-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJRpKE/AAoJEAUvNnAY1cPY89cQAIuczUHmGj2i77ZDPV9JOAkN
XWOEjgOA/Cr3h5v3rmRQjKMyk2X6ES1/Fgx6Ea5lNKUSiV+ZhVWUaZh5w1bmGIAp
ARvUy/cIm8F7oiJaZzwuru+0RvnWnBcGv1wSjYZb8y0qRJ+YpHfVuGqKSzE8zbHX
I4rItD67eSiAIzlU9VUx0naN8mzhEFfLVB+cDaSpyvCm4xVtQ59UsozvKkHAt3HX
aXpH+6eyeOs8U7ghzTq0iYPypePcmCHdouRJA3xdSPwsu+GRSX4/ptQojZkFNLsV
ph+RI4s32PxZOd0x+51UBPJOsEjVXX21/6/i3JwFg3RhP/jQGfqvnqPDQHNM/8tF
9f+IJgV7F9ZEpWJJPtvYAkTScOL8bKVdnVQfrLCIRhtTDtHQgXbpcgzTAtpj2bBL
/lxztLGlqxNIDdA4LaTasbr/P0z8tEtE2kW37Z7Pmf1FU8tLyEqr0aEZBllqpi/B
dlm8pX4UWWYHjGY/p6dCoPpe1MvyD2W7G6ThyyLEdhwh7N7130E9/yI0CJa9DoB8
PNlOzYzzZkXFqlKaVXesfMtz90IVkDRvNteaFY++CIE0nVzqSrqET1H+x0jB6Bls
q7HbM9hS7DT/qIrCw3izAeuAYQmUkQHIA/RS8MnhwmBRCSDYkur3r3Nh8onQTNfF
89OJ1JrAVbRuVer4YGe9
=M1UI
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1839-1
May 28, 2013
linux-ti-omap4 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-ti-omap4: Linux kernel for OMAP4
Details:
A flaw was discovered in the Linux kernel's perf_events interface. A local
user could exploit this flaw to escalate privileges on the system.
(CVE-2013-2094)
Andy Lutomirski discover an error in the Linux kernel's credential handling
on unix sockets. A local user could exploit this flaw to gain
administrative privileges. (CVE-2013-1979)
A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet
driver for the Linux kernel. A local user could exploit this flaw to cause
a denial of service (crash the system) or potentially escalate privileges
on the system. (CVE-2013-1929)
A flaw was discovered in the Linux kernel's ftrace subsystem interface. A
local user could exploit this flaw to cause a denial of service (system
crash). (CVE-2013-3301)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
linux-image-3.2.0-1432-omap4 3.2.0-1432.41
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-1839-1
CVE-2013-1929, CVE-2013-1979, CVE-2013-2094, CVE-2013-3301
Package Information:
https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.2.0-1432.41
Tuesday, May 28, 2013
Monday, May 27, 2013
[CentOS-announce] CEBA-2013:0866 CentOS 6 spice-server Update
CentOS Errata and Bugfix Advisory 2013:0866
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0866.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
efe7b5b8ad917803dcdb69ff8c4d69d6a9ef070395ae16f57720b83a9d1c6acf spice-server-0.12.0-12.el6_4.1.x86_64.rpm
49d23f863ed3b9d158a6f20930b1c719bf54b5ba4eb94fb6eaf03675e56c6f92 spice-server-devel-0.12.0-12.el6_4.1.x86_64.rpm
Source:
df25e9c361e8d376f6b947ea1dcd491818e5ea3d7f110db6b85c2c288c1b7d58 spice-server-0.12.0-12.el6_4.1.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0866.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
efe7b5b8ad917803dcdb69ff8c4d69d6a9ef070395ae16f57720b83a9d1c6acf spice-server-0.12.0-12.el6_4.1.x86_64.rpm
49d23f863ed3b9d158a6f20930b1c719bf54b5ba4eb94fb6eaf03675e56c6f92 spice-server-devel-0.12.0-12.el6_4.1.x86_64.rpm
Source:
df25e9c361e8d376f6b947ea1dcd491818e5ea3d7f110db6b85c2c288c1b7d58 spice-server-0.12.0-12.el6_4.1.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2013:0865 CentOS 6 xorg-x11-drv-mach64 Update
CentOS Errata and Bugfix Advisory 2013:0865
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0865.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
