Ubuntu 6571 Published by

The following updates has been released for Ubuntu Linux:

LSN-0033-1: Linux kernel vulnerability
USN-3506-1: rsync vulnerabilities
USN-3506-2: rsync vulnerabilities
USN-3507-1: Linux kernel vulnerabilities
USN-3507-2: Linux kernel (GCP) vulnerabilities
USN-3508-1: Linux kernel vulnerabilities
USN-3508-2: Linux kernel (HWE) vulnerabilities
USN-3509-1: Linux kernel vulnerabilities
USN-3509-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3510-1: Linux kernel vulnerabilities
USN-3510-2: Linux kernel (Trusty HWE) vulnerabilities
USN-3511-1: Linux kernel (Azure) vulnerabilities



LSN-0033-1: Linux kernel vulnerability

==========================================================================
Kernel Live Patch Security Notice LSN-0033-1
December 07, 2017

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu:

| Series | Base kernel | Arch | flavors |
|------------------+--------------+----------+------------------|
| Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic |
| Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency |
| Ubuntu 14.04 LTS | 4.4.0 | amd64 | generic |
| Ubuntu 14.04 LTS | 4.4.0 | amd64 | lowlatency |

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

Mohamed Ghannam discovered that a use-after-free vulnerability existed in
the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16939)

It was discovered that the Linux kernel did not properly handle copy-on-
write of transparent huge pages. A local attacker could use this to cause a
denial of service (application crashes) or possibly gain administrative
privileges. (CVE-2017-1000405)

It was discovered that a race condition existed in the ALSA subsystem of
the Linux kernel when creating and deleting a port via ioctl(). A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-15265)

Update instructions:

The problem can be corrected by updating your livepatches to the following
versions:

| Kernel | Version | flavors |
|-----------------+----------+--------------------------|
| 4.4.0-101.124 | 33.2 | generic, lowlatency |
| 4.4.0-21.37 | 33.2 | generic, lowlatency |
| 4.4.0-22.39 | 33.2 | generic, lowlatency |
| 4.4.0-22.40 | 33.2 | generic, lowlatency |
| 4.4.0-24.43 | 33.2 | generic, lowlatency |
| 4.4.0-28.47 | 33.2 | generic, lowlatency |
| 4.4.0-31.50 | 33.2 | generic, lowlatency |
| 4.4.0-34.53 | 33.2 | generic, lowlatency |
| 4.4.0-36.55 | 33.2 | generic, lowlatency |
| 4.4.0-38.57 | 33.2 | generic, lowlatency |
| 4.4.0-42.62 | 33.2 | generic, lowlatency |
| 4.4.0-43.63 | 33.2 | generic, lowlatency |
| 4.4.0-45.66 | 33.2 | generic, lowlatency |
| 4.4.0-47.68 | 33.2 | generic, lowlatency |
| 4.4.0-51.72 | 33.2 | generic, lowlatency |
| 4.4.0-53.74 | 33.2 | generic, lowlatency |
| 4.4.0-57.78 | 33.2 | generic, lowlatency |
| 4.4.0-59.80 | 33.2 | generic, lowlatency |
| 4.4.0-62.83 | 33.2 | generic, lowlatency |
| 4.4.0-63.84 | 33.2 | generic, lowlatency |
| 4.4.0-64.85 | 33.2 | generic, lowlatency |
| 4.4.0-66.87 | 33.2 | generic, lowlatency |
| 4.4.0-67.88 | 33.2 | generic, lowlatency |
| 4.4.0-70.91 | 33.2 | generic, lowlatency |
| 4.4.0-71.92 | 33.2 | generic, lowlatency |
| 4.4.0-72.93 | 33.2 | generic, lowlatency |
| 4.4.0-75.96 | 33.2 | generic, lowlatency |
| 4.4.0-77.98 | 33.2 | generic, lowlatency |
| 4.4.0-78.99 | 33.2 | generic, lowlatency |
| 4.4.0-79.100 | 33.2 | generic, lowlatency |
| 4.4.0-81.104 | 33.2 | generic, lowlatency |
| 4.4.0-83.106 | 33.2 | generic, lowlatency |
| 4.4.0-87.110 | 33.2 | generic, lowlatency |
| 4.4.0-89.112 | 33.2 | generic, lowlatency |
| 4.4.0-91.114 | 33.2 | generic, lowlatency |
| 4.4.0-92.115 | 33.2 | generic, lowlatency |
| 4.4.0-93.116 | 33.2 | generic, lowlatency |
| 4.4.0-96.119 | 33.2 | generic, lowlatency |
| 4.4.0-97.120 | 32.2 | generic, lowlatency |
| 4.4.0-97.120 | 33.2 | generic, lowlatency |
| 4.4.0-98.121 | 33.2 | generic, lowlatency |
| lts-4.4.0-101.124_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-21.37_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-22.39_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-22.40_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-24.43_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-28.47_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-31.50_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-34.53_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-36.55_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-38.57_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-42.62_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-45.66_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-47.68_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-51.72_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-53.74_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-57.78_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-59.80_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-62.83_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-63.84_14.04.2-lts-xenial | 14.04.2 | generic, lowlatency |
| lts-4.4.0-64.85_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-66.87_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-67.88_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-70.91_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-71.92_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-72.93_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-75.96_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-78.99_14.04.2-lts-xenial | 14.04.2 | generic, lowlatency |
| lts-4.4.0-79.100_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-81.104_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-83.106_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-87.110_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-89.112_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-91.114_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-92.115_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-93.116_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-96.119_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-97.120_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-98.121_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |

