==========================================================================
Kernel Live Patch Security Notice LSN-0013-1
November 30, 2016
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu:
| Series | Base kernel | Arch | flavors |
|——————+————–+———-+——————|
| Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic |
| Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency |
Summary:
Several security issues were fixed in the kernel.
Software Description:
– linux: Linux kernel
Details:
Ondrej Kozina discovered that the keyring interface in the Linux kernel
contained a buffer overflow when displaying timeout events via the
/proc/keys interface. A local attacker could use this to cause a denial of
service (system crash). (CVE-2016-7042)
Dmitry Vyukov discovered a use-after-free vulnerability during error
processing in the recvmmsg(2) implementation in the Linux kernel. A remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2016-7117)
Marco Grassi discovered that the driver for Areca RAID Controllers in the
Linux kernel did not properly validate control messages. A local attacker
could use this to cause a denial of service (system crash) or possibly gain
privileges. (CVE-2016-7425)
Daxing Guo discovered a stack-based buffer overflow in the Broadcom
IEEE802.11n FullMAC driver in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash) or possibly gain
privileges. (CVE-2016-8658)
Update instructions:
The problem can be corrected by updating your livepatches to the following
versions:
| Kernel | Version | flavors |
|—————–+———-+————————–|
| 4.4.0-21.37 | 14.1 | generic, lowlatency |
| 4.4.0-22.39 | 14.1 | generic, lowlatency |
| 4.4.0-22.40 | 14.1 | generic, lowlatency |
| 4.4.0-24.43 | 14.1 | generic, lowlatency |
| 4.4.0-28.47 | 14.1 | generic, lowlatency |
| 4.4.0-31.50 | 14.1 | generic, lowlatency |
| 4.4.0-34.53 | 14.1 | generic, lowlatency |
| 4.4.0-36.55 | 14.1 | generic, lowlatency |
| 4.4.0-38.57 | 14.1 | generic, lowlatency |
| 4.4.0-42.62 | 14.1 | generic, lowlatency |
| 4.4.0-43.63 | 14.1 | generic, lowlatency |
| 4.4.0-45.66 | 14.1 | generic, lowlatency |
| 4.4.0-47.68 | 14.1 | generic, lowlatency |
Additionally, you should install an updated kernel with these fixes and
reboot at your convienience.
References:
CVE-2016-7042, CVE-2016-7117, CVE-2016-7425, CVE-2016-8658
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBAgAGBQJYPxedAAoJENt0rrj9ziT8UT0P/1aKv+2TkAcsftdZTVpGyq3Z
e5RFE0bMQxUgqhblZzIMUcAA+2XykkspGNJlQJaUy15q2b45g3mi3vWd3mjuRe8M
BKoOmIxjq8LIuS53pLVoAtxV2FmTAMSovUeouWpE4R5hGyE5PzjDb+Xgw+9zXdrM
t9YboD0Jr9hGIPXpNUb6ILRwFDOsTD/nhdZwNhwJeqSCxxv2/Rbol9N4BPz+vFa7
MKfAINaplQpIYojESik+N2BHtjtTkrmZ+mjsl6/2XGp33CBhLKvSfbBxZNUwnl6o
WhaZZTb0WSSv7w/W3GMJHUzNmfdD4alZgPumnenncINdY/4Q3FxKGedW3TKzc+aw
0BCTtkCUPTFawahbjHFEijxCBWoyEi7nGtDxAok9ievie6Z3yVV2TKKip3wXxElw
i/p0E0UHcfSbKkc7i9DGeWAlATKZ9Ttiiu5/LiDMhqn/GUQlsd1y/sgqXMgQ8TqE
vhDQMlDyv/MIlqB0A6a1bpGNazS/hF/r7JxizFkGBmuA9W6Zb5uFVcZpt05g8hWh
