Monday, August 17, 2015

[USN-2715-1] Linux kernel (Trusty HWE) vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJV0oVNAAoJEAUvNnAY1cPYpcQP/2vjydMoQ54KM22th6LNozQK
h1dQenZVcW1TXCjLJgAbz/26/JzYF7ZwcU0oYgvJvQl+JNsD0oqAv5T0p/6w2BHX
Ddc1bRWXQlQ513mIJsDkQD5MwpUySaxcWFrAvx3frhayYahKbm86yFPEqo8xf/jO
SMZZBMZzytnfnqa+AEc8PdgzRUcILGp4APDUehGo4unN8LfBV5uv3uDmdFrqEOkQ
v118P8o3o5df1nG7ZM9zSe83mAla14sTXqxDZv75nlWHyXEfOtCrU6kP1TgHucrM
7bBWtMvQRI+INEiBpC7LYrhRRYbgAGn0SvMqU+5Z/pYwzt6h5ldccm4NG+rU4AWZ
QzBKO/HcIcN2D7v1oiWgVih1WYUGuek1Yfa+6CpVZ+yuTBpYBSjbTLfq+jm0jxRp
1KbfG7MBDboldsv1vx7+Fup3maQcP9ZlBzXGqhRd0O22foHSi5g594rZexDAx8NZ
QT0ouBE7WYtsVq1vsc24kOrC/JRLxVm7G3OsEUdpfT8AG0DvOI5S6IJtiuFQnQlZ
7BE+PiF0jtILufC3EheVESpa59xdzuYoEf6xNcDOH96esxJhjuX9NTcjex+o8BzN
aVIUJMnRCwTbvWAQ38rOCGB0VWbtDREw/LpAYF9zybA0z8aH9GMlnShkhqvYg5qE
m3155PtA1pq7Pv/4B1e7
=CzIP
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2715-1
August 18, 2015

linux-lts-trusty vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

The system could be made to crash under certain conditions.

Software Description:
- linux-lts-trusty: Linux hardware enablement kernel from Trusty

Details:

Marcelo Ricardo Leitner discovered a race condition in the Linux kernel's
SCTP address configuration lists when using Address Configuration Change
(ASCONF) options on a socket. An unprivileged local user could exploit this
flaw to cause a denial of service (system crash).

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.13.0-62-generic 3.13.0-62.102~precise1
linux-image-3.13.0-62-generic-lpae 3.13.0-62.102~precise1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2715-1
CVE-2015-3212

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-62.102~precise1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)