Additionally, you should install an updated kernel with these fixes and
reboot at your convienience.

References:
CVE-2017-1000405, CVE-2017-15265, CVE-2017-16939

--


USN-3506-1: rsync vulnerabilities



==========================================================================
Ubuntu Security Notice USN-3506-1
December 07, 2017

rsync vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.10
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in rsync.

Software Description:
- rsync: fast, versatile, remote (and local) file-copying tool

Details:

It was discovered that rsync proceeds with certain file metadata
updates before checking for a filename. An attacker could use this to
bypass access restrictions. (CVE-2017-17433)

It was discovered that rsync does not check for fnamecmp filenames and
also does not apply the sanitize_paths protection mechanism to
pathnames. An attacker could use this to bypass access restrictions.
(CVE-2017-17434)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
  rsync 3.1.2-2ubuntu0.1

Ubuntu 17.04:
  rsync 3.1.2-1ubuntu0.1

Ubuntu 16.04 LTS:
  rsync 3.1.1-3ubuntu1.1

Ubuntu 14.04 LTS:
  rsync 3.1.0-2ubuntu0.3

In general, a standard system update will make all the necessary
changes.

References:
  https://www.ubuntu.com/usn/usn-3506-1
  CVE-2017-17433, CVE-2017-17434

Package Information:
  https://launchpad.net/ubuntu/+source/rsync/3.1.2-2ubuntu0.1
  https://launchpad.net/ubuntu/+source/rsync/3.1.2-1ubuntu0.1
  https://launchpad.net/ubuntu/+source/rsync/3.1.1-3ubuntu1.1
  https://launchpad.net/ubuntu/+source/rsync/3.1.0-2ubuntu0.3


USN-3506-2: rsync vulnerabilities


==========================================================================
Ubuntu Security Notice USN-3506-2
December 07, 2017

rsync vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in rsync.

Software Description:
- rsync: fast, versatile, remote (and local) file-copying tool

Details:

USN-3506-1 fixed two vulnerabilities in rsync. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 It was discovered that rsync proceeds with certain file metadata
 updates before checking for a filename. An attacker could use this to
 bypass access restrictions. (CVE-2017-17433)

 It was discovered that rsync does not check for fnamecmp filenames and
 also does not apply the sanitize_paths protection mechanism to
 pathnames. An attacker could use this to bypass access restrictions.
 (CVE-2017-17434)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  rsync 3.0.9-1ubuntu1.2

In general, a standard system update will make all the necessary
changes.