d96572faafae1eeda3137c7c7b999f66114db3ac82e8ef159ea509cd50b4a72c xorg-x11-drv-mach64-6.9.3-4.1.el6_4.i686.rpm
x86_64:
eb0a215019ccc5e086497e79c3f3833ca5c384864bb3b1304101defe65a543bf xorg-x11-drv-mach64-6.9.3-4.1.el6_4.x86_64.rpm
Source:
d474d3441badbca6455b2d8f1d7e7ef17039b48c5dc640197cd0b970a945a0dc xorg-x11-drv-mach64-6.9.3-4.1.el6_4.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0865.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
d96572faafae1eeda3137c7c7b999f66114db3ac82e8ef159ea509cd50b4a72c xorg-x11-drv-mach64-6.9.3-4.1.el6_4.i686.rpm
x86_64:
eb0a215019ccc5e086497e79c3f3833ca5c384864bb3b1304101defe65a543bf xorg-x11-drv-mach64-6.9.3-4.1.el6_4.x86_64.rpm
Source:
d474d3441badbca6455b2d8f1d7e7ef17039b48c5dc640197cd0b970a945a0dc xorg-x11-drv-mach64-6.9.3-4.1.el6_4.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2013:0864 CentOS 5 am-utils Update
CentOS Errata and Bugfix Advisory 2013:0864
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0864.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
930017193c925ce7bf5616cb06e39f020343298392ac0cbaee82283511ed3789 am-utils-6.1.5-5.el5_9.i386.rpm
x86_64:
d2c0f49b04db1253edba0f336862ac0333290c3cae971cb67a6508cb621344f2 am-utils-6.1.5-5.el5_9.x86_64.rpm
Source:
c6e2a320591f1fcd84457d6400f8b6d9671cdc2f15e1bfeb74ad152b442d13a1 am-utils-6.1.5-5.el5_9.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0864.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
930017193c925ce7bf5616cb06e39f020343298392ac0cbaee82283511ed3789 am-utils-6.1.5-5.el5_9.i386.rpm
x86_64:
d2c0f49b04db1253edba0f336862ac0333290c3cae971cb67a6508cb621344f2 am-utils-6.1.5-5.el5_9.x86_64.rpm
Source:
c6e2a320591f1fcd84457d6400f8b6d9671cdc2f15e1bfeb74ad152b442d13a1 am-utils-6.1.5-5.el5_9.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2013:0862 CentOS 6 gzip Update
CentOS Errata and Bugfix Advisory 2013:0862
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0862.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
a96cfb5dcb8dbbeb16f84d9501447764241b3023ac87f3f8de10ab562cde5699 gzip-1.3.12-19.el6_4.i686.rpm
x86_64:
3c589d91b359ba255bf950fde7c2d32ca91d0dcb306b6315f2070acb67968de4 gzip-1.3.12-19.el6_4.x86_64.rpm
Source:
2b4f53dbacc16f5c61498f24ef3d70b609c7fc93e74192709f62d51aae4d7db4 gzip-1.3.12-19.el6_4.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0862.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
a96cfb5dcb8dbbeb16f84d9501447764241b3023ac87f3f8de10ab562cde5699 gzip-1.3.12-19.el6_4.i686.rpm
x86_64:
3c589d91b359ba255bf950fde7c2d32ca91d0dcb306b6315f2070acb67968de4 gzip-1.3.12-19.el6_4.x86_64.rpm
Source:
2b4f53dbacc16f5c61498f24ef3d70b609c7fc93e74192709f62d51aae4d7db4 gzip-1.3.12-19.el6_4.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2013:0861 CentOS 6 mdadm Update
CentOS Errata and Bugfix Advisory 2013:0861
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0861.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
626913999bd96caedd88a3f303e9c80aadc247d5ffa721152e41d1dd6470eb01 mdadm-3.2.5-4.el6_4.1.i686.rpm
x86_64:
365d8ff76ff6a2b7c1533bad61dfc7e245241342c17ae1b38d9a33e00f3456ec mdadm-3.2.5-4.el6_4.1.x86_64.rpm
Source:
