Sunday, June 21, 2015

[USN-2646-2] Linux kernel regression

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVhwpmAAoJEAUvNnAY1cPYwEkP/2wCS9O32hiZdv2wfwNpP1kH
j5HqFVfBtuaUtFuc9NVkX5VM/JJbf5u8BARNrmHioXRQBbyfsjgf+47HmC7Yqetg
pR24I97p1K3s0bQJmZtJiX7NZy1N8n2jj0b4ERggBwWzKPvT4GJbCx7PPEOLIPjF
XAg7HMND3UbSMuVEpDgIric2ycR36lxu4kQf0D499E/brMi16kmXc9sBeSqyW4zR
8B4nNsfy48GVAlZIdBvREl4NUGV0EfGaVjwr0L0HDK0Ly7r7y+YsvezgdMHiT4eD
i53ug2r3tR0d8+uzi5ZrjLrgsV2+mdAiFxAStZqpqhu7Ua9/tyfHyD4/oFCmN7y2
CuSPHqsWW7AAe1U+ksZMiw/ANVc9ZiCIjFnVCv8hSMWFFMv+5KdJqu8PrFE6eiJ+
0F4E243A3exWkLsTv775vT+vcNMruHmNoZVgZmpQp2p3A7GQmdPbX7Oi3bTAMxyC
cK3+07nKVi7TEU+fQx7/gdNEQGhce3UNPuMw0/JcwvbcfbfE4MZzkWKe2CCRl22v
lute08bvVx39ov3HWuOUShEFkjV1lpC0VKnIgxJpmciY4uBmhLc51fleolQMJdj0
HxuYhXYiGrosAkCIoOKpIzXJpmfeAruWOAJNKnsuWDHON6akAF//FZ/YCAHJVcj5
Z23pys4HNxL9sQ2XtWNl
=XBbN
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2646-2
June 21, 2015

linux regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.10

Summary:

The system could be made to crash under certain conditions.

Software Description:
- linux: Linux kernel

Details:

The Fix for CVE-2015-1328 introduced a regression into the Linux kernel's
overlayfs file system. The removal of a directory that only exists on the
lower layer results in a kernel panic.

We apologize for the inconvenience.

Original advisory details:

Philip Pettersson discovered a privilege escalation when using overlayfs
mounts inside of user namespaces. A local user could exploit this flaw to
gain administrative privileges on the system.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
linux-image-3.16.0-41-generic 3.16.0-41.57
linux-image-3.16.0-41-generic-lpae 3.16.0-41.57
linux-image-3.16.0-41-lowlatency 3.16.0-41.57
linux-image-3.16.0-41-powerpc-e500mc 3.16.0-41.57
linux-image-3.16.0-41-powerpc-smp 3.16.0-41.57
linux-image-3.16.0-41-powerpc64-emb 3.16.0-41.57
linux-image-3.16.0-41-powerpc64-smp 3.16.0-41.57

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2646-2
http://www.ubuntu.com/usn/usn-2646-1
http://bugs.launchpad.net/bugs/1465998

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.16.0-41.57

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)