72WAUSU6Mvv0c3qoL3V09N4pStpDEtuoq9l8Pl1KxYfDvGg0oT9IRveP28VN3xaR
JJtbEdymDlJSCG/qZvE9/ZB1n2cNWNYoKdOGq9eNUPFvEJvXzATPdlbrVMoH70YD
xj5i+/qa1MEdKJcwt35o
=t7Ww
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-3146-1
November 30, 2016
linux vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
– linux: Linux kernel
Details:
It was discovered that the __get_user_asm_ex implementation in the Linux
kernel for x86/x86_64 contained extended asm statements that were
incompatible with the exception table. A local attacker could use this to
gain administrative privileges. (CVE-2016-9644)
Andreas Gruenbacher and Jan Kara discovered that the filesystem
implementation in the Linux kernel did not clear the setgid bit during a
setxattr call. A local attacker could use this to possibly elevate group
privileges. (CVE-2016-7097)
Marco Grassi discovered that the driver for Areca RAID Controllers in the
Linux kernel did not properly validate control messages. A local attacker
could use this to cause a denial of service (system crash) or possibly gain
privileges. (CVE-2016-7425)
Daxing Guo discovered a stack-based buffer overflow in the Broadcom
IEEE802.11n FullMAC driver in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash) or possibly gain
privileges. (CVE-2016-8658)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
linux-image-4.4.0-51-generic 4.4.0-51.72
linux-image-4.4.0-51-generic-lpae 4.4.0-51.72
linux-image-4.4.0-51-lowlatency 4.4.0-51.72
linux-image-4.4.0-51-powerpc-e500mc 4.4.0-51.72
linux-image-4.4.0-51-powerpc-smp 4.4.0-51.72
linux-image-4.4.0-51-powerpc64-emb 4.4.0-51.72
linux-image-4.4.0-51-powerpc64-smp 4.4.0-51.72
linux-image-generic 4.4.0.51.54
linux-image-generic-lpae 4.4.0.51.54
linux-image-lowlatency 4.4.0.51.54
linux-image-powerpc-e500mc 4.4.0.51.54
linux-image-powerpc-smp 4.4.0.51.54
linux-image-powerpc64-emb 4.4.0.51.54
linux-image-powerpc64-smp 4.4.0.51.54
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-3146-1
CVE-2016-7097, CVE-2016-7425, CVE-2016-8658, CVE-2016-9644
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-51.72
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJYPz0GAAoJEC8Jno0AXoH0sj8QAIFqMSN8Yj+4vjRiEfFOJ5tM
b3YBmU67G20pdPA6g+e/p6AJ7ESTUPNR0iWClspVd/D6k26p5xDRV1o365vpQE2e
/yHVnEXVapJO1GDRQDFsymSGq4WQefl6qx/9u3nYODGqDDhV0iENPdX8/AqYDr0c
5Ayjka5QiLZNtXqOWtFSgelQFD1X5wJQye1fmUGINNPeVZFjY0iL4TMuJPCXPogo
MFKzDtNbgZQDnaozLnO8Bn+ZNElEXgVWCQMRp/I2XuUjVK8ojfRRJaclYh/u5lwx
Nf9KujM+qmNOmUP7cO8HgV9yv2KurOkHleWOi5PM9Xkp3RDzP0ESx8BUFPC/0lbF
xaUcUx8dopD4kcW7dsZcDwVd9/ngPS0baRw6UgutYt+zc53LjyZWg5WkSSDEZLMO
bwzLO7mAgQiSnDXhOID2mbuQ1Ge3ZYKoMXDpPFXLnsj0y5+CSmGlbzqdnIesu1xD
M45AUhyAfK/j8gZohhN6t0ZOnR+h/XwPMp1wHKZY0ZRUnywKl5vfAkDEH8i8QWWB
zhTNK4BBG6cy1pGzjhU2I6hP6r9ML62ebXDaXq35f7Ls6vPQmRx8NM7Oz/3jdLVL
+hREIJwfyBc1jHwCQLHSdcHUcOHslNKv5jhFNAXf7V819VdHlBMaIVPDXV9pmCjJ
s87xuHIuTbl+zKqdR1Mu
=n9kw
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-3146-2
November 30, 2016