d4a5e9402ae2618e6348f08c2c96a979840483d7cb4b98fff38f031835d5d472 mdadm-3.2.5-4.el6_4.1.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0861.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
626913999bd96caedd88a3f303e9c80aadc247d5ffa721152e41d1dd6470eb01 mdadm-3.2.5-4.el6_4.1.i686.rpm
x86_64:
365d8ff76ff6a2b7c1533bad61dfc7e245241342c17ae1b38d9a33e00f3456ec mdadm-3.2.5-4.el6_4.1.x86_64.rpm
Source:
d4a5e9402ae2618e6348f08c2c96a979840483d7cb4b98fff38f031835d5d472 mdadm-3.2.5-4.el6_4.1.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2013:0863 CentOS 5 mkinitrd Update
CentOS Errata and Bugfix Advisory 2013:0863
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0863.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
01cf0a69042bfd510f083b8a37d0a716a32109d97c1363c5370ac8f2a5b8759f libbdevid-python-5.1.19.6-80.el5_9.i386.rpm
c59f21046f0595dc3c762b319d8a8b8f36a158ee58a84c1be7ef28cc22de19af mkinitrd-5.1.19.6-80.el5_9.i386.rpm
04acffda31653e572eb63bd60cf05a87407652c0ddbb3d9c8aa396bf2651073c mkinitrd-devel-5.1.19.6-80.el5_9.i386.rpm
24dc70d563fb051c57d3385a3a2a6ac460009cae174e9bba0a83816b55be1f95 nash-5.1.19.6-80.el5_9.i386.rpm
x86_64:
06442fef79ff6656b4803105c9e8aec0a4d7760409bf41160b61215e9318ac2a libbdevid-python-5.1.19.6-80.el5_9.x86_64.rpm
c59f21046f0595dc3c762b319d8a8b8f36a158ee58a84c1be7ef28cc22de19af mkinitrd-5.1.19.6-80.el5_9.i386.rpm
582be74b8ef80ce6a310e0342ef27f96e6df2c936f020fca2fc90d64036b8fb7 mkinitrd-5.1.19.6-80.el5_9.x86_64.rpm
04acffda31653e572eb63bd60cf05a87407652c0ddbb3d9c8aa396bf2651073c mkinitrd-devel-5.1.19.6-80.el5_9.i386.rpm
4344e021eded662118170fbd92bdb8cb5b19988bf06ed980541d6aab0c2089be mkinitrd-devel-5.1.19.6-80.el5_9.x86_64.rpm
83b998efc85dc66611417087e01f302bdddd6616bb505855eb16324b502c26fa nash-5.1.19.6-80.el5_9.x86_64.rpm
Source:
f27071d8fdd54da34a66a626a6cf2eed8320761d1861c3e666776893ad0f9d70 mkinitrd-5.1.19.6-80.el5_9.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0863.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
01cf0a69042bfd510f083b8a37d0a716a32109d97c1363c5370ac8f2a5b8759f libbdevid-python-5.1.19.6-80.el5_9.i386.rpm
c59f21046f0595dc3c762b319d8a8b8f36a158ee58a84c1be7ef28cc22de19af mkinitrd-5.1.19.6-80.el5_9.i386.rpm
04acffda31653e572eb63bd60cf05a87407652c0ddbb3d9c8aa396bf2651073c mkinitrd-devel-5.1.19.6-80.el5_9.i386.rpm
24dc70d563fb051c57d3385a3a2a6ac460009cae174e9bba0a83816b55be1f95 nash-5.1.19.6-80.el5_9.i386.rpm
x86_64:
06442fef79ff6656b4803105c9e8aec0a4d7760409bf41160b61215e9318ac2a libbdevid-python-5.1.19.6-80.el5_9.x86_64.rpm
c59f21046f0595dc3c762b319d8a8b8f36a158ee58a84c1be7ef28cc22de19af mkinitrd-5.1.19.6-80.el5_9.i386.rpm
582be74b8ef80ce6a310e0342ef27f96e6df2c936f020fca2fc90d64036b8fb7 mkinitrd-5.1.19.6-80.el5_9.x86_64.rpm
04acffda31653e572eb63bd60cf05a87407652c0ddbb3d9c8aa396bf2651073c mkinitrd-devel-5.1.19.6-80.el5_9.i386.rpm
4344e021eded662118170fbd92bdb8cb5b19988bf06ed980541d6aab0c2089be mkinitrd-devel-5.1.19.6-80.el5_9.x86_64.rpm
83b998efc85dc66611417087e01f302bdddd6616bb505855eb16324b502c26fa nash-5.1.19.6-80.el5_9.x86_64.rpm
Source:
f27071d8fdd54da34a66a626a6cf2eed8320761d1861c3e666776893ad0f9d70 mkinitrd-5.1.19.6-80.el5_9.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Saturday, May 25, 2013
Appointee to the Fedora Board; election nominations closing imminently.
