Friday, May 8, 2015

[USN-2598-2] Linux kernel regression

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVTVkNAAoJEAUvNnAY1cPYUwUP/iIsA6zn861H0WQ4tHYCF99z
0K1d5ya2m6SZrQR8xjOfCylps2/KzQS8QK6wFq6Agdr2k40V+cKT47zhbxBrFbMN
TTGAomxjNn2YiaN9h876amLAAG51S8qVFvgmTySJwelNG697M5coghyHhBDsAY34
piYjKRhY/AmnWc8sRzrZwH2cxgmfPQbPGjnkk10ISObCrxEoCwgXNqF0MKvkIR2H
bCI+BQrbq0f/ruAHd7HEtk2ZMEXP1zO0Sbb7Ny28GKMT1DOn/Qdg/HO14LKkFEoO
4ZcvliZP/AcQjkOr4pn2mi3For0C2JEfJg9ym6Wrhs17qf4z4IyN9MFzs4LxqDJ7
xn7fvS/ygUO6oOc5Sg6hqZcPV1stVBpfDdj6fKevgi+v0xGiL2k2IFiglbo5T6Tm
MVCq695dUEk5KdaE6s3dL/kw9e5kXDZB94ubzN7DALerxjPoFLphr4On2M6Ut89G
1wP2rIo2i1sOiQx0uyXXay+0tGJxSIrtextdxy7zYVLVz/YqGCQOO83IZD1T/AQ9
x+ZAnZZm4GJB72jU3ucdstih+L+PfWuLk0dIS895xtxmI/V/YCrxDySuy2IyTkA/
SIOwz7fBAko20pTSuNLXw+ox+eRKa1TgDiqN0LA32SGsS4evJZ3H+i84mVo61Tx0
iytS8lRH+5DWv2vMgNIk
=C/Ux
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2598-2
May 09, 2015

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

USN-2598-1 Introduced a regression in the Linux kernel.

Software Description:
- linux: Linux kernel

Details:

USN-2598-1 fixed vulnerabilities in the Linux kernel, however an unrelated
regression in the auditing of some path names was introduced. Due to the
regression the system could crash under certain conditions.

This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

A race condition between chown() and execve() was discovered in the Linux
kernel. A local attacker could exploit this race by using chown on a
setuid-user-binary to gain administrative privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-3.13.0-52-generic 3.13.0-52.86
linux-image-3.13.0-52-generic-lpae 3.13.0-52.86
linux-image-3.13.0-52-lowlatency 3.13.0-52.86
linux-image-3.13.0-52-powerpc-e500 3.13.0-52.86
linux-image-3.13.0-52-powerpc-e500mc 3.13.0-52.86
linux-image-3.13.0-52-powerpc-smp 3.13.0-52.86
linux-image-3.13.0-52-powerpc64-emb 3.13.0-52.86
linux-image-3.13.0-52-powerpc64-smp 3.13.0-52.86

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2598-2
http://www.ubuntu.com/usn/usn-2598-1
https://launchpad.net/bugs/1450442

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-52.86

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)