==========================================================================
Ubuntu Security Notice USN-3218-1
March 07, 2017
linux, linux-ti-omap4 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 12.04 LTS
Summary:
The system could be made to crash or run programs as an administrator.
Software Description:
– linux: Linux kernel
– linux-ti-omap4: Linux kernel for OMAP4
Details:
Alexander Popov discovered that the N_HDLC line discipline implementation
in the Linux kernel contained a double-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly gain
administrative privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
linux-image-3.2.0-124-generic 3.2.0-124.167
linux-image-3.2.0-124-generic-pae 3.2.0-124.167
linux-image-3.2.0-124-highbank 3.2.0-124.167
linux-image-3.2.0-124-omap 3.2.0-124.167
linux-image-3.2.0-124-powerpc-smp 3.2.0-124.167
linux-image-3.2.0-124-powerpc64-smp 3.2.0-124.167
linux-image-3.2.0-124-virtual 3.2.0-124.167
linux-image-3.2.0-1502-omap4 3.2.0-1502.129
linux-image-generic 3.2.0.124.139
linux-image-generic-pae 3.2.0.124.139
linux-image-highbank 3.2.0.124.139
linux-image-omap 3.2.0.124.139
linux-image-omap4 3.2.0.1502.97
linux-image-powerpc-smp 3.2.0.124.139
linux-image-powerpc64-smp 3.2.0.124.139
linux-image-virtual 3.2.0.124.139
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-3218-1
CVE-2017-2636
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.2.0-124.167
https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.2.0-1502.129
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJYv34hAAoJEC8Jno0AXoH0qGoP/1NjANEeYAR+dtmFCF2+lfEr
n1Epc116bG+aPvE/IrCQyGX3uLWHererO1d7Fz1TUHiiqrkqojGRNVQUHK9WWW6b
uQpf+Mptwm+qbWeo0t5z5xDbARosrarZzZt9TXy3x9QVsBt10F08RfEdXCqzgPS6
wYHx6qyuR2e0aFiVAg+RfzDSstCTwPSgG2x36oZJIZsLtBFn1pyhMlR8kS0FoTZD
+8EyrYrshaCb1mdsRq4E1zXqaQJwWN7IaT1M/s0AX+XykQFFkMPVBw3w8jQDtdVy
grL16ij53LslEYtvUyb5h2S/bJCOuECmSHKYAkE3SR5BLVIqfwqaWx6hA9iKAWLz
AF7ey+C0H1b8SzOtV1ddk+O7V4Rcw4VHEBPZx40PIjrVeUoIOd97OC2QsmYfJ+Ky
46Er4Veb0mwVAWPKH/Vx9zyuTwgJkWNzWlorxxu1GJ25TD1tBXPXNV6sbAHBELiY
YVElB+x/QpRVlodfyPtQsSV/DaoGj9fsvqnEhnCk768pYrFKTe8Mq3TwoeM36ogG
moXrP6FQWudZxUE4mbGTk/0RWmaYmClEI6YLEGfbH5XTMwo8PugRS40NfxWVR2/N
6Ioyapg01/+ZWt5AqgYmKnzzNz6E+f4lKL0bwHFIn54TpUFbCpWkZrrXKBYZFYAZ
gT5eGmVbroCGLQ2oPKwT
=P6r9
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-3220-1
March 08, 2017
linux, linux-gke, linux-raspi2, linux-snapdragon vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 LTS
Summary:
The system could be made to crash or run programs as an administrator.
Software Description:
– linux: Linux kernel
– linux-gke: Linux kernel for Google Container Engine (GKE) systems
– linux-raspi2: Linux kernel for Raspberry Pi 2
– linux-snapdragon: Linux kernel for Snapdragon Processors
Details:
Alexander Popov discovered that the N_HDLC line discipline implementation
in the Linux kernel contained a double-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly gain
administrative privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
linux-image-4.4.0-1005-gke 4.4.0-1005.6
linux-image-4.4.0-1046-raspi2 4.4.0-1046.53
linux-image-4.4.0-1050-snapdragon 4.4.0-1050.54
linux-image-4.4.0-66-generic 4.4.0-66.87
linux-image-4.4.0-66-generic-lpae 4.4.0-66.87
linux-image-4.4.0-66-lowlatency 4.4.0-66.87
linux-image-4.4.0-66-powerpc-e500mc 4.4.0-66.87
linux-image-4.4.0-66-powerpc-smp 4.4.0-66.87
linux-image-4.4.0-66-powerpc64-emb 4.4.0-66.87
linux-image-4.4.0-66-powerpc64-smp 4.4.0-66.87
linux-image-generic 4.4.0.66.70
linux-image-generic-lpae 4.4.0.66.70