References:
https://www.ubuntu.com/usn/usn-3506-2
https://www.ubuntu.com/usn/usn-3506-1
CVE-2017-17433, CVE-2017-17434


USN-3507-1: Linux kernel vulnerabilities



=========================================================================Ubuntu Security Notice USN-3507-1
December 07, 2017

linux, linux-raspi2 vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.10

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-raspi2: Linux kernel for Raspberry Pi 2

Details:

Mohamed Ghannam discovered that a use-after-free vulnerability existed in
the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16939)

It was discovered that the Linux kernel did not properly handle copy-on-
write of transparent huge pages. A local attacker could use this to cause a
denial of service (application crashes) or possibly gain administrative
privileges. (CVE-2017-1000405)

Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array
implementation in the Linux kernel sometimes did not properly handle adding
a new entry. A local attacker could use this to cause a denial of service
(system crash). (CVE-2017-12193)

Eric Biggers discovered that the key management subsystem in the Linux
kernel did not properly restrict adding a key that already exists but is
uninstantiated. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2017-15299)

It was discovered that a null pointer dereference error existed in the
PowerPC KVM implementation in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash). (CVE-2017-15306)

Eric Biggers discovered a race condition in the key management subsystem of
the Linux kernel around keys in a negative state. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-15951)

Andrey Konovalov discovered that the USB subsystem in the Linux kernel did
not properly validate USB BOS metadata. A physically proximate attacker
could use this to cause a denial of service (system crash).
(CVE-2017-16535)

Andrey Konovalov discovered an out-of-bounds read in the GTCO digitizer USB
driver for the Linux kernel. A physically proximate attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-16643)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
linux-image-4.13.0-1008-raspi2 4.13.0-1008.8
linux-image-4.13.0-19-generic 4.13.0-19.22
linux-image-4.13.0-19-generic-lpae 4.13.0-19.22
linux-image-4.13.0-19-lowlatency 4.13.0-19.22
linux-image-generic 4.13.0.19.20
linux-image-generic-lpae 4.13.0.19.20
linux-image-lowlatency 4.13.0.19.20
linux-image-raspi2 4.13.0.1008.6

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://www.ubuntu.com/usn/usn-3507-1
CVE-2017-1000405, CVE-2017-12193, CVE-2017-15299, CVE-2017-15306,
CVE-2017-15951, CVE-2017-16535, CVE-2017-16643, CVE-2017-16939

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.13.0-19.22
https://launchpad.net/ubuntu/+source/linux-raspi2/4.13.0-1008.8

USN-3507-2: Linux kernel (GCP) vulnerabilities



=========================================================================Ubuntu Security Notice USN-3507-2
December 08, 2017

linux-gcp vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems

Details:

Mohamed Ghannam discovered that a use-after-free vulnerability existed in
the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16939)

It was discovered that the Linux kernel did not properly handle copy-on-
write of transparent huge pages. A local attacker could use this to cause a
denial of service (application crashes) or possibly gain administrative
privileges. (CVE-2017-1000405)

Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array
implementation in the Linux kernel sometimes did not properly handle adding
a new entry. A local attacker could use this to cause a denial of service
(system crash). (CVE-2017-12193)

Eric Biggers discovered that the key management subsystem in the Linux
kernel did not properly restrict adding a key that already exists but is
uninstantiated. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2017-15299)

It was discovered that a null pointer dereference error existed in the
PowerPC KVM implementation in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash). (CVE-2017-15306)

Eric Biggers discovered a race condition in the key management subsystem of
the Linux kernel around keys in a negative state. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-15951)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.13.0-1002-gcp 4.13.0-1002.5
linux-image-gcp 4.13.0.1002.4
linux-image-gke 4.13.0.1002.4

