+i3DV3Yk86HvZAr6ws6NlAtyBkPoJsccoqYVaUof8stKI2ik8YLQ3Z1Zt7L
ARPjxPvG9Vp6PM6Vcps0k5+YCPLnTs/bWQ8YLhvo5vn9emG6X3xK+GNb/18n/P+p
o9CwejjiseMzBBfwb3uuUQ6efN06bhIW7QhnZHrl5D6UM8mTDFhCKlu+sQHLojzP
+3ZEecplL7v3sJ89AVWN
=xYPo
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3072-2
August 29, 2016

linux-ti-omap4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
– linux-ti-omap4: Linux kernel for OMAP4

Details:

Kangjie Lu discovered an information leak in the Reliable Datagram Sockets
(RDS) implementation in the Linux kernel. A local attacker could use this
to obtain potentially sensitive information from kernel memory.
(CVE-2016-5244)

Yue Cao et al discovered a flaw in the TCP implementation’s handling of
challenge acks in the Linux kernel. A remote attacker could use this to
cause a denial of service (reset connection) or inject content into an TCP
stream. (CVE-2016-5696)

It was discovered that a heap based buffer overflow existed in the USB HID
driver in the Linux kernel. A local attacker could use this cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2016-5829)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.2.0-1487-omap4 3.2.0-1487.114

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
http://www.ubuntu.com/usn/usn-3072-2
http://www.ubuntu.com/usn/usn-3072-1
CVE-2016-5244, CVE-2016-5696, CVE-2016-5829

Package Information:
https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.2.0-1487.114

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJXxJBMAAoJEC8Jno0AXoH0214P/23C6j9VQUL9m4p2JKkMBR6G
3iOm9JWShkEIRBc1wwT2dXusu9jRK7ZIZlLW8D8pFFWA3dYwBoOvkR66uRcW5L5k
aUP8jXI8NsgQ8dZd4mOJAuqesbixvRE1voCPjRB0bTTLcx9sNWY1bvkfz35kvcKX
MWTGqeTE7kBZcGcIduKU1t3bc4dE87XAsGliJAhHBWmToCVVSoyClDby3F0tMVH1
pYdN2cXw2ZmVGaET28TQdE/R+caMvmfI1s0oFsDyzWY4KmqJAYDMRrsftJXHQA59
oQgvpy1XFfiUHa/pGLmyzdVmDcxDD4tGgcXYBqD6dW8koCpDk2QxXpmSa9E8cvlh
yofqk1PQyjt5enqsDyjSdAxyFvOajloauz2VicbLeaiWxMCXJ3r0CAlmoNbn0G9e
8PfXVT1XllVv7mBsOfKvEPcpAv5/TOV3D2Q18zJxB/sCNqzo6PhSpeAIRxBE3iXN
Ix8r29vMqdD9lBLBtO6XBDSrOb3wtfQX4mnUWXwI3a1HJKqTdrYiECXsjC2tVs15
Dib66L2cRfpBh0+iZl6e3pbuUcwS0oRfipc++er+qGHrGyn+hmH8z27XJ7eBlO0r
pnXGOY6rpvjdE8/bbpemMFwcYdPJSa2P2yA99upag1hMKh2+uBHpVdjHYZy6e63I
TdGXiGd2eIJvMzDEc5rE
=Srf5
—–END PGP SIGNATURE—–

AutorMarko Stanec
Cert idNCERT-REF-2016-08-0169-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
Top
More in Preporuke
Izdane su zakrpe za jezgru operacijskog sustava primjenjive kroz live patching

Izdane su sigurnosni zakrpe za jezgru operacijskog sustava SUSE Linux Enterprise koje se mogu primijeniti kroz live patching sustav. Zahvaćene...

Close