Lista de Alerta de Segurança e updates em distribuições LINUX

Lista de Alerta de Segurança e updates em distribuições LINUX

CentOS has updated curl

 

CentOS alert CESA-2011:0918 (curl)

From: Karanbir Singh <kbsingh@centos.org>
To: centos-announce@centos.org
Subject: [CentOS-announce] CESA-2011:0918 Moderate CentOS 5 i386 curl Update
Date: Wed, 6 Jul 2011 01:31:31 +0000
Message-ID: <20110706013131.GA19384@chakra.karan.org>

CentOS Errata and Security Advisory 2011:0918 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2011-0918.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: 72f34158cc331c812948fb5617672c22 curl-7.15.5-9.el5_6.3.i386.rpm 6ae160e7aa11ed7eae10f09d718bc284 curl-devel-7.15.5-9.el5_6.3.i386.rpm Source: 6b5efa31faad3772d556e01a9904875b curl-7.15.5-9.el5_6.3.src.rpm — Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos@irc.freenode.net _______________________________________________ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce

 

Debian has updated bind9

Debian alert DSA-2272-1 (bind9)

From: Florian Weimer <fw@deneb.enyo.de>
To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 2272-1] bind9 security update
Date: Tue, 05 Jul 2011 20:46:15 +0200
Message-ID: <8762ngwop4.fsf@mid.deneb.enyo.de>

—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA1 – ————————————————————————- Debian Security Advisory DSA-2272-1 security@debian.org http://www.debian.org/security/ Florian Weimer July 05, 2011 http://www.debian.org/security/faq – ————————————————————————- Package : bind9 Vulnerability : denial of service Problem type : remote Debian-specific: no CVE ID : CVE-2011-2464 It was discovered that BIND, a DNS server, does not correctly process certain UPDATE requests, resulting in a server crash and a denial of service. This vulnerability affects BIND installations even if they do not actually use dynamic DNS updates. For the oldstable distribution (lenny), this problem has been fixed in version 1:9.6.ESV.R4+dfsg-0+lenny3. For the stable distribution (squeeze), this problem has been fixed in version 1:9.7.3.dfsg-1~squeeze3. The testing distribution (wheezy) and the unstable distribution (sid) will be fixed later. We recommend that you upgrade your bind9 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org —–BEGIN PGP SIGNATURE—– Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJOE15NAAoJEL97/wQC1SS+XAEH/133aCRGwIHsAYR3OKT58a4d Id1OcLTsa1uhKXx8Y/7dNBgzf11HjiiL0ZerCOxNZqdpLIm4gugpQmL3XRjPhSK5 zisxyMN+31veDl5r+mey+hvZ7Ltel+lrTLxZeMQvDUf+RHJralO6YAovo7ozxeoC u9WZZW3ueVm7zEaSCqbEhcr+RQoNpLBkgqckTaPnMHbh8p+Jp8gl1//98CPbUo8R OfP59LUYmm1K7cIEX1HYz19Ll/XZ4pWIlahdl4dbdwlrzGXmO1PXt6RwG4uoHA2/ mOtylCJAct3i9DQ0gWYQpc+cFFRdOAKv04hgelwrNtPIXDil8hsOBtuGqklIpAM= =6PQL —–END PGP SIGNATURE—– — To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of “unsubscribe”. Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/8762ngwop4.fsf@mid.deneb.enyo.de

 

openSUSE has updated mariadb

openSUSE alert openSUSE-SU-2011:0743-1 (MariaDB)

From: opensuse-security@opensuse.org
To: opensuse-updates@opensuse.org
Subject: openSUSE-SU-2011:0743-1: moderate: MariaDB
Date: Wed, 6 Jul 2011 15:08:15 +0200 (CEST)
Message-ID: <20110706130815.1947B3237A@maintenance.suse.de>

