Ubuntu 6591 Published by

The following security update has been released for Ubuntu Linux:

USN-3531-2: Intel Microcode regression
USN-3537-1: MySQL vulnerabilities
USN-3538-1: OpenSSH vulnerabilities
USN-3539-1: GIMP vulnerabilities
USN-3540-1: Linux kernel vulnerabilities
USN-3540-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3541-1: Linux kernel vulnerabilities
USN-3541-2: Linux kernel (HWE) vulnerabilities
USN-3542-1: Linux kernel vulnerabilities
USN-3542-2: Linux kernel (Trusty HWE) vulnerabilities



USN-3531-2: Intel Microcode regression

==========================================================================
Ubuntu Security Notice USN-3531-2
January 22, 2018

intel-microcode regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

USN-3531-1 introduced regressions in intel-microcode.

Software Description:
- intel-microcode: Processor microcode for Intel CPUs

Details:

USN-3531-1 updated Intel microcode to the 20180108 release. Regressions
were discovered in the microcode updates which could cause system
instability on certain hardware platforms. At the request of Intel, we have
reverted to the previous packaged microcode version, the 20170707 release.

Original advisory details:

It was discovered that microprocessors utilizing speculative execution
and branch prediction may allow unauthorized memory reads via sidechannel
attacks. This flaw is known as Spectre. A local attacker could use this to
expose sensitive information, including kernel memory. (CVE-2017-5715)
This update provides the microcode updates required for the corresponding
Linux kernel updates.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
intel-microcode 3.20180108.0+really20170707ubuntu17.10.1

Ubuntu 16.04 LTS:
intel-microcode 3.20180108.0+really20170707ubuntu16.04.1

Ubuntu 14.04 LTS:
intel-microcode 3.20180108.0+really20170707ubuntu14.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3531-2
https://www.ubuntu.com/usn/usn-3531-1
https://launchpad.net/bugs/1742933

Package Information:

https://launchpad.net/ubuntu/+source/intel-microcode/3.20180108.0+really20170707ubuntu17.10.1

https://launchpad.net/ubuntu/+source/intel-microcode/3.20180108.0+really20170707ubuntu16.04.1

https://launchpad.net/ubuntu/+source/intel-microcode/3.20180108.0+really20170707ubuntu14.04.1

USN-3537-1: MySQL vulnerabilities


==========================================================================
Ubuntu Security Notice USN-3537-1
January 22, 2018

mysql-5.5, mysql-5.7 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in MySQL.

Software Description:
- mysql-5.7: MySQL database
- mysql-5.5: MySQL database

Details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 5.5.59 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS,
and Ubuntu 17.10 have been updated to MySQL 5.7.21.

In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.

Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-59.html
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-21.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
mysql-server-5.7 5.7.21-0ubuntu0.17.10.1

Ubuntu 16.04 LTS:
mysql-server-5.7 5.7.21-0ubuntu0.16.04.1

Ubuntu 14.04 LTS:
mysql-server-5.5 5.5.59-0ubuntu0.14.04.1

In general, a standard system update will make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3537-1
CVE-2018-2562, CVE-2018-2565, CVE-2018-2573, CVE-2018-2576,
CVE-2018-2583, CVE-2018-2586, CVE-2018-2590, CVE-2018-2600,
CVE-2018-2612, CVE-2018-2622, CVE-2018-2640, CVE-2018-2645,
CVE-2018-2646, CVE-2018-2647, CVE-2018-2665, CVE-2018-2667,
CVE-2018-2668, CVE-2018-2696, CVE-2018-2703

Package Information:
https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.21-0ubuntu0.17.10.1
https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.21-0ubuntu0.16.04.1
https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.59-0ubuntu0.14.04.1

USN-3538-1: OpenSSH vulnerabilities


==========================================================================
Ubuntu Security Notice USN-3538-1
January 22, 2018

openssh vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in OpenSSH.

