The following updates has been released for Ubuntu Linux:
LSN-0031-1: Linux kernel vulnerability
USN-3424-2: libxml2 vulnerabilities
USN-3443-1: Linux kernel vulnerabilities
USN-3443-2: Linux kernel (HWE) vulnerabilities
USN-3443-3: Linux kernel (GCP) vulnerability
USN-3444-1: Linux kernel vulnerabilities
USN-3444-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3445-1: Linux kernel vulnerabilities
USN-3445-2: Linux kernel vulnerabilities
LSN-0031-1: Linux kernel vulnerability
USN-3424-2: libxml2 vulnerabilities
USN-3443-1: Linux kernel vulnerabilities
USN-3443-2: Linux kernel (HWE) vulnerabilities
USN-3443-3: Linux kernel (GCP) vulnerability
USN-3444-1: Linux kernel vulnerabilities
USN-3444-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3445-1: Linux kernel vulnerabilities
USN-3445-2: Linux kernel vulnerabilities
LSN-0031-1: Linux kernel vulnerability
==========================================================================
Kernel Live Patch Security Notice LSN-0031-1
October 10, 2017
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu:
| Series | Base kernel | Arch | flavors |
|------------------+--------------+----------+------------------|
| Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic |
| Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency |
| Ubuntu 14.04 LTS | 4.4.0 | amd64 | generic |
| Ubuntu 14.04 LTS | 4.4.0 | amd64 | lowlatency |
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux: Linux kernel
Details:
net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when
CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of
xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to
cause a denial of service (out-of-bounds access) or possibly have unspecified
other impact via an XFRM_MSG_MIGRATE xfrm Netlink message. (CVE-2017-11600)
Andrey Konovalov discovered that a divide-by-zero error existed in the TCP
stack implementation in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash). (CVE-2017-14106)
Update instructions:
The problem can be corrected by updating your livepatches to the following
versions:
| Kernel | Version | flavors |
|-----------------+----------+--------------------------|
| 4.4.0-21.37 | 31.1 | generic, lowlatency |
| 4.4.0-22.39 | 31.1 | generic, lowlatency |
| 4.4.0-22.40 | 31.1 | generic, lowlatency |
| 4.4.0-24.43 | 31.1 | generic, lowlatency |
| 4.4.0-28.47 | 31.1 | generic, lowlatency |
| 4.4.0-31.50 | 31.1 | generic, lowlatency |
| 4.4.0-34.53 | 31.1 | generic, lowlatency |
| 4.4.0-36.55 | 31.1 | generic, lowlatency |
| 4.4.0-38.57 | 31.1 | generic, lowlatency |
| 4.4.0-42.62 | 31.1 | generic, lowlatency |
| 4.4.0-43.63 | 31.1 | generic, lowlatency |
| 4.4.0-45.66 | 31.1 | generic, lowlatency |
| 4.4.0-47.68 | 31.1 | generic, lowlatency |
| 4.4.0-51.72 | 31.1 | generic, lowlatency |
| 4.4.0-53.74 | 31.1 | generic, lowlatency |
| 4.4.0-57.78 | 31.1 | generic, lowlatency |
| 4.4.0-59.80 | 31.1 | generic, lowlatency |
| 4.4.0-62.83 | 31.1 | generic, lowlatency |
| 4.4.0-63.84 | 31.1 | generic, lowlatency |
| 4.4.0-64.85 | 31.1 | generic, lowlatency |
| 4.4.0-66.87 | 31.1 | generic, lowlatency |
| 4.4.0-67.88 | 31.1 | generic, lowlatency |
| 4.4.0-70.91 | 31.1 | generic, lowlatency |
| 4.4.0-71.92 | 31.1 | generic, lowlatency |
| 4.4.0-72.93 | 31.1 | generic, lowlatency |
| 4.4.0-75.96 | 31.1 | generic, lowlatency |
| 4.4.0-77.98 | 31.1 | generic, lowlatency |
| 4.4.0-78.99 | 31.1 | generic, lowlatency |
| 4.4.0-79.100 | 31.1 | generic, lowlatency |
| 4.4.0-81.104 | 31.1 | generic, lowlatency |
| 4.4.0-83.106 | 31.1 | generic, lowlatency |
| 4.4.0-87.110 | 31.1 | generic, lowlatency |
| 4.4.0-89.112 | 31.1 | generic, lowlatency |
| 4.4.0-91.114 | 31.1 | generic, lowlatency |
| 4.4.0-92.115 | 31.1 | generic, lowlatency |
| 4.4.0-93.116 | 31.1 | generic, lowlatency |
| 4.4.0-96.119 | 31.1 | generic, lowlatency |
| lts-4.4.0-21.37_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-22.39_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-22.40_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-24.43_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-28.47_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-31.50_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-34.53_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-36.55_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-38.57_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-42.62_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-45.66_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-47.68_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-51.72_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-53.74_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-57.78_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-59.80_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-62.83_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-63.84_14.04.2-lts-xenial | 14.04.2 | generic, lowlatency |
| lts-4.4.0-64.85_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-66.87_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-70.91_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-71.92_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-72.93_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-75.96_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-78.99_14.04.2-lts-xenial | 14.04.2 | generic, lowlatency |
| lts-4.4.0-79.100_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-81.104_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-87.110_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-89.112_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-91.114_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-92.115_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-96.119_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
Additionally, you should install an updated kernel with these fixes and
reboot at your convienience.