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://www.ubuntu.com/usn/usn-3507-2
https://www.ubuntu.com/usn/usn-3507-1
CVE-2017-1000405, CVE-2017-12193, CVE-2017-15299, CVE-2017-15306,
CVE-2017-15951, CVE-2017-16939

Package Information:
https://launchpad.net/ubuntu/+source/linux-gcp/4.13.0-1002.5

USN-3508-1: Linux kernel vulnerabilities


=========================================================================Ubuntu Security Notice USN-3508-1
December 07, 2017

linux, linux-raspi2 vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.04

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-raspi2: Linux kernel for Raspberry Pi 2

Details:

Mohamed Ghannam discovered that a use-after-free vulnerability existed in
the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16939)

It was discovered that the Linux kernel did not properly handle copy-on-
write of transparent huge pages. A local attacker could use this to cause a
denial of service (application crashes) or possibly gain administrative
privileges. (CVE-2017-1000405)

Yonggang Guo discovered that a race condition existed in the driver
subsystem in the Linux kernel. A local attacker could use this to possibly
gain administrative privileges. (CVE-2017-12146)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
linux-image-4.10.0-1023-raspi2 4.10.0-1023.26
linux-image-4.10.0-42-generic 4.10.0-42.46
linux-image-4.10.0-42-generic-lpae 4.10.0-42.46
linux-image-4.10.0-42-lowlatency 4.10.0-42.46
linux-image-generic 4.10.0.42.42
linux-image-generic-lpae 4.10.0.42.42
linux-image-lowlatency 4.10.0.42.42
linux-image-raspi2 4.10.0.1023.24

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://www.ubuntu.com/usn/usn-3508-1
CVE-2017-1000405, CVE-2017-12146, CVE-2017-16939

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.10.0-42.46
https://launchpad.net/ubuntu/+source/linux-raspi2/4.10.0-1023.26

USN-3508-2: Linux kernel (HWE) vulnerabilities


=========================================================================Ubuntu Security Notice USN-3508-2
December 07, 2017

linux-hwe vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-hwe: Linux hardware enablement (HWE) kernel

Details:

USN-3508-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS.

Mohamed Ghannam discovered that a use-after-free vulnerability existed in
the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16939)

It was discovered that the Linux kernel did not properly handle copy-on-
write of transparent huge pages. A local attacker could use this to cause a
denial of service (application crashes) or possibly gain administrative
privileges. (CVE-2017-1000405)

Yonggang Guo discovered that a race condition existed in the driver
subsystem in the Linux kernel. A local attacker could use this to possibly
gain administrative privileges. (CVE-2017-12146)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.10.0-42-generic 4.10.0-42.46~16.04.1
linux-image-4.10.0-42-generic-lpae 4.10.0-42.46~16.04.1
linux-image-4.10.0-42-lowlatency 4.10.0-42.46~16.04.1
linux-image-generic-hwe-16.04 4.10.0.42.44
linux-image-generic-lpae-hwe-16.04 4.10.0.42.44
linux-image-lowlatency-hwe-16.04 4.10.0.42.44

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://www.ubuntu.com/usn/usn-3508-2
https://www.ubuntu.com/usn/usn-3508-1
CVE-2017-1000405, CVE-2017-12146, CVE-2017-16939

Package Information:
https://launchpad.net/ubuntu/+source/linux-hwe/4.10.0-42.46~16.04.1

USN-3509-1: Linux kernel vulnerabilities



=========================================================================Ubuntu Security Notice USN-3509-1
December 07, 2017

linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-kvm: Linux kernel for cloud environments
- linux-raspi2: Linux kernel for Raspberry Pi 2
- linux-snapdragon: Linux kernel for Snapdragon processors

Details:

Mohamed Ghannam discovered that a use-after-free vulnerability existed in
the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16939)

It was discovered that the Linux kernel did not properly handle copy-on-
write of transparent huge pages. A local attacker could use this to cause a
denial of service (application crashes) or possibly gain administrative
privileges. (CVE-2017-1000405)

Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array
implementation in the Linux kernel sometimes did not properly handle adding
a new entry. A local attacker could use this to cause a denial of service
(system crash). (CVE-2017-12193)

Andrey Konovalov discovered an out-of-bounds read in the GTCO digitizer USB
driver for the Linux kernel. A physically proximate attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-16643)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.4.0-1012-kvm 4.4.0-1012.17
linux-image-4.4.0-103-generic 4.4.0-103.126
linux-image-4.4.0-103-generic-lpae 4.4.0-103.126
linux-image-4.4.0-103-lowlatency 4.4.0-103.126
linux-image-4.4.0-103-powerpc-e500mc 4.4.0-103.126
linux-image-4.4.0-103-powerpc-smp 4.4.0-103.126
linux-image-4.4.0-103-powerpc64-emb 4.4.0-103.126
linux-image-4.4.0-103-powerpc64-smp 4.4.0-103.126
linux-image-4.4.0-1043-aws 4.4.0-1043.52
linux-image-4.4.0-1079-raspi2 4.4.0-1079.87
linux-image-4.4.0-1081-snapdragon 4.4.0-1081.86
linux-image-aws 4.4.0.1043.45
linux-image-generic 4.4.0.103.108
linux-image-generic-lpae 4.4.0.103.108
linux-image-kvm 4.4.0.1012.12
linux-image-lowlatency 4.4.0.103.108
linux-image-powerpc-e500mc 4.4.0.103.108
linux-image-powerpc-smp 4.4.0.103.108
linux-image-powerpc64-emb 4.4.0.103.108
linux-image-powerpc64-smp 4.4.0.103.108
linux-image-raspi2 4.4.0.1079.79
linux-image-snapdragon 4.4.0.1081.73

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://www.ubuntu.com/usn/usn-3509-1
CVE-2017-1000405, CVE-2017-12193, CVE-2017-16643, CVE-2017-16939

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-103.126
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1043.52
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1012.17
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1079.87
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1081.86

USN-3509-2: Linux kernel (Xenial HWE) vulnerabilities



=========================================================================Ubuntu Security Notice USN-3509-2
December 07, 2017

linux-lts-xenial, linux-aws vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

USN-3509-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.

Mohamed Ghannam discovered that a use-after-free vulnerability existed in
the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16939)

It was discovered that the Linux kernel did not properly handle copy-on-
write of transparent huge pages. A local attacker could use this to cause a
denial of service (application crashes) or possibly gain administrative
privileges. (CVE-2017-1000405)

Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array
implementation in the Linux kernel sometimes did not properly handle adding
a new entry. A local attacker could use this to cause a denial of service
(system crash). (CVE-2017-12193)

Andrey Konovalov discovered an out-of-bounds read in the GTCO digitizer USB
driver for the Linux kernel. A physically proximate attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-16643)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-4.4.0-1005-aws 4.4.0-1005.5
linux-image-4.4.0-103-generic 4.4.0-103.126~14.04.1
linux-image-4.4.0-103-generic-lpae 4.4.0-103.126~14.04.1
linux-image-4.4.0-103-lowlatency 4.4.0-103.126~14.04.1
linux-image-4.4.0-103-powerpc-e500mc 4.4.0-103.126~14.04.1
linux-image-4.4.0-103-powerpc-smp 4.4.0-103.126~14.04.1
linux-image-4.4.0-103-powerpc64-emb 4.4.0-103.126~14.04.1
linux-image-4.4.0-103-powerpc64-smp 4.4.0-103.126~14.04.1
linux-image-aws 4.4.0.1005.5
linux-image-generic-lpae-lts-xenial 4.4.0.103.86
linux-image-generic-lts-xenial 4.4.0.103.86
linux-image-lowlatency-lts-xenial 4.4.0.103.86
linux-image-powerpc-e500mc-lts-xenial 4.4.0.103.86
linux-image-powerpc-smp-lts-xenial 4.4.0.103.86
linux-image-powerpc64-emb-lts-xenial 4.4.0.103.86
linux-image-powerpc64-smp-lts-xenial 4.4.0.103.86

