You are here
Home > Preporuke > Sigurnosni nedostatak jezgre operacijskog sustava

Sigurnosni nedostatak jezgre operacijskog sustava

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3522-1
January 09, 2018

linux, linux-aws, linux-euclid, linux-kvm vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-euclid: Linux kernel for Intel Euclid systems
– linux-kvm: Linux kernel for cloud environments

Details:

Jann Horn discovered that microprocessors utilizing speculative execution
and indirect branch prediction may allow unauthorized memory reads via
sidechannel attacks. This flaw is known as Meltdown. A local attacker could
use this to expose sensitive information, including kernel memory.
(CVE-2017-5754)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.4.0-1015-kvm 4.4.0-1015.20
linux-image-4.4.0-1047-aws 4.4.0-1047.56
linux-image-4.4.0-108-generic 4.4.0-108.131
linux-image-4.4.0-108-lowlatency 4.4.0-108.131
linux-image-4.4.0-9021-euclid 4.4.0-9021.22
linux-image-aws 4.4.0.1047.49
linux-image-euclid 4.4.0.9021.21
linux-image-generic 4.4.0.108.113
linux-image-kvm 4.4.0.1015.15
linux-image-lowlatency 4.4.0.108.113

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://www.ubuntu.com/usn/usn-3522-1
CVE-2017-5754

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-108.131
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1047.56
https://launchpad.net/ubuntu/+source/linux-euclid/4.4.0-9021.22
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1015.20

—–BEGIN PGP SIGNATURE—–

iQIcBAABCgAGBQJaVU4eAAoJEC8Jno0AXoH0le0P/i0pE2hsx1ZlvVj2fAe+m1sz
303XkrHDs7p1QkIsEv6o7ebyfGJ0SJkNTWXvqDL+R2oUKsdSPEa+MbO4sEwuFLe9
ETyBOvTp2gZkqDLMsj8JW7DpCRkj0eCNaFSCHNCIYSvP9FURuWBfgIZVnSu8Dnx2
OAULY7kRR+64hMtkS+q0z1olNDxQm47RnxNqXgVjfGuLkJIRTf/I59ZjIQ0S7YcN
2gyQWmvRgeWJNUtui3SHxNJjVSwbjro3GnlwPY+a2Qgk7Amqwm08JMa7MCD8Cj8J
qQcbgQlg/Po5grEv+8vpoTEnvt9dKLfKoGXJrxiXcg89S0m0NhBYS+XC1UBRGXOr
G/WC8WtY/YNhjEr/vPuoj2J/m3wv/6BIaZ1BfVWfgWHgVhPrDcGtYgNAMt44rbqG
HWr4K4XhwPbPNMXFQK4KJj/zsTu5hof+23xn2CKXxFo/8RSbqRTx71CeMK+4HqIX
zDhj9L+vlMvnN53V6g1ZPZB9mBgTw8E5R1/ktCRnzqmHzdpf+wKtZgXrHhEl5NZ7
Bze5H7ud6D0BV1LsYKq8iZURy8+eYe1PRK4U9XmYX4dwiDy/3zXV+RR2M/zmofh0
Zsn5fN9VLAy78PL6HWnZc+iwNe4qXVXYf/TNZgWmRDZRCDC5wck4UNy58oG+3QSI
rc5dpmPu1/YGj+rbGQMY
=e7lK
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3522-2
January 09, 2018

linux-lts-xenial, linux-aws vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

USN-3522-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.

Jann Horn discovered that microprocessors utilizing speculative execution
and indirect branch prediction may allow unauthorized memory reads via
sidechannel attacks. This flaw is known as Meltdown. A local attacker could
use this to expose sensitive information, including kernel memory.
(CVE-2017-5754)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-4.4.0-1009-aws 4.4.0-1009.9
linux-image-4.4.0-108-generic 4.4.0-108.131~14.04.1
linux-image-4.4.0-108-lowlatency 4.4.0-108.131~14.04.1
linux-image-aws 4.4.0.1009.9
linux-image-generic-lts-xenial 4.4.0.108.91
linux-image-lowlatency-lts-xenial 4.4.0.108.91

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://www.ubuntu.com/usn/usn-3522-2
https://www.ubuntu.com/usn/usn-3522-1
CVE-2017-5754

Package Information:
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1009.9
https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-108.131~14.04.1