Software Description:
- openssh: secure shell (SSH) for secure access to remote machines

Details:

Jann Horn discovered that OpenSSH incorrectly loaded PKCS#11 modules from
untrusted directories. A remote attacker could possibly use this issue to
execute arbitrary PKCS#11 modules. This issue only affected Ubuntu 14.04
LTS and Ubuntu 16.04 LTS. (CVE-2016-10009)

Jann Horn discovered that OpenSSH incorrectly handled permissions on
Unix-domain sockets when privilege separation is disabled. A local attacker
could possibly use this issue to gain privileges. This issue only affected
Ubuntu 16.04 LTS. (CVE-2016-10010)

Jann Horn discovered that OpenSSH incorrectly handled certain buffer memory
operations. A local attacker could possibly use this issue to obtain
sensitive information. This issue only affected Ubuntu 14.04 LTS and Ubuntu
16.04 LTS. (CVE-2016-10011)

Guido Vranken discovered that OpenSSH incorrectly handled certain shared
memory manager operations. A local attacker could possibly use issue to
gain privileges. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04
LTS. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-10012)

Michal Zalewski discovered that OpenSSH incorrectly prevented write
operations in readonly mode. A remote attacker could possibly use this
issue to create zero-length files, leading to a denial of service.
(CVE-2017-15906)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
openssh-server 1:7.5p1-10ubuntu0.1

Ubuntu 16.04 LTS:
openssh-server 1:7.2p2-4ubuntu2.4

Ubuntu 14.04 LTS:
openssh-server 1:6.6p1-2ubuntu2.10

In general, a standard system update will make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3538-1
CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012,
CVE-2017-15906

Package Information:
https://launchpad.net/ubuntu/+source/openssh/1:7.5p1-10ubuntu0.1
https://launchpad.net/ubuntu/+source/openssh/1:7.2p2-4ubuntu2.4
https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2.10

USN-3539-1: GIMP vulnerabilities


==========================================================================
Ubuntu Security Notice USN-3539-1
January 22, 2018

gimp vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in GIMP.

Software Description:
- gimp: The GNU Image Manipulation Program

Details:

It was discovered that GIMP incorrectly handled certain images. If a
user were tricked into opening a specially crafted image, an attacker
could possibly use this to execute arbitrary code. (CVE-2017-17784,
CVE-2017-17785, CVE-2017-17786, CVE-2017-17787, CVE-2017-17788,
CVE-2017-17789)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  gimp2.8.10-0ubuntu1.2
  libgimp2.0 2.8.10-0ubuntu1.2

In general, a standard system update will make all the necessary
changes.

References:
  https://www.ubuntu.com/usn/usn-3539-1
  CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787,
  CVE-2017-17788, CVE-2017-17789

Package Information:
  https://launchpad.net/ubuntu/+source/gimp/2.8.10-0ubuntu1.2


USN-3540-1: Linux kernel vulnerabilities


=========================================================================
Ubuntu Security Notice USN-3540-1
January 23, 2018

linux, linux-aws, linux-euclid vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were addressed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-euclid: Linux kernel for Intel Euclid systems

Details:

Jann Horn discovered that microprocessors utilizing speculative
execution and branch prediction may allow unauthorized memory
reads via sidechannel attacks. This flaw is known as Spectre. A
local attacker could use this to expose sensitive information,
including kernel memory. This update provides mitigations for the
i386 (CVE-2017-5753 only), amd64, ppc64el, and s390x architectures.
(CVE-2017-5715, CVE-2017-5753)

USN-3522-1 mitigated CVE-2017-5754 (Meltdown) for the amd64
architecture in Ubuntu 16.04 LTS. This update provides the
corresponding mitigations for the ppc64el architecture. Original
advisory details:

Jann Horn discovered that microprocessors utilizing speculative
execution and indirect branch prediction may allow unauthorized memory
reads via sidechannel attacks. This flaw is known as Meltdown. A local
attacker could use this to expose sensitive information, including
kernel memory. (CVE-2017-5754)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.4.0-1049-aws 4.4.0-1049.58
linux-image-4.4.0-112-generic 4.4.0-112.135
linux-image-4.4.0-112-generic-lpae 4.4.0-112.135
linux-image-4.4.0-112-lowlatency 4.4.0-112.135
linux-image-4.4.0-112-powerpc-e500mc 4.4.0-112.135
linux-image-4.4.0-112-powerpc-smp 4.4.0-112.135
linux-image-4.4.0-112-powerpc64-emb 4.4.0-112.135
linux-image-4.4.0-112-powerpc64-smp 4.4.0-112.135
linux-image-4.4.0-9023-euclid 4.4.0-9023.24
linux-image-aws 4.4.0.1049.51
linux-image-euclid 4.4.0.9023.24
linux-image-generic 4.4.0.112.118
linux-image-generic-lpae 4.4.0.112.118
linux-image-lowlatency 4.4.0.112.118
linux-image-powerpc-e500mc 4.4.0.112.118
linux-image-powerpc-smp 4.4.0.112.118
linux-image-powerpc64-emb 4.4.0.112.118
linux-image-powerpc64-smp 4.4.0.112.118

Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2)
requires corresponding processor microcode/firmware updates or,
in virtual environments, hypervisor updates. On i386 and amd64
architectures, the IBRS and IBPB features are required to enable the
kernel mitigations. Ubuntu is working with Intel and AMD to provide
future microcode updates that implement IBRS and IBPB as they are made
available. Ubuntu users with a processor from a different vendor should
contact the vendor to identify necessary firmware updates. Ubuntu
will provide corresponding QEMU updates in the future for users of
self-hosted virtual environments in coordination with upstream QEMU.
Ubuntu users in cloud environments should contact the cloud provider
to confirm that the hypervisor has been updated to expose the new
CPU features to virtual machines.

After a standard system update you need to reboot your computer to
apply the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3540-1
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-112.135
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1049.58
https://launchpad.net/ubuntu/+source/linux-euclid/4.4.0-9023.24

USN-3540-2: Linux kernel (Xenial HWE) vulnerabilities


=========================================================================
Ubuntu Security Notice USN-3540-2
January 23, 2018

linux-lts-xenial, linux-aws vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were addressed in the Linux kernel.

Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

USN-3540-1 addressed vulnerabilities in the Linux kernel for Ubuntu
16.04 LTS. This update provides the corresponding updates for the
Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for
Ubuntu 14.04 LTS.

Jann Horn discovered that microprocessors utilizing speculative
execution and branch prediction may allow unauthorized memory
reads via sidechannel attacks. This flaw is known as Spectre. A
local attacker could use this to expose sensitive information,
including kernel memory. This update provides mitigations for the
i386 (CVE-2017-5753 only), amd64, ppc64el, and s390x architectures.
(CVE-2017-5715, CVE-2017-5753)

USN-3522-2 mitigated CVE-2017-5754 (Meltdown) for the amd64
architecture in the Linux Hardware Enablement (HWE) kernel from Ubuntu
16.04 LTS for Ubuntu 14.04 LTS. This update provides the corresponding
mitigations for the ppc64el architecture. Original advisory details:

Jann Horn discovered that microprocessors utilizing speculative
execution and indirect branch prediction may allow unauthorized memory
reads via sidechannel attacks. This flaw is known as Meltdown. A local
attacker could use this to expose sensitive information, including
kernel memory. (CVE-2017-5754)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-4.4.0-1011-aws 4.4.0-1011.11
linux-image-4.4.0-111-generic 4.4.0-111.134~14.04.1
linux-image-4.4.0-111-lowlatency 4.4.0-111.134~14.04.1
linux-image-4.4.0-111-powerpc-e500mc 4.4.0-111.134~14.04.1
linux-image-4.4.0-111-powerpc-smp 4.4.0-111.134~14.04.1
linux-image-4.4.0-111-powerpc64-emb 4.4.0-111.134~14.04.1
linux-image-4.4.0-111-powerpc64-smp 4.4.0-111.134~14.04.1
linux-image-aws 4.4.0.1011.11
linux-image-generic-lts-xenial 4.4.0.111.95
linux-image-lowlatency-lts-xenial 4.4.0.111.95
linux-image-powerpc-e500mc-lts-xenial 4.4.0.111.95
linux-image-powerpc-smp-lts-xenial 4.4.0.111.95
linux-image-powerpc64-emb-lts-xenial 4.4.0.111.95
linux-image-powerpc64-smp-lts-xenial 4.4.0.111.95

Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2)
requires corresponding processor microcode/firmware updates or,
in virtual environments, hypervisor updates. On i386 and amd64
architectures, the IBRS and IBPB features are required to enable the
kernel mitigations. Ubuntu is working with Intel and AMD to provide
future microcode updates that implement IBRS and IBPB as they are made
available. Ubuntu users with a processor from a different vendor should
contact the vendor to identify necessary firmware updates. Ubuntu
will provide corresponding QEMU updates in the future for users of
self-hosted virtual environments in coordination with upstream QEMU.
Ubuntu users in cloud environments should contact the cloud provider
to confirm that the hypervisor has been updated to expose the new
CPU features to virtual machines.