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://www.ubuntu.com/usn/usn-3509-2
https://www.ubuntu.com/usn/usn-3509-1
CVE-2017-1000405, CVE-2017-12193, CVE-2017-16643, CVE-2017-16939

Package Information:
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1005.5
https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-103.126~14.04.1

USN-3510-1: Linux kernel vulnerabilities


=========================================================================Ubuntu Security Notice USN-3510-1
December 08, 2017

linux vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel

Details:

Mohamed Ghannam discovered that a use-after-free vulnerability existed in
the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16939)

It was discovered that the Linux kernel did not properly handle copy-on-
write of transparent huge pages. A local attacker could use this to cause a
denial of service (application crashes) or possibly gain administrative
privileges. (CVE-2017-1000405)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-3.13.0-137-generic 3.13.0-137.186
linux-image-3.13.0-137-generic-lpae 3.13.0-137.186
linux-image-3.13.0-137-lowlatency 3.13.0-137.186
linux-image-3.13.0-137-powerpc-e500 3.13.0-137.186
linux-image-3.13.0-137-powerpc-e500mc 3.13.0-137.186
linux-image-3.13.0-137-powerpc-smp 3.13.0-137.186
linux-image-3.13.0-137-powerpc64-emb 3.13.0-137.186
linux-image-3.13.0-137-powerpc64-smp 3.13.0-137.186
linux-image-generic 3.13.0.137.146
linux-image-generic-lpae 3.13.0.137.146
linux-image-lowlatency 3.13.0.137.146
linux-image-powerpc-e500 3.13.0.137.146
linux-image-powerpc-e500mc 3.13.0.137.146
linux-image-powerpc-smp 3.13.0.137.146
linux-image-powerpc64-emb 3.13.0.137.146
linux-image-powerpc64-smp 3.13.0.137.146

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://www.ubuntu.com/usn/usn-3510-1
CVE-2017-1000405, CVE-2017-16939

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-137.186

USN-3510-2: Linux kernel (Trusty HWE) vulnerabilities



=========================================================================Ubuntu Security Notice USN-3510-2
December 08, 2017

linux-lts-trusty vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise ESM

Details:

USN-3510-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 ESM.

Mohamed Ghannam discovered that a use-after-free vulnerability existed in
the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16939)

It was discovered that the Linux kernel did not properly handle copy-on-
write of transparent huge pages. A local attacker could use this to cause a
denial of service (application crashes) or possibly gain administrative
privileges. (CVE-2017-1000405)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
linux-image-3.13.0-137-generic 3.13.0-137.186~precise1
linux-image-3.13.0-137-generic-lpae 3.13.0-137.186~precise1
linux-image-generic-lpae-lts-trusty 3.13.0.137.127
linux-image-generic-lts-trusty 3.13.0.137.127

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://www.ubuntu.com/usn/usn-3510-2
https://www.ubuntu.com/usn/usn-3510-1
CVE-2017-1000405, CVE-2017-16939

USN-3511-1: Linux kernel (Azure) vulnerabilities



=========================================================================Ubuntu Security Notice USN-3511-1
December 08, 2017

linux-azure vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems

Details:

Mohamed Ghannam discovered that a use-after-free vulnerability existed in
the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16939)

It was discovered that the Linux kernel did not properly handle copy-on-
write of transparent huge pages. A local attacker could use this to cause a
denial of service (application crashes) or possibly gain administrative
privileges. (CVE-2017-1000405)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.11.0-1016-azure 4.11.0-1016.16
linux-image-azure 4.11.0.1016.16

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://www.ubuntu.com/usn/usn-3511-1
CVE-2017-1000405, CVE-2017-16939

Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/4.11.0-1016.16