I'm happy to announce that John Rose, aka inode0, has been reappointed to the Fedora Board. His insight and knowledge about Fedora's culture and history, his ongoing participation in the Ambassadors' group, and his belief in preserving freedom within the project are, I believe, important facets to the Board's collective knowledge, and I'm pleased that he is willing to stay with us another year.
An additional appointee will be named after the elections have concluded.
A friendly reminder that the time period for nominations for the various Fedora Project committees, as well as the time period for adding questions to the candidate questionnaire (which is currently *empty!*), ends today, May 25th, at 23:59:59 UTC.
Additional information about Elections, including where and how to nominate, and where to add questions to the questionnaire, can be seen here:
http://fedoraproject.org/wiki/Elections
A complete history of Board Members is available here:
http://fedoraproject.org/wiki/Board/History
Cheers,
-Robyn
--
announce mailing list
announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/announce
Friday, May 24, 2013
Fedora 20 Elections: Nominations and questionnaire close today!
Hello everyone!
A reminder that both nominations and questionnaires for the Fedora 20
governance elections (Board, FESCo, FAmSCo) will close **today** (May 25
23:59 UTC)!
Please add your nominations and any questions that you'd like your
nominees to answer to the wiki pages before the deadline:
https://fedoraproject.org/wiki/Elections/Questionnaire
https://fedoraproject.org/wiki/Board_nominations?rd=Board/Elections/Nominations
https://fedoraproject.org/wiki/Development/SteeringCommittee/Nominations
https://fedoraproject.org/wiki/FAmSCo_nominations
More information on the Fedora 20 Elections can be found here:
https://fedoraproject.org/wiki/Elections
--
Thanks,
Warm regards,
Ankur: "FranciscoD"
Please only print if necessary.
Looking to contribute to Fedora? Look here: https://fedoraproject.org/wiki/Fedora_Join_SIG
http://fedoraproject.org/wiki/User:Ankursinha
http://ankursinha.in/blog
A reminder that both nominations and questionnaires for the Fedora 20
governance elections (Board, FESCo, FAmSCo) will close **today** (May 25
23:59 UTC)!
Please add your nominations and any questions that you'd like your
nominees to answer to the wiki pages before the deadline:
https://fedoraproject.org/wiki/Elections/Questionnaire
https://fedoraproject.org/wiki/Board_nominations?rd=Board/Elections/Nominations
https://fedoraproject.org/wiki/Development/SteeringCommittee/Nominations
https://fedoraproject.org/wiki/FAmSCo_nominations
More information on the Fedora 20 Elections can be found here:
https://fedoraproject.org/wiki/Elections
--
Thanks,
Warm regards,
Ankur: "FranciscoD"
Please only print if necessary.