openSUSE Security Update: MariaDB ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:0743-1 Rating: moderate References: #676973 Cross-References: CVE-2010-3833 CVE-2010-3834 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. It includes one version update. Description: MariaDB was updated to version 5.1.55 to fix numerous bugs and security issues. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: – openSUSE 11.4: zypper in -t patch libmariadbclient16-4830 – openSUSE 11.3: zypper in -t patch libmariadbclient16-4830 To bring your system up-to-date, use “zypper patch”. Package List: – openSUSE 11.4 (i586 x86_64): libmariadbclient16-5.1.55-0.3.1 libmariadbclient_r16-5.1.55-0.3.1 mariadb-5.1.55-0.3.1 mariadb-bench-5.1.55-0.3.1 mariadb-client-5.1.55-0.3.1 mariadb-debug-5.1.55-0.3.1 mariadb-test-5.1.55-0.3.1 mariadb-tools-5.1.55-0.3.1 – openSUSE 11.3 (i586 x86_64) [New Version: 5.1.55]: libmariadbclient16-5.1.55-0.3.1 libmariadbclient_r16-5.1.55-0.3.1 mariadb-5.1.55-0.3.1 mariadb-bench-5.1.55-0.3.1 mariadb-client-5.1.55-0.3.1 mariadb-debug-5.1.55-0.3.1 mariadb-test-5.1.55-0.3.1 mariadb-tools-5.1.55-0.3.1 References: http://support.novell.com/security/cve/CVE-2010-3833.html http://support.novell.com/security/cve/CVE-2010-3834.html http://support.novell.com/security/cve/CVE-2010-3835.html http://support.novell.com/security/cve/CVE-2010-3836.html http://support.novell.com/security/cve/CVE-2010-3837.html http://support.novell.com/security/cve/CVE-2010-3838.html http://support.novell.com/security/cve/CVE-2010-3839.html http://support.novell.com/security/cve/CVE-2010-3840.html https://bugzilla.novell.com/676973

 

Red Hat has updated qemu-kvm

Red Hat alert RHSA-2011:0919-01 (qemu-kvm)

From: bugzilla@redhat.com
To: rhsa-announce@redhat.com, enterprise-watch-list@redhat.com
Subject: [RHSA-2011:0919-01] Important: qemu-kvm security and bug fix update
Date: Tue, 5 Jul 2011 18:12:56 +0000
Message-ID: <201107051812.p65ICuen010386@int-mx09.intmail.prod.int.phx2.redhat.com>

—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm security and bug fix update Advisory ID: RHSA-2011:0919-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0919.html Issue date: 2011-07-05 CVE Names: CVE-2011-2212 CVE-2011-2512 ===================================================================== 1. Summary: Updated qemu-kvm packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) – x86_64 Red Hat Enterprise Linux HPC Node (v. 6) – x86_64 Red Hat Enterprise Linux Server (v. 6) – x86_64 Red Hat Enterprise Linux Workstation (v. 6) – x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that the virtio subsystem in qemu-kvm did not properly validate virtqueue in and out requests from the guest. A privileged guest user could use this flaw to trigger a buffer overflow, allowing them to crash the guest (denial of service) or, possibly, escalate their privileges on the host. (CVE-2011-2212) It was found that the virtio_queue_notify() function in qemu-kvm did not perform sufficient input validation on the value later used as an index into the array of virtqueues. An unprivileged guest user could use this flaw to crash the guest (denial of service) or, possibly, escalate their privileges on the host. (CVE-2011-2512) Red Hat would like to thank Nelson Elhage for reporting CVE-2011-2212. This update also fixes the following bug: * A bug was found in the way vhost (in qemu-kvm) set up mappings with the host kernel’s vhost module. This could result in the host kernel’s vhost module not having a complete view of a guest system’s memory, if that guest had more than 4 GB of memory. Consequently, hot plugging a vhost-net network device and restarting the guest may have resulted in that device no longer working. (BZ#701771) All users of qemu-kvm should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 713589 – CVE-2011-2212 qemu-kvm: virtqueue: too-large indirect descriptor buffer overflow 717399 – CVE-2011-2512 qemu-kvm: OOB memory access caused by negative vq notifies 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/… x86_64: qemu-img-0.12.1.2-2.160.el6_1.2.x86_64.rpm qemu-kvm-0.12.1.2-2.160.el6_1.2.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.160.el6_1.2.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.160.el6_1.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Compute… x86_64: qemu-img-0.12.1.2-2.160.el6_1.2.x86_64.rpm qemu-kvm-0.12.1.2-2.160.el6_1.2.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.160.el6_1.2.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.160.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/… x86_64: qemu-img-0.12.1.2-2.160.el6_1.2.x86_64.rpm qemu-kvm-0.12.1.2-2.160.el6_1.2.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.160.el6_1.2.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.160.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Worksta… x86_64: qemu-img-0.12.1.2-2.160.el6_1.2.x86_64.rpm qemu-kvm-0.12.1.2-2.160.el6_1.2.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.160.el6_1.2.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.160.el6_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2212.html https://www.redhat.com/security/data/cve/CVE-2011-2512.html https://access.redhat.com/security/updates/classification… 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. —–BEGIN PGP SIGNATURE—– Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOE1QMXlSAg2UNWIIRAiqyAJ0YZRdZLS/o8v6GpSJVdixf7dqXjQCgoCi6 FdDb471yututyx66yC/Sm1s= =MaoZ —–END PGP SIGNATURE—– — Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-…

