Thursday, January 30, 2014

[USN-2095-1] Linux kernel (Saucy HWE) vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJS6zTiAAoJEAUvNnAY1cPYAwcP/1ALSvu0owvrXo2Dy56BMbHc
DBRhO4RZg69slLTZ868/0urqKRveIBdRh55v4OuklbnQlj/7+wdpLnurqLL/y/4o
msYIT4b6tVU+fHwDTKVbyHOQdUjEvzXkziaN2WTm12JcSvYYbAvyORPc16sMcgKO
989GSxYEhZPZoRoP86vN2Xc2z28VxrshEf2neYgIZQ4Cn9oQzvNPYiGmjEVfYrSl
stYoUlW9JTRAeM2yCTtL/0k48M2xjGqscr0J335gjr5EMvCpp+BH3VlVHN2qjxj6
0UPk0p1raHCaYwl+kMM0aHrJeFRkKaPsXVcO1Ux8FKRB5aWFhTmUcqgrOmb13EP6
OKA2kk9bKfw4gkvUf23axwn8nt36aBZGzPDiXoZk6cJWqQxlAcomEdUycOb0RNJE
OEPvkPLmwNZz5Cp68qJ9XpY8F89FfrIQ0LmZ2iynlUwWSXNwWXBGHUh0kzuAH7Eq
SnCx1bm/CWJMzzxLCXGabObf8g/k4A57dP0MNxWKQQ5AzcWlojpSsygeVDgm/xOO
aaOL045JwYL33BAmT7iVnkN6/u/DSAsYipuo7U2rxtvahkNr+5fqt14ZWSxH+xS6
0iKsAtOyKbbaJtUur4sk5NKxSAzFD+Fj/zQyAgFF/6nWbi4a3/tkfXbkyDiTlkH0
FqZ8QZLuldcSmciapKBq
=it+d
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2095-1
January 31, 2014

linux-lts-saucy vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

The system could be made to crash or run programs as an administrator.

Software Description:
- linux-lts-saucy: Linux hardware enablement kernel from Saucy

Details:

Pageexec reported a bug in the Linux kernel's recvmsg syscall when called
from code using the x32 ABI. An unprivileged local user could exploit this
flaw to cause a denial of service (system crash) or gain administrator
privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.11.0-15-generic 3.11.0-15.25~precise1
linux-image-3.11.0-15-generic-lpae 3.11.0-15.25~precise1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2095-1
CVE-2014-0038

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-saucy/3.11.0-15.25~precise1

No comments:

Post a Comment