You are here
Home > Preporuke > Ranjivost programskih paketa linux i linux-lts-xenial

Ranjivost programskih paketa linux i linux-lts-xenial

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3128-2
November 11, 2016

linux-lts-xenial vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

The system could be made to crash under certain conditions.

Software Description:
– linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

USN-3128-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.

Ondrej Kozina discovered that the keyring interface in the Linux kernel
contained a buffer overflow when displaying timeout events via the
/proc/keys interface. A local attacker could use this to cause a denial of
service (system crash).

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-4.4.0-47-generic 4.4.0-47.68~14.04.1
linux-image-4.4.0-47-generic-lpae 4.4.0-47.68~14.04.1
linux-image-4.4.0-47-lowlatency 4.4.0-47.68~14.04.1
linux-image-4.4.0-47-powerpc-e500mc 4.4.0-47.68~14.04.1
linux-image-4.4.0-47-powerpc-smp 4.4.0-47.68~14.04.1
linux-image-4.4.0-47-powerpc64-emb 4.4.0-47.68~14.04.1
linux-image-4.4.0-47-powerpc64-smp 4.4.0-47.68~14.04.1
linux-image-generic-lpae-lts-xenial 4.4.0.47.34
linux-image-generic-lts-xenial 4.4.0.47.34
linux-image-lowlatency-lts-xenial 4.4.0.47.34
linux-image-powerpc-e500mc-lts-xenial 4.4.0.47.34
linux-image-powerpc-smp-lts-xenial 4.4.0.47.34
linux-image-powerpc64-emb-lts-xenial 4.4.0.47.34
linux-image-powerpc64-smp-lts-xenial 4.4.0.47.34

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
http://www.ubuntu.com/usn/usn-3128-2
http://www.ubuntu.com/usn/usn-3128-1
CVE-2016-7042

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-47.68~14.04.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJYJZJMAAoJEC8Jno0AXoH0HT4P/0GV0GQJ+BNU5VT7XqEMBWgi
VhQhgt7YonR8+qBUGpsTV/K4yDOzpEwcyQ86tJCt2EqtNfjnQN7QSJFiv8XabfL/
mfvzatLJN3kPzJShWwUMLaUM/F4pFgP7Tv67v0DB75uFJjXxsRh5Gn5NWf/3WW4Z
jrXMHhM6p793Qcfw0zBVStAUECu1jSZng0njYyRbkJb6UoMw5QleSQFEVgQp+g5q
uh0Mdva0OyrV8sHM7Lxvt7gLhcGS6tLeOnuGQGCPWbNaJ3+ZefkEQVLoks6NPxSJ
AYCoLpLVRcHICHomRxGl0RrZ4ULIF4zqmxYm8ZVd+AJENT8uMp9HrjDJcmkr1gAg
wUU0ERYEOC/dCr8V4d5sNvA7Zil6IQ9u/GldQEYxy9W7mFefW+chlMBfbsy3DzWB
oEiG9grNhkSCR7v4dOp0HCPbPLd6yM1hissGqkq63+ckVsOTWQALUDrr1DOPjIRV
vkxiRPUvCodGO6/4ji/3OTb54jNpbuEpAXh2PQSoQCVmrhKSxGjGPY7KlVnqUfwp
Jx454v3P5N22wEL31lOLy27LmyT+lS07LQdAHCEDY+B6IaXTAOSJ89P2G1FZ6e+P
LzoP5hQT/AN67RfpSgft3Cczu4hzWN2DCHHgvfRqpqSL5a9bzyc0+W//cNvB/Ena
Ard+AZIOczIFeRGquqae
=YSxb
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3128-1
November 11, 2016

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

The system could be made to crash under certain conditions.

Software Description:
– linux: Linux kernel

Details:

Ondrej Kozina discovered that the keyring interface in the Linux kernel
contained a buffer overflow when displaying timeout events via the
/proc/keys interface. A local attacker could use this to cause a denial of
service (system crash).