References:
CVE-2017-11600, CVE-2017-14106
USN-3424-2: libxml2 vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3424-2
October 10, 2017
libxml2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in libxml2.
Software Description:
- libxml2: GNOME XML library
Details:
USN-3424-1 fixed several vulnerabilities in libxml2. This update
provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
It was discovered that a type confusion error existed in libxml2. An
attacker could use this to specially construct XML data that
could cause a denial of service or possibly execute arbitrary
code. (CVE-2017-0663)
It was discovered that libxml2 did not properly validate parsed entity
references. An attacker could use this to specially construct XML
data that could expose sensitive information. (CVE-2017-7375)
It was discovered that a buffer overflow existed in libxml2 when
handling HTTP redirects. An attacker could use this to specially
construct XML data that could cause a denial of service or possibly
execute arbitrary code. (CVE-2017-7376)
Marcel Böhme and Van-Thuan Pham discovered a buffer overflow in
libxml2 when handling elements. An attacker could use this to
specially construct XML data that could cause a denial of service or
possibly execute arbitrary code. (CVE-2017-9047)
Marcel Böhme and Van-Thuan Pham discovered a buffer overread
in libxml2 when handling elements. An attacker could use this
to specially construct XML data that could cause a denial of
service. (CVE-2017-9048)
Marcel Böhme and Van-Thuan Pham discovered multiple buffer overreads
in libxml2 when handling parameter-entity references. An attacker
could use these to specially construct XML data that could cause a
denial of service. (CVE-2017-9049, CVE-2017-9050)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
libxml2 2.7.8.dfsg-5.1ubuntu4.18
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3424-2
https://www.ubuntu.com/usn/usn-3424-1
CVE-2017-0663, CVE-2017-7375, CVE-2017-7376, CVE-2017-9047,
CVE-2017-9048, CVE-2017-9049, CVE-2017-9050
USN-3443-1: Linux kernel vulnerabilities
=========================================================================
Ubuntu Security Notice USN-3443-1
October 10, 2017
linux, linux-raspi2 vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-raspi2: Linux kernel for Raspberry Pi 2
Details:
It was discovered that on the PowerPC architecture, the kernel did not
properly sanitize the signal stack when handling sigreturn(). A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-1000255)
Andrey Konovalov discovered that a divide-by-zero error existed in the TCP
stack implementation in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash). (CVE-2017-14106)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
linux-image-4.10.0-1019-raspi2 4.10.0-1019.22
linux-image-4.10.0-37-generic 4.10.0-37.41
linux-image-4.10.0-37-generic-lpae 4.10.0-37.41
linux-image-4.10.0-37-lowlatency 4.10.0-37.41
linux-image-generic 4.10.0.37.37
linux-image-generic-lpae 4.10.0.37.37
linux-image-lowlatency 4.10.0.37.37
linux-image-powerpc-e500mc 4.10.0.37.37
linux-image-powerpc-smp 4.10.0.37.37
linux-image-powerpc64-emb 4.10.0.37.37
linux-image-powerpc64-smp 4.10.0.37.37
linux-image-raspi2 4.10.0.1019.20
linux-image-virtual 4.10.0.37.37
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://www.ubuntu.com/usn/usn-3443-1
CVE-2017-1000255, CVE-2017-14106
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.10.0-37.41
https://launchpad.net/ubuntu/+source/linux-raspi2/4.10.0-1019.22
USN-3443-2: Linux kernel (HWE) vulnerabilities
=========================================================================
Ubuntu Security Notice USN-3443-2
October 10, 2017
linux-hwe vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-hwe: Linux hardware enablement (HWE) kernel
Details:
USN-3443-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS.
