Thursday, March 12, 2015

[USN-2528-1] Linux kernel vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVATayAAoJEAUvNnAY1cPYXLYP/AyvFmMw/tWBScM4PAjpdT4C
oqtKigWq2TavQGAgv6Jevi74VCOPWE6PS/J7/wLJ30Gug2ApjyEUqNgBjSboDImd
OYox0Mwvpkyz2C7eOv54pDLvifdELyj8XDEXvaLAH1gSKtZGLEotMJv9ttlVwcmU
2OgeumvT3+mzGRe3ItoebMoFTGGYmKFsVS+8Lud4qsf5Gxkao4Ra7c5q9LkNwMaK
79F+XCZOA4WbSAK66npFuwK7bYwImLRGXnO0c03xqtjcLAlqKP54io/NK1nTc342
YeOJxJ4bBn3ao+i37YfW+gsZbScdkEXcpxHhKYGyVsA9NLYKwCy0XPbRHGBuXL8W
M2vKEL7V3rCmUsNHZ/0ecE6R/brMMtdHl4s0ZE4ofwzk4d/a3fMV7cuo2ZvNBOiX
l/jzQv86/091JJ2WIJ2bZBL2GE9V/eD28pRfiEOr1vJ4IwodDC0oCOXS+HQFCgLg
IPmLvAWxFWI8Tm5A1Wks8ognEeconsl0/vKvnbVJMVjltpG0BZN5B7uhemRbUZle
yGJi108ukI3XFHH428gkUlYRAApYwM1mm/YpQoxyc2X/+tuygj/ZcG/DEynTR56s
OgcAw4ugCEuCHlxbqMbg8VFC4nPC2zOAkOyElOtN0ceXgnIWQf4+4G0mwPI2sOy4
uwCeZ1q+y7yQron9q6+s
=mDK5
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2528-1
March 12, 2015

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

The system could be made to crash or run programs as an administrator.

Software Description:
- linux: Linux kernel

Details:

It was discovered that the Linux kernel's Infiniband subsystem did not
properly sanitize its input parameters while registering memory regions
from userspace. A local user could exploit this flaw to cause a denial of
service (system crash) or to potentially gain administrative privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-3.13.0-46-generic 3.13.0-46.79
linux-image-3.13.0-46-generic-lpae 3.13.0-46.79
linux-image-3.13.0-46-lowlatency 3.13.0-46.79
linux-image-3.13.0-46-powerpc-e500 3.13.0-46.79
linux-image-3.13.0-46-powerpc-e500mc 3.13.0-46.79
linux-image-3.13.0-46-powerpc-smp 3.13.0-46.79
linux-image-3.13.0-46-powerpc64-emb 3.13.0-46.79
linux-image-3.13.0-46-powerpc64-smp 3.13.0-46.79

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2528-1
CVE-2014-8159

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-46.79

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)