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.4.0-47-generic 4.4.0-47.68
linux-image-4.4.0-47-generic-lpae 4.4.0-47.68
linux-image-4.4.0-47-lowlatency 4.4.0-47.68
linux-image-4.4.0-47-powerpc-e500mc 4.4.0-47.68
linux-image-4.4.0-47-powerpc-smp 4.4.0-47.68
linux-image-4.4.0-47-powerpc64-emb 4.4.0-47.68
linux-image-4.4.0-47-powerpc64-smp 4.4.0-47.68
linux-image-generic 4.4.0.47.50
linux-image-generic-lpae 4.4.0.47.50
linux-image-lowlatency 4.4.0.47.50
linux-image-powerpc-e500mc 4.4.0.47.50
linux-image-powerpc-smp 4.4.0.47.50
linux-image-powerpc64-emb 4.4.0.47.50
linux-image-powerpc64-smp 4.4.0.47.50
linux-image-virtual 4.4.0.47.50

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
http://www.ubuntu.com/usn/usn-3128-1
CVE-2016-7042

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-47.68

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJYJZJEAAoJEC8Jno0AXoH0m78P/RiCgjlTTeap77zBJaPX1xEu
z9po0fF1hDD1lNuz45JSAp2gENfJJvOZugk0a/0cj4cMw05KBh6mfn4dFEX62gPg
ciSTsEiG7dj2h0ilLoo8pUD7+5DldGU9DAUiaPsyeGvHE0NXxxmE+c6e+QYPHAFm
JQinPrncc+8mThHZdmYkwe4XgLRQ0STGddP40hQHnt/nNpT0tOwnBSs5tl3U9P+a
crOfUdjASK39V/JXmp6tuIkIVRS0ahqUrI875qZkV1Tb8Jth/hx/wdFIcP7XwNzP
JcFoEo9ISsO0FJ/Ycm6qRmlfMZPZF6N3EDKqC78o354itPm0EG/yymobilZldm5f
1ulXVbye1jr5V0JTffATpAsA8qgC4fL3yBddOs8TzBWPqmzFBMyugL2h0C6xJMBD
vG/3lVYKNqa2A7NGwII7XU6H7fvQQgeu1w1NTjP4JqPZ9GJG4M34RP7ion4aYga0
MhAnoql1zqfvn1QFv3PfRTsg3NCGogYaO3YFPG5LFJn2hBM2jJCua5WmW99YgNDa
ZftH/K8Mm5Y5E8qX5TDWkaFzeTEqK9XzivL76oPsXhkdZU6f5IWOuLxJXa8NUDnH
qH0HZoEIIHBRuySp0p7V5LZcl790m4SVYzUgCLCp5eMv2Y+zHNq+YXoQfqIMrK2J
9cPSuBCBIXGSOg8kIgbr
=hWr0
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3126-1
November 11, 2016

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
– linux: Linux kernel

Details:

Ondrej Kozina discovered that the keyring interface in the Linux kernel
contained a buffer overflow when displaying timeout events via the
/proc/keys interface. A local attacker could use this to cause a denial of
service (system crash). (CVE-2016-7042)

Dmitry Vyukov discovered a use-after-free vulnerability during error
processing in the recvmmsg(2) implementation in the Linux kernel. A remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2016-7117)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.2.0-115-generic 3.2.0-115.157
linux-image-3.2.0-115-generic-pae 3.2.0-115.157
linux-image-3.2.0-115-highbank 3.2.0-115.157
linux-image-3.2.0-115-omap 3.2.0-115.157
linux-image-3.2.0-115-powerpc-smp 3.2.0-115.157
linux-image-3.2.0-115-powerpc64-smp 3.2.0-115.157
linux-image-3.2.0-115-virtual 3.2.0-115.157
linux-image-generic 3.2.0.115.131
linux-image-generic-pae 3.2.0.115.131
linux-image-highbank 3.2.0.115.131
linux-image-omap 3.2.0.115.131
linux-image-powerpc 3.2.0.115.131
linux-image-powerpc-smp 3.2.0.115.131
linux-image-powerpc64-smp 3.2.0.115.131
linux-image-virtual 3.2.0.115.131

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
http://www.ubuntu.com/usn/usn-3126-1
CVE-2016-7042, CVE-2016-7117

