Sunday, June 21, 2015

[USN-2642-2] Linux kernel (Trusty HWE) regression

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVhwoLAAoJEAUvNnAY1cPYfSoP/RPAhW+HaHgcZM03qILq8z7T
kRnxBRa7zBcPXD5dtApCpuJCTXk3wUEEEnFL6m1LyKLgtyjN7IaNcSJZPy1iO9iC
BGMTjhPYIF5kaLEsQ4OkXTj/k/uJDm4/hE6WBt4tsmzyY1UiEAiuou+t5YMZJ/L+
6S07Fj9sppsTBfENicGi0PdXNYd1KvmKNe7x9vzM1kV7ONWbMWELurXkgcmxhWac
LVkeuMAs8nwnB00glYGyTK+hlLxdwGrz8NI1H1FExo8gFTMjZC/U10cqGFjcZAqA
XZZfQwVr5vRal/sNjvhdMP2FJ4LpXx3y6RiOo3a9qsB4Z279m8kM4tHSVWrGw0p6
o8Ig9FmxkvQw0iuaw8Ky+0Xq6Z292/j1X9/KAxynEAhYJNsP7PAKb78pelVGARai
VJLAiGNa/YRx+YWdVexAgyOcroCSK5MFTnuRmByYi9Eo+75bLBINSzOBvfuW1shT
0RzkCl9igoodr0wFQte2srmO3Sn5cVR/GH1/PFJ7/z7jWCEr63KY6D0qa/rFNNso
WhcsEudzwA8R693RXj7tRzAOLbG/hb9EL5U0M5RYZ3s/drkS/BX0Kvxx7EvMEb4b
+STUUoq3Cb8PVSB09JDiPREPgcqwyOMd18ficB/nAZKe8DMK6oTPTajR3pPzBerH
SE5B4XYUeO6eGgFMB3rP
=canR
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2642-2
June 21, 2015

linux-lts-trusty regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

The system could be made to crash under certain conditions.

Software Description:
- linux-lts-trusty: Linux hardware enablement kernel from Trusty

Details:

The Fix for CVE-2015-1328 introduced a regression into the Linux kernel's
overlayfs file system. The removal of a directory that only exists on the
lower layer results in a kernel panic.

We apologize for the inconvenience.

Original advisory details:

Philip Pettersson discovered a privilege escalation when using overlayfs
mounts inside of user namespaces. A local user could exploit this flaw to
gain administrative privileges on the system.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.13.0-55-generic 3.13.0-55.94~precise1
linux-image-3.13.0-55-generic-lpae 3.13.0-55.94~precise1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2642-2
http://www.ubuntu.com/usn/usn-2642-1
http://bugs.launchpad.net/bugs/1465998

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-55.94~precise1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)