Looking to contribute to Fedora? Look here: https://fedoraproject.org/wiki/Fedora_Join_SIG
http://fedoraproject.org/wiki/User:Ankursinha
http://ankursinha.in/blog
Flock hotel reservations now open
We have a rate of $129 at the Francis Marion hotel. Reservations in the room block must be made by July 9. It's a stellar rate at a really lovely place:
http://www.francismarionhotel.com/
Rooms include wifi, since I know that's your first question. :-)
Direct URL for attendee registration:
https://reservations.ihotelier.com/crs/g_reservation.cfm?groupID=1040693&hotelID=76320
If you call or try to book through the usual web link, the attendee code is FLOCK.
http://www.francismarionhotel.com/
Rooms include wifi, since I know that's your first question. :-)
Direct URL for attendee registration:
https://reservations.ihotelier.com/crs/g_reservation.cfm?groupID=1040693&hotelID=76320
If you call or try to book through the usual web link, the attendee code is FLOCK.
If you know you'll be attending, please book as soon as possible so that if we run out of rooms, I can secure more. This is an amazing price for downtown Charleston, so we'll want to move fast if we need more space.
Thanks!
Ruth
Ruth
Re: Update libical to 1.0 in rawhide the next week (soname version bump)
On Thu, 2013-05-16 at 13:01 +0200, Milan Crha wrote:
> there was a release of libical 1.0 recently [1], and I'd like to update
> rawhide with it. It seems to be API compatible with 0.48, they only
> bumped the soname version due to version jump to 1.0. Rex Dieter helped
> me to fix a spec file to it (to use cmake), thus I plan to push the
> change around May 23rd, 2013, aka at the end of the next week.
> there was a release of libical 1.0 recently [1], and I'd like to update
> rawhide with it. It seems to be API compatible with 0.48, they only
> bumped the soname version due to version jump to 1.0. Rex Dieter helped
> me to fix a spec file to it (to use cmake), thus I plan to push the
> change around May 23rd, 2013, aka at the end of the next week.
Hi,
this is unfortunate, but I just realized that I do not have commit
rights for libical. Unless anyone else will take on this, it'll wait
till the main maintainer gets to the update, or I gain the commit
rights. I'm sorry for the confusion I caused.
Here [1] is a patch to master branch of libical which I wanted to
commit.
Bye,
Milan
[1] https://bugzilla.redhat.com/show_bug.cgi?id=959925#c9
_______________________________________________
devel-announce mailing list
devel-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel-announce
[USN-1837-1] Linux kernel vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJRnzj+AAoJEAUvNnAY1cPYQiQP/3yH4A9knv83d3pH2MxD6LIX
39tsScktoJrAU64rbHnTaEjOgcCDMCNFvRoKtJnNtq9cGpDC6Qyrgl7rzK1x9z4J
EZiK3JTO1CHLa1eS35eurqAfBPFz1c+bMK3SIGXJpdKy3ymoniegKTYu2LjNmCL1
Ro4XYQC3+vIM5/7kavVnf+EHqzdiWtp+b6Rkp//fNAfZ+JZXyneJFzJQrg3BpuoX
ypEmALUGG3Y9t4I4zSPYFOGYaLlTl61fOa5PYQif2FnzgSSOD2GJAsXQh0ESm5ZI
9IMwthIfpZT5Xu16YlOYQfuGw4+I/QumGiopTMC/Y5JsLQAQf6y6SbBB/XAkFR0S
EL8SdchutFFUyF6enHKSd6LXhN5wfIN4vq7o/8bPsJ0UEhKohezVt9ZDv7bLbTVU
aStTcqADZOXtL688vsctLbZ+l0FzmwdLGpwF5l8NjqIHa6iJkOfiKbalSF31YKbR
Et0j+mFYV0O+xxP99Q4kch1fWoI8m/Yn5VGF56w8cI8Zu32DmyZ1cijXbdyUt9Ue
wM74ULaT4DXsUc6o1dLX8ZoXSdlhr4vzXWBjXtj/L8piTwST2g9JXSBIuv3T0egs
11vSRTlV302SYnocsxOE9+lkQCaqQRKkV1SS65yQVRTPxL8V0D8wbBY08Skx8xb2
6IF/rOpF/rB2YwDhANXj
=n/Vj
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1837-1
May 24, 2013
linux vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux: Linux kernel
Details:
An information leak was discovered in the Linux kernel's crypto API. A
local user could exploit this flaw to examine potentially sensitive
information from the kernel's stack memory. (CVE-2013-3076)
An information leak was discovered in the Linux kernel's rcvmsg path for
ATM (Asynchronous Transfer Mode). A local user could exploit this flaw to
examine potentially sensitive information from the kernel's stack memory.