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.2.0-115.157

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJYJZDiAAoJEC8Jno0AXoH0+T4QAIPf+pb2HoUTeQM1tJg8RL1A
Ao6li+V4lieXbrNscMKKdK11KMvbPPYXvwoY/IU5CY2aw+hmlz/yahWzGSjycfF8
FrIrDZJbhEAoispq9imG1KLi/jOhtHpB09sMxSK5+4NTbkHooxifzC7Jzbb98Okx
wSKFysKt8lkNgze0qHZTZxkoakZuY6GOK70HI+HDsuLyJPc38h0AE3ynfOBu48kc
OIntsrbhp47JJ03Dvq3CSkt0el3INt9TzkhClKMiLPkf6wXQkNXcy6pkm/itY5Di
geHlVTo58GVmetbf5vAhCTRMctb5oudIBUkhC+257ZQ3sJ/VCY3irXACk4cnWXIS
xLWi8I9ho/wfTKIgQL8tuusMZMVsuE7wKW9haySobU4xpcF77g+jvNq3cypfkoA7
SLlzRo62LXPurDenYoPzXoYNt/WGU2ZJDN1gsqUB99Y81StE6wEE0ENOrOzmAnly
5+fPG1thXNHZCUzDNLUY/KDBcQs1qU+ssDJLKKoDGzlOU2Jpp8L5vsHPJSBeyOei
b0Xx7hNjlNdk9LEILWmsovPR0+6VzGHOmR9m+PconPo+juP9a5eKAYd+69K7tNDH
VrfWI0vEok/5We9XfRcKyCWx1vSqb0LDSSjDpvjzC7Y+pgbEiZrpIkpTdlHBGJwa
erIWq+sNnYjEIzSxX5FN
=3xRR
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3129-1
November 11, 2016

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.10

Summary:

The system could be made to crash under certain conditions.

Software Description:
– linux: Linux kernel

Details:

Ondrej Kozina discovered that the keyring interface in the Linux kernel
contained a buffer overflow when displaying timeout events via the
/proc/keys interface. A local attacker could use this to cause a denial of
service (system crash).

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.10:
linux-image-4.8.0-27-generic 4.8.0-27.29
linux-image-4.8.0-27-generic-lpae 4.8.0-27.29
linux-image-4.8.0-27-lowlatency 4.8.0-27.29
linux-image-4.8.0-27-powerpc-e500mc 4.8.0-27.29
linux-image-4.8.0-27-powerpc-smp 4.8.0-27.29
linux-image-4.8.0-27-powerpc64-emb 4.8.0-27.29
linux-image-generic 4.8.0.27.36
linux-image-generic-lpae 4.8.0.27.36
linux-image-lowlatency 4.8.0.27.36
linux-image-powerpc-e500mc 4.8.0.27.36
linux-image-powerpc-smp 4.8.0.27.36
linux-image-powerpc64-emb 4.8.0.27.36
linux-image-powerpc64-smp 4.8.0.27.36
linux-image-virtual 4.8.0.27.36

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
http://www.ubuntu.com/usn/usn-3129-1
CVE-2016-7042

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.8.0-27.29

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJYJZJwAAoJEC8Jno0AXoH0l/wQAKbY5y5ACRkmAQCVjBd4FfhL
DTTj+1ObGzQnjkw8I98ItLv3GpdNXAb+IC7tWFfSkjiTk2uXdkNuiUvLHNjJg+RN
rm3Ac4nFJMEQOHvGtoZOThHDfrGXGxdccQYxvT8xTWDPVNgvt9H1GqcROu04ivYQ
b55J9YkqSjYrXFZayfhqo9vJetFkWjqY34HTart7/2e4SAUHtC9ykgNGHml3qPqc
kV++tKa1ND6mccS2HPLhBHf0AKyZ3pR1TxnVHgRrtDEHO4HCarduQZ1q4D1KB+Si
6Tg4UgQ1JFqQdD2dm03ByaQHq5PqH3DxTLinTWu8/VMQnCeQPc+OY05BREimQYpV
LuZ6x/31wkmc+VI/NWc+mZct5zsddQSEJsCvWwSy/rPuT6tDKA/11uokuk2Z+43c
maAHjfI/+kOMyGD7JVAqfl+E3WgqYsMfEJMFJnAaCD/HzGkAXGcWZew5gE+vllc8
SoEu3MwWfIfJNm/lEXCRSbpYh4NSPdcdN65qr0y9kZxtJIDZQrLmin4ct8feD6EQ
AC2cjEa/WOXy9eIb3G0/pcJjVSsTb90NWdzccoUvy89sl7f2kmvA5aHK7QmErIGz
SJ7h4iRzI71gLo+2bGXOpnKy/sIj/mOnQuOh9Rze3NH5h8d+6MMNiYNn32p0TplP
RaYnLpwY55TZF8PW/1qw
=jXaJ
—–END PGP SIGNATURE—–

AutorTomislav Protega
Cert idNCERT-REF-2016-11-0137-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
Top
More in Preporuke
Ranjivosti programskih paketa linux i linux-lts-trusty

Otkrivene su ranjivosti u verzijama jezgri linux (14.04 LTS) i linux-lts-trusty (12.04 LTS) za operacijski sustav Ubuntu. Ranjivosti zahvaćaju određene...

Close