It was discovered that on the PowerPC architecture, the kernel did not
properly sanitize the signal stack when handling sigreturn(). A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-1000255)
Andrey Konovalov discovered that a divide-by-zero error existed in the TCP
stack implementation in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash). (CVE-2017-14106)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
linux-image-4.10.0-37-generic 4.10.0-37.41~16.04.1
linux-image-4.10.0-37-generic-lpae 4.10.0-37.41~16.04.1
linux-image-4.10.0-37-lowlatency 4.10.0-37.41~16.04.1
linux-image-generic-hwe-16.04 4.10.0.37.39
linux-image-generic-lpae-hwe-16.04 4.10.0.37.39
linux-image-lowlatency-hwe-16.04 4.10.0.37.39
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://www.ubuntu.com/usn/usn-3443-2
https://www.ubuntu.com/usn/usn-3443-1
CVE-2017-1000255, CVE-2017-14106
Package Information:
https://launchpad.net/ubuntu/+source/linux-hwe/4.10.0-37.41~16.04.1
USN-3443-3: Linux kernel (GCP) vulnerability
=========================================================================
Ubuntu Security Notice USN-3443-3
October 11, 2017
linux-gcp vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
The system could be made to crash under certain conditions.
Software Description:
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
Details:
Andrey Konovalov discovered that a divide-by-zero error existed in the TCP
stack implementation in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash). (CVE-2017-14106)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
linux-image-4.10.0-1007-gcp 4.10.0-1007.7
linux-image-gcp 4.10.0.1007.9
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://www.ubuntu.com/usn/usn-3443-3
https://www.ubuntu.com/usn/usn-3443-1
CVE-2017-14106
Package Information:
https://launchpad.net/ubuntu/+source/linux-gcp/4.10.0-1007.7
USN-3444-1: Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3444-1
October 10, 2017
linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gke: Linux kernel for Google Container Engine (GKE) systems
- linux-kvm: Linux kernel for cloud environments
- linux-raspi2: Linux kernel for Raspberry Pi 2
- linux-snapdragon: Linux kernel for Snapdragon processors
Details:
Jan H. Schönherr discovered that the Xen subsystem did not properly handle
block IO merges correctly in some situations. An attacker in a guest vm
could use this to cause a denial of service (host crash) or possibly gain
administrative privileges in the host. (CVE-2017-12134)
Andrey Konovalov discovered that a divide-by-zero error existed in the TCP
stack implementation in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash). (CVE-2017-14106)
Otto Ebeling discovered that the memory manager in the Linux kernel did not
properly check the effective UID in some situations. A local attacker could
use this to expose sensitive information. (CVE-2017-14140)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
linux-image-4.4.0-1008-kvm 4.4.0-1008.13
linux-image-4.4.0-1032-gke 4.4.0-1032.32
linux-image-4.4.0-1038-aws 4.4.0-1038.47
linux-image-4.4.0-1075-raspi2 4.4.0-1075.83
linux-image-4.4.0-1077-snapdragon 4.4.0-1077.82
linux-image-4.4.0-97-generic 4.4.0-97.120
linux-image-4.4.0-97-generic-lpae 4.4.0-97.120
linux-image-4.4.0-97-lowlatency 4.4.0-97.120
linux-image-4.4.0-97-powerpc-e500mc 4.4.0-97.120
linux-image-4.4.0-97-powerpc-smp 4.4.0-97.120
linux-image-4.4.0-97-powerpc64-emb 4.4.0-97.120
linux-image-4.4.0-97-powerpc64-smp 4.4.0-97.120
linux-image-aws 4.4.0.1038.40
linux-image-generic 4.4.0.97.102
linux-image-generic-lpae 4.4.0.97.102
linux-image-gke 4.4.0.1032.33
linux-image-kvm 4.4.0.1008.8
linux-image-lowlatency 4.4.0.97.102
linux-image-powerpc-e500mc 4.4.0.97.102
linux-image-powerpc-smp 4.4.0.97.102
linux-image-powerpc64-emb 4.4.0.97.102
linux-image-powerpc64-smp 4.4.0.97.102
linux-image-raspi2 4.4.0.1075.75
linux-image-snapdragon 4.4.0.1077.69
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://www.ubuntu.com/usn/usn-3444-1
CVE-2017-12134, CVE-2017-14106, CVE-2017-14140
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-97.120
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1038.47
https://launchpad.net/ubuntu/+source/linux-gke/4.4.0-1032.32
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1008.13
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1075.83
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1077.82
USN-3444-2: Linux kernel (Xenial HWE) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3444-2
October 10, 2017
linux-lts-xenial vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
USN-3444-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
Jan H. Schönherr discovered that the Xen subsystem did not properly handle
