Sunday, June 21, 2015

[USN-2640-2] Linux kernel regression

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVhwnPAAoJEAUvNnAY1cPYYlkP/jNZxYRHwHafrj9Wbv2xHyWm
yTaD+Hi/kqYUccra9bvUxTjFFafTg6/SLqPpB5y4IU4WaldOU2TJEuwDTAdBlTtR
+WHNGfY/AG2YYX++qqUpsahd5svokuS0Xty/QcbSYX1e3HtJ+ZQAh/xYVJg+xJ0E
yZ4LjB2O9xSGvK3jLGz0lrv3YrsEwYbcubNcM5rHGVFJA9NeqAEjEsng8v5MLydd
bBgtxE6XCQnY3B+XilOOh5nFlxK0F5/8PjFhj/IMSQQl3izuFwV9F+ln2FOPQTQf
QRUdeDmeqcNnLN4uu4Ls0k4k/5NdE7Ns8A5m98VHwf1St0Wt13K+YA3N4J34qBJU
FZqrnYFl6yblsARtD9N8YUxnV4ielhnoupT7Bi5yPhlvS5cefl+m4v8K8qFmCuVi
RlAuo8mFIeP38O+g4dw8DDa6mjgWffPebHm1/dTzMorMGTMUI4rBzB0Uk4h0ypez
fflXK3cXnQm2ooop1AYSIsgNezWQnqe/YGfULpOIvYYd3KpRAxdYd5jQ6bzcl4GH
H0v6yW3PFb1E5c/zr2ejK/QmbynEL1EhyqXz4Wsqc0luJWoLsqjwOsfqYXsid2X9
cBwNyy4xv0DJSz+C0jWkvMHtl3vxK6L42gSmXuc82UHAJwrXqvmN9vcZmGvA9/E0
kswyIkr3UyMJRzBVVPfC
=Kaa4
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2640-2
June 21, 2015

linux regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

The system could be made to crash under certain conditions.

Software Description:
- linux: Linux kernel

Details:

The Fix for CVE-2015-1328 introduced a regression into the Linux kernel's
overlayfs file system. The removal of a directory that only exists on the
lower layer results in a kernel panic.

We apologize for the inconvenience.

Original advisory details:

Philip Pettersson discovered a privilege escalation when using overlayfs
mounts inside of user namespaces. A local user could exploit this flaw to
gain administrative privileges on the system.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.2.0-86-generic 3.2.0-86.124
linux-image-3.2.0-86-generic-pae 3.2.0-86.124
linux-image-3.2.0-86-highbank 3.2.0-86.124
linux-image-3.2.0-86-omap 3.2.0-86.124
linux-image-3.2.0-86-powerpc-smp 3.2.0-86.124
linux-image-3.2.0-86-powerpc64-smp 3.2.0-86.124
linux-image-3.2.0-86-virtual 3.2.0-86.124

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2640-2
http://www.ubuntu.com/usn/usn-2640-1
http://bugs.launchpad.net/bugs/1465998

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.2.0-86.124

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)