 

Scientific Linux has updated curl and krb5-appl

Scientific Linux alert SL-krb5-20110705 (krb5-appl)

From: Troy Dawson <dawson@fnal.gov>
To: “scientific-linux-errata@fnal.gov” <scientific-linux-errata@fnal.gov>
Subject: Security ERRATA Important: krb5-appl on SL6.x i386/x86_64
Date: Tue, 05 Jul 2011 16:26:44 -0500
Message-ID: <4E138194.5070500@fnal.gov>

Synopsis: Important: krb5-appl security update Issue date: 2011-07-05 CVE Names: CVE-2011-1526 The krb5-appl packages provide Kerberos-aware telnet, ftp, rcp, rsh, and rlogin clients and servers. While these have been replaced by tools such as OpenSSH in most environments, they remain in use in others. It was found that gssftp, a Kerberos-aware FTP server, did not properly drop privileges. A remote FTP user could use this flaw to gain unauthorized read or write access to files that are owned by the root group. (CVE-2011-1526) SL 6.x SRPMS: krb5-appl-1.0.1-2.el6_1.1.src.rpm i386: krb5-appl-clients-1.0.1-2.el6_1.1.i686.rpm krb5-appl-servers-1.0.1-2.el6_1.1.i686.rpm x86_64: krb5-appl-clients-1.0.1-2.el6_1.1.x86_64.rpm krb5-appl-servers-1.0.1-2.el6_1.1.x86_64.rpm – Scientific Linux Development Team

Scientific Linux alert SL-krb5-20110705 (krb5-appl)

From: Troy Dawson <dawson@fnal.gov>
To: “scientific-linux-errata@fnal.gov” <scientific-linux-errata@fnal.gov>
Subject: Security ERRATA Important: krb5-appl on SL6.x i386/x86_64
Date: Tue, 05 Jul 2011 16:26:44 -0500
Message-ID: <4E138194.5070500@fnal.gov>

Synopsis: Important: krb5-appl security update Issue date: 2011-07-05 CVE Names: CVE-2011-1526 The krb5-appl packages provide Kerberos-aware telnet, ftp, rcp, rsh, and rlogin clients and servers. While these have been replaced by tools such as OpenSSH in most environments, they remain in use in others. It was found that gssftp, a Kerberos-aware FTP server, did not properly drop privileges. A remote FTP user could use this flaw to gain unauthorized read or write access to files that are owned by the root group. (CVE-2011-1526) SL 6.x SRPMS: krb5-appl-1.0.1-2.el6_1.1.src.rpm i386: krb5-appl-clients-1.0.1-2.el6_1.1.i686.rpm krb5-appl-servers-1.0.1-2.el6_1.1.i686.rpm x86_64: krb5-appl-clients-1.0.1-2.el6_1.1.x86_64.rpm krb5-appl-servers-1.0.1-2.el6_1.1.x86_64.rpm – Scientific Linux Development Team

 

Ubuntu has updated linux-fsl-imx51 (many vulnerabilities dating back to 2010), linux-mvl-dove (multiple vulnerabilities), and bind (denial of service).

