Friday, June 27, 2014

[USN-2264-1] Linux kernel vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJTrTMmAAoJEAUvNnAY1cPYdXUQALO6Mw63M1VcHxfie5/ngTUy
IfYsR5UPqBNWSnR3b9v9DKynGfXEI4DmNvOpSygButo4RzDVNgzqEnXXyRs/1krw
4w9hQ7x3tL3VTfiKzcpgg7O1AZFQCercihGXCAnigMqYxTvgmgCA/wLvUv3AklX4
b9YHdAV/Wlo5Un74FjoPmCsfAHUQKSaf2FfW3fCE5V+x4p3mr+vy5js5TBmJrK7K
4lw0CoaQIslfuXB2BWN19BiDYs5DVfJ1chtha+W9e4MPUEyGgLcdFq2m5+ExmuZ8
ztGQmPnFPOuPIi5rZ7w3oXSqo1DP5YhKeVmPhDzj6gxK9VoMaAwKejM5GUAMEehH
Wc4HEt4lSX6n/EMsvJVtWQOQdqv+4MNQ+PpJib3JKo+UMk6LfuuZ+IJlfwrhyDN9
5ZNgUPPorMi+F0B02KipAG6CBx/rhR2zriz4LCPY7wQ0zxCqRLqL6J+sR0WYWrfD
5553lk6jFF1FH5zoPolo+abKDSzDprWPkOBbCP2hUQDZEMbx+VEdwhPd0hpKc2GU
oKYe9gHjEBt75Q5VpLOlq0e9TxuyyxZG3L55lvnGv271U2Yu1IyJLenu+cWrrEa8
54IQ7uCD3Cy2oK5wmR3fcMIt3Q3lWorUQ6g7rNTh1mHVvx8JXvgMUC1qd1ohAorZ
ONiTGnuIi6GJjN6MeIMn
=3vYk
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2264-1
June 27, 2014

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.10

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

Salva Peiró discovered an information leak in the Linux kernel's media-
device driver. A local attacker could exploit this flaw to obtain sensitive
information from kernel memory. (CVE-2014-1739)

A bounds check error was discovered in the socket filter subsystem of the
Linux kernel. A local user could exploit this flaw to cause a denial of
service (system crash) via crafted BPF instructions. (CVE-2014-3144)

A remainder calculation error was discovered in the socket filter subsystem
of the Linux kernel. A local user could exploit this flaw to cause a denial
of service (system crash) via crafted BPF instructions. (CVE-2014-3145)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
linux-image-3.11.0-24-generic 3.11.0-24.41
linux-image-3.11.0-24-generic-lpae 3.11.0-24.41

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2264-1
CVE-2014-1739, CVE-2014-3144, CVE-2014-3145

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.11.0-24.41

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)