(CVE-2013-3222)
An information leak was discovered in the Linux kernel's recvmsg path for
ax25 address family. A local user could exploit this flaw to examine
potentially sensitive information from the kernel's stack memory.
(CVE-2013-3223)
An information leak was discovered in the Linux kernel's recvmsg path for
the bluetooth address family. A local user could exploit this flaw to
examine potentially sensitive information from the kernel's stack memory.
(CVE-2013-3224)
An information leak was discovered in the Linux kernel's bluetooth rfcomm
protocol support. A local user could exploit this flaw to examine
potentially sensitive information from the kernel's stack memory.
(CVE-2013-3225)
An information leak was discovered in the Linux kernel's bluetooth SCO
sockets implementation. A local user could exploit this flaw to examine
potentially sensitive information from the kernel's stack memory.
(CVE-2013-3226)
An information leak was discovered in the Linux kernel's CAIF protocol
implementation. A local user could exploit this flaw to examine potentially
sensitive information from the kernel's stack memory. (CVE-2013-3227)
An information leak was discovered in the Linux kernel's IRDA (infrared)
support subsystem. A local user could exploit this flaw to examine
potentially sensitive information from the kernel's stack memory.
(CVE-2013-3228)
An information leak was discovered in the Linux kernel's s390 - z/VM
support. A local user could exploit this flaw to examine potentially
sensitive information from the kernel's stack memory. (CVE-2013-3229)
An information leak was discovered in the Linux kernel's l2tp (Layer Two
Tunneling Protocol) implementation. A local user could exploit this flaw to
examine potentially sensitive information from the kernel's stack memory.
(CVE-2013-3230)
An information leak was discovered in the Linux kernel's llc (Logical Link
Layer 2) support. A local user could exploit this flaw to examine
potentially sensitive information from the kernel's stack memory.
(CVE-2013-3231)
An information leak was discovered in the Linux kernel's nfc (near field
communication) support. A local user could exploit this flaw to examine
potentially sensitive information from the kernel's stack memory.
(CVE-2013-3233)
An information leak was discovered in the Linux kernel's Rose X.25 protocol
layer. A local user could exploit this flaw to examine potentially
sensitive information from the kernel's stack memory. (CVE-2013-3234)
An information leak was discovered in the Linux kernel's TIPC (Transparent
Inter Process Communication) protocol implementation. A local user could
exploit this flaw to examine potentially sensitive information from the
kernel's stack memory. (CVE-2013-3235)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.04:
linux-image-3.8.0-22-generic 3.8.0-22.33
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-1837-1
CVE-2013-3076, CVE-2013-3222, CVE-2013-3223, CVE-2013-3224,
CVE-2013-3225, CVE-2013-3226, CVE-2013-3227, CVE-2013-3228,
CVE-2013-3229, CVE-2013-3230, CVE-2013-3231, CVE-2013-3233,
CVE-2013-3234, CVE-2013-3235
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.8.0-22.33
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJRnzj+AAoJEAUvNnAY1cPYQiQP/3yH4A9knv83d3pH2MxD6LIX
39tsScktoJrAU64rbHnTaEjOgcCDMCNFvRoKtJnNtq9cGpDC6Qyrgl7rzK1x9z4J
EZiK3JTO1CHLa1eS35eurqAfBPFz1c+bMK3SIGXJpdKy3ymoniegKTYu2LjNmCL1
Ro4XYQC3+vIM5/7kavVnf+EHqzdiWtp+b6Rkp//fNAfZ+JZXyneJFzJQrg3BpuoX
ypEmALUGG3Y9t4I4zSPYFOGYaLlTl61fOa5PYQif2FnzgSSOD2GJAsXQh0ESm5ZI
9IMwthIfpZT5Xu16YlOYQfuGw4+I/QumGiopTMC/Y5JsLQAQf6y6SbBB/XAkFR0S
EL8SdchutFFUyF6enHKSd6LXhN5wfIN4vq7o/8bPsJ0UEhKohezVt9ZDv7bLbTVU
aStTcqADZOXtL688vsctLbZ+l0FzmwdLGpwF5l8NjqIHa6iJkOfiKbalSF31YKbR
Et0j+mFYV0O+xxP99Q4kch1fWoI8m/Yn5VGF56w8cI8Zu32DmyZ1cijXbdyUt9Ue
wM74ULaT4DXsUc6o1dLX8ZoXSdlhr4vzXWBjXtj/L8piTwST2g9JXSBIuv3T0egs
11vSRTlV302SYnocsxOE9+lkQCaqQRKkV1SS65yQVRTPxL8V0D8wbBY08Skx8xb2
6IF/rOpF/rB2YwDhANXj
=n/Vj
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1837-1
May 24, 2013
linux vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux: Linux kernel
Details:
An information leak was discovered in the Linux kernel's crypto API. A
local user could exploit this flaw to examine potentially sensitive
information from the kernel's stack memory. (CVE-2013-3076)
An information leak was discovered in the Linux kernel's rcvmsg path for
ATM (Asynchronous Transfer Mode). A local user could exploit this flaw to
examine potentially sensitive information from the kernel's stack memory.