After a standard system update you need to reboot your computer to
apply the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3540-2
https://www.ubuntu.com/usn/usn-3540-1
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754

Package Information:
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1011.11
https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-111.134~14.04.1

USN-3541-1: Linux kernel vulnerabilities


=========================================================================
Ubuntu Security Notice USN-3541-1
January 23, 2018

linux vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.10

Summary:

Several security issues were addressed in the Linux kernel.

Software Description:
- linux: Linux kernel

Details:

Jann Horn discovered that microprocessors utilizing speculative
execution and branch prediction may allow unauthorized memory
reads via sidechannel attacks. This flaw is known as Spectre. A
local attacker could use this to expose sensitive information,
including kernel memory. This update provides mitigations for the
i386 (CVE-2017-5753 only), amd64, ppc64el, and s390x architectures.
(CVE-2017-5715, CVE-2017-5753)

USN-3523-1 mitigated CVE-2017-5754 (Meltdown) for the amd64
architecture in Ubuntu 17.10. This update provides the corresponding
mitigations for the ppc64el architecture. Original advisory details:

Jann Horn discovered that microprocessors utilizing speculative
execution and indirect branch prediction may allow unauthorized memory
reads via sidechannel attacks. This flaw is known as Meltdown. A local
attacker could use this to expose sensitive information, including
kernel memory. (CVE-2017-5754)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
linux-image-4.13.0-31-generic 4.13.0-31.34
linux-image-4.13.0-31-lowlatency 4.13.0-31.34
linux-image-generic 4.13.0.31.33
linux-image-lowlatency 4.13.0.31.33

Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2)
requires corresponding processor microcode/firmware updates or,
in virtual environments, hypervisor updates. On i386 and amd64
architectures, the IBRS and IBPB features are required to enable the
kernel mitigations. Ubuntu is working with Intel and AMD to provide
future microcode updates that implement IBRS and IBPB as they are made
available. Ubuntu users with a processor from a different vendor should
contact the vendor to identify necessary firmware updates. Ubuntu
will provide corresponding QEMU updates in the future for users of
self-hosted virtual environments in coordination with upstream QEMU.
Ubuntu users in cloud environments should contact the cloud provider
to confirm that the hypervisor has been updated to expose the new
CPU features to virtual machines.

After a standard system update you need to reboot your computer to
apply the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3541-1
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.13.0-31.34

USN-3541-2: Linux kernel (HWE) vulnerabilities


=========================================================================
Ubuntu Security Notice USN-3541-2
January 23, 2018

linux-hwe, linux-azure, linux-gcp, linux-oem vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were addressed in the Linux kernel.

Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
- linux-oem: Linux kernel for OEM processors

Details:

USN-3541-1 addressed vulnerabilities in the Linux kernel for Ubuntu
17.10. This update provides the corresponding updates for the
Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu
16.04 LTS.

Jann Horn discovered that microprocessors utilizing speculative
execution and branch prediction may allow unauthorized memory
reads via sidechannel attacks. This flaw is known as Spectre. A
local attacker could use this to expose sensitive information,
including kernel memory. This update provides mitigations for the
i386 (CVE-2017-5753 only), amd64, ppc64el, and s390x architectures.
(CVE-2017-5715, CVE-2017-5753)

USN-3523-2 mitigated CVE-2017-5754 (Meltdown) for the amd64
architecture in the Linux Hardware Enablement (HWE) kernel from Ubuntu
17.10 for Ubuntu 16.04 LTS. This update provides the corresponding
mitigations for the ppc64el architecture. Original advisory details:

Jann Horn discovered that microprocessors utilizing speculative
execution and indirect branch prediction may allow unauthorized memory
reads via sidechannel attacks. This flaw is known as Meltdown. A local
attacker could use this to expose sensitive information, including
kernel memory. (CVE-2017-5754)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.13.0-1006-azure 4.13.0-1006.8
linux-image-4.13.0-1007-gcp 4.13.0-1007.10
linux-image-4.13.0-1017-oem 4.13.0-1017.18
linux-image-4.13.0-31-generic 4.13.0-31.34~16.04.1
linux-image-4.13.0-31-lowlatency 4.13.0-31.34~16.04.1
linux-image-azure 4.13.0.1006.7
linux-image-gcp 4.13.0.1007.9
linux-image-generic-hwe-16.04 4.13.0.31.51
linux-image-gke 4.13.0.1007.9
linux-image-lowlatency-hwe-16.04 4.13.0.31.51
linux-image-oem 4.13.0.1017.21

Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2)
requires corresponding processor microcode/firmware updates or,
in virtual environments, hypervisor updates. On i386 and amd64
architectures, the IBRS and IBPB features are required to enable the
kernel mitigations. Ubuntu is working with Intel and AMD to provide
future microcode updates that implement IBRS and IBPB as they are made
available. Ubuntu users with a processor from a different vendor should
contact the vendor to identify necessary firmware updates. Ubuntu
will provide corresponding QEMU updates in the future for users of
self-hosted virtual environments in coordination with upstream QEMU.
Ubuntu users in cloud environments should contact the cloud provider
to confirm that the hypervisor has been updated to expose the new
CPU features to virtual machines.