Ubuntu alert USN-1164-1 (linux-fsl-imx51)

From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1164-1] Linux kernel vulnerabilities (i.MX51)
Date: Wed, 06 Jul 2011 10:36:13 -0400
Message-ID: <1309962973.3937.27.camel@mdlinux>

========================================================================== Ubuntu Security Notice USN-1164-1 July 06, 2011 linux-fsl-imx51 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: – Ubuntu 10.04 LTS Summary: Multiple kernel flaws have been fixed. Software Description: – linux-fsl-imx51: Linux kernel for IMX51 Details: Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2010-3865) Dan Rosenberg discovered that the CAN protocol on 64bit systems did not correctly calculate the size of certain buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2010-3874) Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-3875) Vasiliy Kulikov discovered that the Linux kernel sockets implementation did not properly initialize certain structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-3876) Vasiliy Kulikov discovered that the TIPC interface did not correctly initialize certain structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-3877) Nelson Elhage discovered that the Linux kernel IPv4 implementation did not properly audit certain bytecodes in netlink messages. A local attacker could exploit this to cause the kernel to hang, leading to a denial of service. (CVE-2010-3880) Dan Rosenberg discovered that the RME Hammerfall DSP audio interface driver did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4080, CVE-2010-4081) Dan Rosenberg discovered that the VIA video driver did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4082) Dan Rosenberg discovered that the semctl syscall did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4083) James Bottomley discovered that the ICP vortex storage array controller driver did not validate certain sizes. A local attacker on a 64bit system could exploit this to crash the kernel, leading to a denial of service. (CVE-2010-4157) Dan Rosenberg discovered multiple flaws in the X.25 facilities parsing. If a system was using X.25, a remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-4164) It was discovered that multithreaded exec did not handle CPU timers correctly. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-4248) Nelson Elhage discovered that the kernel did not correctly handle process cleanup after triggering a recoverable kernel bug. If a local attacker were able to trigger certain kinds of kernel bugs, they could create a specially crafted process to gain root privileges. (CVE-2010-4258) Nelson Elhage discovered that Econet did not correctly handle AUN packets over UDP. A local attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2010-4342) Tavis Ormandy discovered that the install_special_mapping function could bypass the mmap_min_addr restriction. A local attacker could exploit this to mmap 4096 bytes below the mmap_min_addr area, possibly improving the chances of performing NULL pointer dereference attacks. (CVE-2010-4346) Dan Rosenberg discovered that the OSS subsystem did not handle name termination correctly. A local attacker could exploit this crash the system or gain root privileges. (CVE-2010-4527) Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. On non-x86 systems, a local attacker could exploit this to read kernel heap memory, leading to a loss of privacy. (CVE-2010-4529) Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses into the /proc filesystem. A local attacker could use this to increase the chances of a successful memory corruption exploit. (CVE-2010-4565) Kees Cook discovered that some ethtool functions did not correctly clear heap memory. A local attacker with CAP_NET_ADMIN privileges could exploit this to read portions of kernel heap memory, leading to a loss of privacy. (CVE-2010-4655) Kees Cook discovered that the IOWarrior USB device driver did not correctly check certain size fields. A local attacker with physical access could plug in a specially crafted USB device to crash the system or potentially gain root privileges. (CVE-2010-4656) Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly clear memory when writing certain file holes. A local attacker could exploit this to read uninitialized data from the disk, leading to a loss of privacy. (CVE-2011-0463) Dan Carpenter discovered that the TTPCI DVB driver did not check certain values during an ioctl. If the dvb-ttpci module was loaded, a local attacker could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges. (CVE-2011-0521) Jens Kuehnel discovered that the InfiniBand driver contained a race condition. On systems using InfiniBand, a local attacker could send specially crafted requests to crash the system, leading to a denial of service. (CVE-2011-0695) Dan Rosenberg discovered that XFS did not correctly initialize memory. A local attacker could make crafted ioctl calls to leak portions of kernel stack memory, leading to a loss of privacy. (CVE-2011-0711) Rafael Dominguez Vega discovered that the caiaq Native Instruments USB driver did not correctly validate string lengths. A local attacker with physical access could plug in a specially crafted USB device to crash the system or potentially gain root privileges. (CVE-2011-0712) Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values. By inserting a specially crafted disk device, a local attacker could exploit this to gain root privileges. (CVE-2011-1017) Julien Tinnes discovered that the kernel did not correctly validate the signal structure from tkill(). A local attacker could exploit this to send signals to arbitrary threads, possibly bypassing expected restrictions. (CVE-2011-1182) Dan Rosenberg discovered that MPT devices did not correctly validate certain values in ioctl calls. If these drivers were loaded, a local attacker could exploit this to read arbitrary kernel memory, leading to a loss of privacy. (CVE-2011-1494, CVE-2011-1495) Tavis Ormandy discovered that the pidmap function did not correctly handle large requests. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1593) Vasiliy Kulikov discovered that the AGP driver did not check certain ioctl values. A local attacker with access to the video subsystem could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges. (CVE-2011-1745, CVE-2011-2022) Vasiliy Kulikov discovered that the AGP driver did not check the size of certain memory allocations. A local attacker with access to the video subsystem could exploit this to run the system out of memory, leading to a denial of service. (CVE-2011-1746, CVE-2011-1747) Oliver Hartkopp and Dave Jones discovered that the CAN network driver did not correctly validate certain socket structures. If this driver was loaded, a local attacker could crash the system, leading to a denial of service. (CVE-2011-1748) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.04 LTS: linux-image-2.6.31-609-imx51 2.6.31-609.26 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. References: http://www.ubuntu.com/usn/usn-1164-1 CVE-2010-3865, CVE-2010-3874, CVE-2010-3875, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-4080, CVE-2010-4081, CVE-2010-4082, CVE-2010-4083, CVE-2010-4157, CVE-2010-4164, CVE-2010-4248, CVE-2010-4258, CVE-2010-4342, CVE-2010-4346, CVE-2010-4527, CVE-2010-4529, CVE-2010-4565, CVE-2010-4655, CVE-2010-4656, CVE-2011-0463, CVE-2011-0521, CVE-2011-0695, CVE-2011-0711, CVE-2011-0712, CVE-2011-1017, CVE-2011-1182, CVE-2011-1494, CVE-2011-1495, CVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1747, CVE-2011-1748, CVE-2011-2022 Package Information: https://launchpad.net/ubuntu/+source/linux-fsl-imx51/2.6…. — ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security…