block IO merges correctly in some situations. An attacker in a guest vm
could use this to cause a denial of service (host crash) or possibly gain
administrative privileges in the host. (CVE-2017-12134)
Andrey Konovalov discovered that a divide-by-zero error existed in the TCP
stack implementation in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash). (CVE-2017-14106)
Otto Ebeling discovered that the memory manager in the Linux kernel did not
properly check the effective UID in some situations. A local attacker could
use this to expose sensitive information. (CVE-2017-14140)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-4.4.0-97-generic 4.4.0-97.120~14.04.1
linux-image-4.4.0-97-generic-lpae 4.4.0-97.120~14.04.1
linux-image-4.4.0-97-lowlatency 4.4.0-97.120~14.04.1
linux-image-4.4.0-97-powerpc-e500mc 4.4.0-97.120~14.04.1
linux-image-4.4.0-97-powerpc-smp 4.4.0-97.120~14.04.1
linux-image-4.4.0-97-powerpc64-emb 4.4.0-97.120~14.04.1
linux-image-4.4.0-97-powerpc64-smp 4.4.0-97.120~14.04.1
linux-image-generic-lpae-lts-xenial 4.4.0.97.81
linux-image-generic-lts-xenial 4.4.0.97.81
linux-image-lowlatency-lts-xenial 4.4.0.97.81
linux-image-powerpc-e500mc-lts-xenial 4.4.0.97.81
linux-image-powerpc-smp-lts-xenial 4.4.0.97.81
linux-image-powerpc64-emb-lts-xenial 4.4.0.97.81
linux-image-powerpc64-smp-lts-xenial 4.4.0.97.81
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://www.ubuntu.com/usn/usn-3444-2
https://www.ubuntu.com/usn/usn-3444-1
CVE-2017-12134, CVE-2017-14106, CVE-2017-14140
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-97.120~14.04.1
USN-3445-1: Linux kernel vulnerabilities
=========================================================================Ubuntu Security Notice USN-3445-1
October 10, 2017
linux vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
Details:
Eyal Itkin discovered that the IP over IEEE 1394 (FireWire) implementation
in the Linux kernel contained a buffer overflow when handling fragmented
packets. A remote attacker could use this to possibly execute arbitrary
code with administrative privileges. (CVE-2016-8633)
Andrey Konovalov discovered that a divide-by-zero error existed in the TCP
stack implementation in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash). (CVE-2017-14106)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-3.13.0-133-generic 3.13.0-133.182
linux-image-3.13.0-133-generic-lpae 3.13.0-133.182
linux-image-3.13.0-133-lowlatency 3.13.0-133.182
linux-image-3.13.0-133-powerpc-e500 3.13.0-133.182
linux-image-3.13.0-133-powerpc-e500mc 3.13.0-133.182
linux-image-3.13.0-133-powerpc-smp 3.13.0-133.182
linux-image-3.13.0-133-powerpc64-emb 3.13.0-133.182
linux-image-3.13.0-133-powerpc64-smp 3.13.0-133.182
linux-image-generic 3.13.0.133.142
linux-image-generic-lpae 3.13.0.133.142
linux-image-lowlatency 3.13.0.133.142
linux-image-powerpc-e500 3.13.0.133.142
linux-image-powerpc-e500mc 3.13.0.133.142
linux-image-powerpc-smp 3.13.0.133.142
linux-image-powerpc64-emb 3.13.0.133.142
linux-image-powerpc64-smp 3.13.0.133.142
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://www.ubuntu.com/usn/usn-3445-1
CVE-2016-8633, CVE-2017-14106
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-133.182
USN-3445-2: Linux kernel vulnerabilities
=========================================================================
Ubuntu Security Notice USN-3445-2
October 11, 2017
linux vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
Details:
USN-3445-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 ESM.
Eyal Itkin discovered that the IP over IEEE 1394 (FireWire) implementation
in the Linux kernel contained a buffer overflow when handling fragmented
packets. A remote attacker could use this to possibly execute arbitrary
code with administrative privileges. (CVE-2016-8633)
Andrey Konovalov discovered that a divide-by-zero error existed in the TCP
stack implementation in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash). (CVE-2017-14106)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
linux-image-3.2.0-131-generic 3.2.0-131.177
linux-image-3.2.0-131-generic-pae 3.2.0-131.177
linux-image-3.2.0-131-highbank 3.2.0-131.177
linux-image-3.2.0-131-omap 3.2.0-131.177
linux-image-3.2.0-131-powerpc-smp 3.2.0-131.177
linux-image-3.2.0-131-powerpc64-smp 3.2.0-131.177
linux-image-3.2.0-131-virtual 3.2.0-131.177
linux-image-generic 3.2.0.131.145
linux-image-generic-pae 3.2.0.131.145
linux-image-highbank 3.2.0.131.145
linux-image-omap 3.2.0.131.145
linux-image-powerpc-smp 3.2.0.131.145
linux-image-powerpc64-smp 3.2.0.131.145
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://www.ubuntu.com/usn/usn-3445-2
https://www.ubuntu.com/usn/usn-3445-1
CVE-2016-8633, CVE-2017-14106