(CVE-2013-3222)
An information leak was discovered in the Linux kernel's recvmsg path for
ax25 address family. A local user could exploit this flaw to examine
potentially sensitive information from the kernel's stack memory.
(CVE-2013-3223)
An information leak was discovered in the Linux kernel's recvmsg path for
the bluetooth address family. A local user could exploit this flaw to
examine potentially sensitive information from the kernel's stack memory.
(CVE-2013-3224)
An information leak was discovered in the Linux kernel's bluetooth rfcomm
protocol support. A local user could exploit this flaw to examine
potentially sensitive information from the kernel's stack memory.
(CVE-2013-3225)
An information leak was discovered in the Linux kernel's bluetooth SCO
sockets implementation. A local user could exploit this flaw to examine
potentially sensitive information from the kernel's stack memory.
(CVE-2013-3226)
An information leak was discovered in the Linux kernel's CAIF protocol
implementation. A local user could exploit this flaw to examine potentially
sensitive information from the kernel's stack memory. (CVE-2013-3227)
An information leak was discovered in the Linux kernel's IRDA (infrared)
support subsystem. A local user could exploit this flaw to examine
potentially sensitive information from the kernel's stack memory.
(CVE-2013-3228)
An information leak was discovered in the Linux kernel's s390 - z/VM
support. A local user could exploit this flaw to examine potentially
sensitive information from the kernel's stack memory. (CVE-2013-3229)
An information leak was discovered in the Linux kernel's l2tp (Layer Two
Tunneling Protocol) implementation. A local user could exploit this flaw to
examine potentially sensitive information from the kernel's stack memory.
(CVE-2013-3230)
An information leak was discovered in the Linux kernel's llc (Logical Link
Layer 2) support. A local user could exploit this flaw to examine
potentially sensitive information from the kernel's stack memory.
(CVE-2013-3231)
An information leak was discovered in the Linux kernel's nfc (near field
communication) support. A local user could exploit this flaw to examine
potentially sensitive information from the kernel's stack memory.
(CVE-2013-3233)
An information leak was discovered in the Linux kernel's Rose X.25 protocol
layer. A local user could exploit this flaw to examine potentially
sensitive information from the kernel's stack memory. (CVE-2013-3234)
An information leak was discovered in the Linux kernel's TIPC (Transparent
Inter Process Communication) protocol implementation. A local user could
exploit this flaw to examine potentially sensitive information from the
kernel's stack memory. (CVE-2013-3235)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.04:
linux-image-3.8.0-22-generic 3.8.0-22.33
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-1837-1
CVE-2013-3076, CVE-2013-3222, CVE-2013-3223, CVE-2013-3224,
CVE-2013-3225, CVE-2013-3226, CVE-2013-3227, CVE-2013-3228,
CVE-2013-3229, CVE-2013-3230, CVE-2013-3231, CVE-2013-3233,
CVE-2013-3234, CVE-2013-3235
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.8.0-22.33
Subscribe to:
Posts (Atom)