After a standard system update you need to reboot your computer to
apply the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3541-2
https://www.ubuntu.com/usn/usn-3541-1
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754

Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/4.13.0-1006.8
https://launchpad.net/ubuntu/+source/linux-gcp/4.13.0-1007.10
https://launchpad.net/ubuntu/+source/linux-hwe/4.13.0-31.34~16.04.1
https://launchpad.net/ubuntu/+source/linux-oem/4.13.0-1017.18

USN-3542-1: Linux kernel vulnerabilities


=========================================================================
Ubuntu Security Notice USN-3542-1
January 23, 2018

linux vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were addressed in the Linux kernel.

Software Description:
- linux: Linux kernel

Details:

Jann Horn discovered that microprocessors utilizing speculative
execution and branch prediction may allow unauthorized memory reads via
sidechannel attacks. This flaw is known as Spectre. A local attacker
could use this to expose sensitive information, including kernel
memory. This update provides mitigations for the i386 (CVE-2017-5753
only) and amd64 architectures.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-3.13.0-141-generic 3.13.0-141.190
linux-image-3.13.0-141-lowlatency 3.13.0-141.190
linux-image-generic 3.13.0.141.151
linux-image-lowlatency 3.13.0.141.151

Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2)
requires corresponding processor microcode/firmware updates or,
in virtual environments, hypervisor updates. On i386 and amd64
architectures, the IBRS and IBPB features are required to enable the
kernel mitigations. Ubuntu is working with Intel and AMD to provide
future microcode updates that implement IBRS and IBPB as they are made
available. Ubuntu users with a processor from a different vendor should
contact the vendor to identify necessary firmware updates. Ubuntu
will provide corresponding QEMU updates in the future for users of
self-hosted virtual environments in coordination with upstream QEMU.
Ubuntu users in cloud environments should contact the cloud provider
to confirm that the hypervisor has been updated to expose the new
CPU features to virtual machines.

After a standard system update you need to reboot your computer to
apply the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3542-1
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
CVE-2017-5715, CVE-2017-5753

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-141.190

USN-3542-2: Linux kernel (Trusty HWE) vulnerabilities


=========================================================================
Ubuntu Security Notice USN-3542-2
January 23, 2018

linux-lts-trusty vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

Several security issues were addressed in the Linux kernel.

Software Description:
- linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise ESM

Details:

USN-3542-1 addressed vulnerabilities in the Linux kernel for Ubuntu
14.04 LTS. This update provides the corresponding updates for the
Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for
Ubuntu 12.04 ESM.

Jann Horn discovered that microprocessors utilizing speculative
execution and branch prediction may allow unauthorized memory reads via
sidechannel attacks. This flaw is known as Spectre. A local attacker
could use this to expose sensitive information, including kernel
memory. This update provides mitigations for the i386 (CVE-2017-5753
only) and amd64 architectures.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
linux-image-3.13.0-140-generic 3.13.0-140.189~precise1
linux-image-generic-lts-trusty 3.13.0.140.131

Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2)
requires corresponding processor microcode/firmware updates or,
in virtual environments, hypervisor updates. On i386 and amd64
architectures, the IBRS and IBPB features are required to enable the
kernel mitigations. Ubuntu is working with Intel and AMD to provide
future microcode updates that implement IBRS and IBPB as they are made
available. Ubuntu users with a processor from a different vendor should
contact the vendor to identify necessary firmware updates. Ubuntu
will provide corresponding QEMU updates in the future for users of
self-hosted virtual environments in coordination with upstream QEMU.
Ubuntu users in cloud environments should contact the cloud provider
to confirm that the hypervisor has been updated to expose the new
CPU features to virtual machines.

After a standard system update you need to reboot your computer to
apply the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3542-2
https://www.ubuntu.com/usn/usn-3542-1
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
CVE-2017-5715, CVE-2017-5753