Ubuntu alert USN-1162-1 (linux-mvl-dove)

From: Kees Cook <kees@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1162-1] Linux kernel vulnerabilities (Marvell Dove)
Date: Wed, 29 Jun 2011 06:18:43 -0700
Message-ID: <20110629131843.GA32221@outflux.net>

========================================================================== Ubuntu Security Notice USN-1162-1 June 29, 2011 linux-mvl-dove vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: – Ubuntu 10.04 LTS Summary: Multiple kernel flaws have been fixed. Software Description: – linux-mvl-dove: Linux kernel for DOVE Details: Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec() calls. A local attacker could exploit this to consume all system memory, leading to a denial of service. (CVE-2010-4243) Alexander Duyck discovered that the Intel Gigabit Ethernet driver did not correctly handle certain configurations. If such a device was configured without VLANs, a remote attacker could crash the system, leading to a denial of service. (CVE-2010-4263) Nelson Elhage discovered that Econet did not correctly handle AUN packets over UDP. A local attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2010-4342) Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. On non-x86 systems, a local attacker could exploit this to read kernel heap memory, leading to a loss of privacy. (CVE-2010-4529) Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses into the /proc filesystem. A local attacker could use this to increase the chances of a successful memory corruption exploit. (CVE-2010-4565) Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly clear memory when writing certain file holes. A local attacker could exploit this to read uninitialized data from the disk, leading to a loss of privacy. (CVE-2011-0463) Jens Kuehnel discovered that the InfiniBand driver contained a race condition. On systems using InfiniBand, a local attacker could send specially crafted requests to crash the system, leading to a denial of service. (CVE-2011-0695) Dan Rosenberg discovered that XFS did not correctly initialize memory. A local attacker could make crafted ioctl calls to leak portions of kernel stack memory, leading to a loss of privacy. (CVE-2011-0711) Kees Cook reported that /proc/pid/stat did not correctly filter certain memory locations. A local attacker could determine the memory layout of processes in an attempt to increase the chances of a successful memory corruption exploit. (CVE-2011-0726) Matthiew Herrb discovered that the drm modeset interface did not correctly handle a signed comparison. A local attacker could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1013) Marek Ol?ák discovered that the Radeon GPU drivers did not correctly validate certain registers. On systems with specific hardware, a local attacker could exploit this to write to arbitrary video memory. (CVE-2011-1016) Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values. By inserting a specially crafted disk device, a local attacker could exploit this to gain root privileges. (CVE-2011-1017) Vasiliy Kulikov discovered that the CAP_SYS_MODULE capability was not needed to load kernel modules. A local attacker with the CAP_NET_ADMIN capability could load existing kernel modules, possibly increasing the attack surface available on the system. (CVE-2011-1019) Neil Horman discovered that NFSv4 did not correctly handle certain orders of operation with ACL data. A remote attacker with access to an NFSv4 mount could exploit this to crash the system, leading to a denial of service. (CVE-2011-1090) Timo Warns discovered that OSF partition parsing routines did not correctly clear memory. A local attacker with physical