—–BEGIN PGP SIGNATURE—–

iQIcBAABCgAGBQJaVU4rAAoJEC8Jno0AXoH0MUQQAItAi4torKNoI74d74zmvaDF
gjwAbTDe5mJ1Y70H1BrzOpbeHJ81ipfqkeJBXJUJK9srDjhlmFCW/mXkZ74T9EDQ
z+6fSmKuJ/v09Q/FXytHE3wqc3ybNqUFnVA4QedPxJI4xgoWL1PFtVuzONr8QZZV
I9GQDskfkTpCrHpzboaNCKx8gsWozBZNOogI/uYkFSlimpRaCtTNqIy1r4Psdt5T
L4dpMH2gpxkztW2ZCAglJoA+r5pD0ieR7d7IClDsTX82InlSwPbSYkBkeXn3t3ZC
4mMzCvuTphWiO9pvCORqNnwhL3VJxXtqUHuKU6fKBF/toCoCpcKLasptonBB4cdb
UXYNuDF/tikBWzn5kaqIluDjuAzQpYqQO0j58UstoUXmcrQ3tBrVOLUfLXuWoBm4
G7aFBv0AfFsAy2aRs1PMbfvfJ7w+ejlHnQv4wNzIWkaW8ua/Xg7m6n1ykDpCLGh2
J0gsNAUFkOKjwAIvYRVDea+4ULHXpZZpywzSRERT6US9y7GFMhTgewJ/7JUT+Ham
PnWx8y046uiAglFf54EC3aYQu6/SW+q/lsv6eaxx510sEaFtYTmHDhDwc5+9kWgl
lFFJvV78m/838KmPXw44hxJMoy8GQj4QMT3rd6RnU+XxQzxzeZ7+TUF1BJouxCjA
VH951zgZGySP+OnDplvT
=n6Hu
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3524-1
January 09, 2018

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux: Linux kernel

Details:

Jann Horn discovered that microprocessors utilizing speculative execution
and indirect branch prediction may allow unauthorized memory reads via
sidechannel attacks. This flaw is known as Meltdown. A local attacker could
use this to expose sensitive information, including kernel memory.
(CVE-2017-5754)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-3.13.0-139-generic 3.13.0-139.188
linux-image-3.13.0-139-lowlatency 3.13.0-139.188
linux-image-generic 3.13.0.139.148
linux-image-lowlatency 3.13.0.139.148

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://www.ubuntu.com/usn/usn-3524-1
CVE-2017-5754

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-139.188

—–BEGIN PGP SIGNATURE—–

iQIcBAABCgAGBQJaVVhXAAoJEC8Jno0AXoH0PNkQAKxOsw/JHhcT0N+p8sMLTcIC
OwAgoQNwBkzMWYpgAi0zL9/zQ+XVihyvW4+kXibseCMP6RbClxZpqgpZZdT66Ck2
kyDDgHVDs3u8J/78RTggyspGISCZwOE4KyYMX2WH07YIKhOlh5gsKXzUvre5TTkp
9BONS2sEwpAZcUfN5pE7uikENcPu0mpFMaAtIa48UXq4g1+0VAK8L7olfCQwzFtJ
UDHSek3nEPzGlwUGyyx6XFZ9lFBtouZi6t0T/CzCLABuITjgtYGJjwgiR6T9d9sN
qPWwLQKFOBLiubERcXYuluYJTnfyWPjMskHAGNG9wDdAVgcbRVGZB14JvgeFNbPC
UtIO4PNgArj+UiD66+XJlpeXlzxoJZGgbjWoKvg+YwIFlNlKhhtiCPNH88BBKXXR
QBSjqN7yIzAvNknJ5IvdTHGxcNNKB/Ur1GZn56v/zm+m8yhGCUXxd2XpHW+/bWOW
n4h1dZt5hMOPp8Ba9oKumpVitus07j5P2kmW6vYAvtO+ScqCe6Ckw+zOsCQn9vT9
BFeRLQd34e0zw9wSmxbX0VEE51wSlAFvn4wMJidzjNbgwEuqr2SnVWmkrNdi935l
/pZmMeoaCpBNJDWaC8m/YWKkZNsoFSSrpFfRQzqqqvH3CCWd83vPQM5Aj1ENSb8Q
K/09jZbTaypWEZL82wMm
=3in6
—–END PGP SIGNATURE—–

==========================================================================
Kernel Live Patch Security Notice LSN-0034-1
January 9, 2018

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu:

| Series           | Base kernel  | Arch     | flavors          |
|——————+————–+———-+——————|
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | generic          |
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | lowlatency       |
| Ubuntu 14.04 LTS | 4.4.0        | amd64    | generic          |
| Ubuntu 14.04 LTS | 4.4.0        | amd64    | lowlatency       |

Summary:

On January 9, fixes for CVE-2017-5754 were released into the Ubuntu Xenial
kernel version 4.4.0-108.131. This CVE, also known as “Meltdown,” is a security
vulnerability caused by flaws in the design of speculative execution
hardware in the computer’s CPU.

Details on the vulnerability and our response can be found here:
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

Due to the high complexity of the fixes, we are unable to livepatch this
CVE. Please plan to reboot into kernel version 4.4.0-108.131 or newer as soon
as possible.

Software Description:
– linux: Linux kernel

Update instructions:

The problem can be corrected by installing an updated kernel with these
fixes and rebooting.

References:
CVE-2017-5754


 

AutorDanijel Kozinovic
Cert idNCERT-REF-2018-01-0053-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci u radu jezgre operacijskog sustava Debian. Otkriveni nedostaci potencijalnim napadačima omogućuju otkrivanje osjetljivih informacija, izvođenje napada...

Close