linux-lts-xenial vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
– linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
USN-3146-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
It was discovered that the __get_user_asm_ex implementation in the Linux
kernel for x86/x86_64 contained extended asm statements that were
incompatible with the exception table. A local attacker could use this to
gain administrative privileges. (CVE-2016-9644)
Andreas Gruenbacher and Jan Kara discovered that the filesystem
implementation in the Linux kernel did not clear the setgid bit during a
setxattr call. A local attacker could use this to possibly elevate group
privileges. (CVE-2016-7097)
Marco Grassi discovered that the driver for Areca RAID Controllers in the
Linux kernel did not properly validate control messages. A local attacker
could use this to cause a denial of service (system crash) or possibly gain
privileges. (CVE-2016-7425)
Daxing Guo discovered a stack-based buffer overflow in the Broadcom
IEEE802.11n FullMAC driver in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash) or possibly gain
privileges. (CVE-2016-8658)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-4.4.0-51-generic 4.4.0-51.72~14.04.1
linux-image-4.4.0-51-generic-lpae 4.4.0-51.72~14.04.1
linux-image-4.4.0-51-lowlatency 4.4.0-51.72~14.04.1
linux-image-4.4.0-51-powerpc-e500mc 4.4.0-51.72~14.04.1
linux-image-4.4.0-51-powerpc-smp 4.4.0-51.72~14.04.1
linux-image-4.4.0-51-powerpc64-emb 4.4.0-51.72~14.04.1
linux-image-4.4.0-51-powerpc64-smp 4.4.0-51.72~14.04.1
linux-image-generic-lpae-lts-xenial 4.4.0.51.38
linux-image-generic-lts-xenial 4.4.0.51.38
linux-image-lowlatency-lts-xenial 4.4.0.51.38
linux-image-powerpc-e500mc-lts-xenial 4.4.0.51.38
linux-image-powerpc-smp-lts-xenial 4.4.0.51.38
linux-image-powerpc64-emb-lts-xenial 4.4.0.51.38
linux-image-powerpc64-smp-lts-xenial 4.4.0.51.38
linux-image-virtual-lts-xenial 4.4.0.51.38
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-3146-2
http://www.ubuntu.com/usn/usn-3146-1
CVE-2016-7097, CVE-2016-7425, CVE-2016-8658, CVE-2016-9644
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-51.72~14.04.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJYPz02AAoJEC8Jno0AXoH0k4UP/RRnxLpy4yHawJJJlCKY9Wnw
SoolI2b6yKTqrwYhEklF+lPQ90yHKuHiJAoCGv3iLbZ5dn3eB5YFa8b22rJI4srF
SBOgZir4WIWOJl5Li4/2U7fQuQKH3HYWBDDTDXTcMHkCwNiZWExnqKOS63kl7OB/
gBl8/dGbbPhkXdinwg9BnqzdwkZXLilMs2Fr1S2GmMOkaOxQCJFLk6R66VQh1PCi
XzHLQbmUZ72I4rQS4Fji2+9AuVpzbCJ5JnQd7438WhA/GZymXR9MsXSnl44ercd2
r3HguZkxGxKQ9jC55tL+jsp+5TKRKovoPZmgE/6C1eWoouly/j165ltcn3sD0Pry
QBmjIIoyJOvoqrcaB0nvFuNenJH9aM8or4iNIvQiOcm7eeH96TkamirVxVG0Im15
eJ9/uP/ojkbx5YAVQc8gKUojXzW9LXJsmOQ0IHUjdz9TgC3NT8PZjTeRB9to5Bik
RxGntW/PVmVZvXIrFqiYm6kC/H6Z01pbsDxgDd3kiMp2pgreZROP/19yBrIQeq8w
dba2SYStUT3H6iEDL74p1a6Hw+Jhl9xsI61/q+zqne2jOeXQ4vtMqeVirkt1yd+9
RHBcammZmY8Hd+KvfG5LAKAt9AoaXkA0Dl0p4IbwcT5xlGcU6WJsXC3RhAIspMDr
88pufMAtyf00Xm8ji9Dj
=CG2I
—–END PGP SIGNATURE—–
—