access could plug in a specially crafted block device to read kernel memory, leading to a loss of privacy. (CVE-2011-1163) Julien Tinnes discovered that the kernel did not correctly validate the signal structure from tkill(). A local attacker could exploit this to send signals to arbitrary threads, possibly bypassing expected restrictions. (CVE-2011-1182) Dan Rosenberg discovered that MPT devices did not correctly validate certain values in ioctl calls. If these drivers were loaded, a local attacker could exploit this to read arbitrary kernel memory, leading to a loss of privacy. (CVE-2011-1494, CVE-2011-1495) Tavis Ormandy discovered that the pidmap function did not correctly handle large requests. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1593) Oliver Hartkopp and Dave Jones discovered that the CAN network driver did not correctly validate certain socket structures. If this driver was loaded, a local attacker could crash the system, leading to a denial of service. (CVE-2011-1598, CVE-2011-1748) Vasiliy Kulikov discovered that the AGP driver did not check certain ioctl values. A local attacker with access to the video subsystem could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges. (CVE-2011-1745, CVE-2011-2022) Vasiliy Kulikov discovered that the AGP driver did not check the size of certain memory allocations. A local attacker with access to the video subsystem could exploit this to run the system out of memory, leading to a denial of service. (CVE-2011-1746, CVE-2011-1747) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.04 LTS: linux-image-2.6.32-217-dove 2.6.32-217.34 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. References: http://www.ubuntu.com/usn/usn-1162-1 CVE-2010-4243, CVE-2010-4263, CVE-2010-4342, CVE-2010-4529, CVE-2010-4565, CVE-2011-0463, CVE-2011-0695, CVE-2011-0711, CVE-2011-0726, CVE-2011-1013, CVE-2011-1016, CVE-2011-1017, CVE-2011-1019, CVE-2011-1090, CVE-2011-1163, CVE-2011-1182, CVE-2011-1494, CVE-2011-1495, CVE-2011-1593, CVE-2011-1598, CVE-2011-1745, CVE-2011-1746, CVE-2011-1747, CVE-2011-1748, CVE-2011-2022 Package Information: https://launchpad.net/ubuntu/+source/linux-mvl-dove/2.6.3… — ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security…

 

Ubuntu alert USN-1163-1 (bind9)

From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1163-1] Bind vulnerability
Date: Tue, 05 Jul 2011 15:40:07 -0400
Message-ID: <1309894807.2763.101.camel@mdlinux>

========================================================================== Ubuntu Security Notice USN-1163-1 July 05, 2011 bind9 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: – Ubuntu 11.04 – Ubuntu 10.10 – Ubuntu 10.04 LTS – Ubuntu 8.04 LTS Summary: An attacker could send crafted input to Bind and cause it to crash. Software Description: – bind9: Internet Domain Name Server Details: It was discovered that Bind incorrectly handled certain specially crafted packets. A remote attacker could use this flaw to cause Bind to stop responding, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: libdns69 1:9.7.3.dfsg-1ubuntu2.2 Ubuntu 10.10: libdns66 1:9.7.1.dfsg.P2-2ubuntu0.4 Ubuntu 10.04 LTS: libdns64 1:9.7.0.dfsg.P1-1ubuntu0.3 Ubuntu 8.04 LTS: libdns36 1:9.4.2.dfsg.P2-2ubuntu0.8 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1163-1 CVE-2011-2464 Package Information: https://launchpad.net/ubuntu/+source/bind9/1:9.7.3.dfsg-1… https://launchpad.net/ubuntu/+source/bind9/1:9.7.1.dfsg.P… https://launchpad.net/ubuntu/+source/bind9/1:9.7.0.dfsg.P… https://launchpad.net/ubuntu/+source/bind9/1:9.4.2.dfsg.P… — ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security…

 

Fonte: http://lwn.net/

Comments are closed.