linux-image-gke 4.4.0.1005.5
linux-image-lowlatency 4.4.0.66.70
linux-image-powerpc-e500mc 4.4.0.66.70
linux-image-powerpc-smp 4.4.0.66.70
linux-image-powerpc64-emb 4.4.0.66.70
linux-image-powerpc64-smp 4.4.0.66.70
linux-image-raspi2 4.4.0.1046.45
linux-image-snapdragon 4.4.0.1050.42
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-3220-1
CVE-2017-2636
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-66.87
https://launchpad.net/ubuntu/+source/linux-gke/4.4.0-1005.6
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1046.53
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1050.54
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJYv382AAoJEC8Jno0AXoH0H1wP/RILEcDY+vhWWBjbyEUKtQl7
gtowHKMwKtmVOJ5mwATlxVha7mApt56Bi2V3C/SJIYmBJBfl0AtElD/E+StB7zET
KzRAALY6XI8RfVu4M/BII4pYdAzN08qK/BYf6M3J240WZYX5Yk/GW3+YmS38XdZX
hqlZvWh/DQZKhNpVjodWKKEVdehsoteK273rYDOAWzHz9LUqruiamc/rVq7Yf7Bg
rTv/ylvafMtCFxaE3DFKLoWv2k3GvRO/bH/LUF+II1VD9nr2HAc7YWWnVMfuMiTX
eDJnh2osmkaNxLitaNkK1VwF1zjrKMxN8NcFsYQFZvjXsnWrMDZIMxPNbG3NyhuW
GtYgM68sSLUWf4px/ehUKVeBC+qeIi2tgvOrQpCrpHBHnaKP1T3l99LWEIyj74V3
+MTOvv5tqvfKnJvsP64PzNIP0bdWTa1OFdivrP9qQ7cy/au73CIaEAUr9teXdVpO
U4i4cKNUkHo4LyFmlyi3LaRgjk9PjScnyEdeooYk1Z4P5Ux3/oY5ZDkLZ632Emaw
OMRntEUWx3N21PVB2SVZ8Um1HlyEsuyzxrBIuTfdQ+c42y6PXpqKik9EpwmdRp5Z
hjadMoaKA6PhXPjoJ1yfpC3SPURXXq/Bpii/YkR0wiXncQK3ogDkvlsXDAEj1mVL
uJS5k3NfW4dKsOOoBgR+
=8lWP
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-3221-1
March 08, 2017
linux, linux-raspi2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.10
Summary:
The system could be made to crash or run programs as an administrator.
Software Description:
– linux: Linux kernel
– linux-raspi2: Linux kernel for Raspberry Pi 2
Details:
Alexander Popov discovered that the N_HDLC line discipline implementation
in the Linux kernel contained a double-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly gain
administrative privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.10:
linux-image-4.8.0-1028-raspi2 4.8.0-1028.31
linux-image-4.8.0-41-generic 4.8.0-41.44
linux-image-4.8.0-41-generic-lpae 4.8.0-41.44
linux-image-4.8.0-41-lowlatency 4.8.0-41.44
linux-image-4.8.0-41-powerpc-e500mc 4.8.0-41.44
linux-image-4.8.0-41-powerpc-smp 4.8.0-41.44
linux-image-4.8.0-41-powerpc64-emb 4.8.0-41.44
linux-image-generic 4.8.0.41.52
linux-image-generic-lpae 4.8.0.41.52
linux-image-lowlatency 4.8.0.41.52
linux-image-powerpc-e500mc 4.8.0.41.52
linux-image-powerpc-smp 4.8.0.41.52
linux-image-powerpc64-emb 4.8.0.41.52
linux-image-raspi2 4.8.0.1028.31
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-3221-1
CVE-2017-2636
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.8.0-41.44
https://launchpad.net/ubuntu/+source/linux-raspi2/4.8.0-1028.31
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJYv3+TAAoJEC8Jno0AXoH0un8P/RRF1VYDmdBlV0XBVVBDp2ym
cIZXEg5u4ihWUNFlZcZuO1V1SGe6WEVpOFfLKA5kiq6btASdrJpIi9eXVVV9I9jq
3W13LhdLrueWh0tHI2Mk2X4wLr4ZzgdAD8g/8htY21QyG29tGkRNxv0K5k60hVpe
CUcVTPRGQVdVv6YpFIto2CHbDaRIcjKuKjAwbbjvcjPmfPmv46QeORndHU99hA6K
n52wmDZkXPSve+MFROZa2vyOkcyVGziirQdXxARmf4n4IGnpZ25w/LVtrJTXKKhy
gxPeQ+58jLYT4X00TxBq3t3EWM4WpHCXpAVuxXpzKsORepZp9FaaybzVr0tuTCB+
sxT3agTufTxT1gvfFUCLBueo8r6IFplLK3Tfyaw1Im4ELg15bhs+ru0bvOinARba
LoG1/X6Ceg+iIXGQ3/Jycpm9IbOfDuJugTRRsihgSh2Bf4kAY6argD1pRAspVTCK
s1rwSEDhp4yR/N+gQTQgKg+tksFS4aE3v5wbF/fKvKFuOeGuZZpNGwShLVd1X26g
fOTMJRJ7CA3oAWBe0+9txUyM/Mil9CIwls0m2cNTIaml9KdKH/1SK2XgjvLpZFjo
b9BTVlTBTT4s+n7U6SxDbCi1ebMOfUQntlBrE+rWdSZvkO+6kWUx2kCJgfUpFY/7
G4TgJbvtjqOBo7P3fPCe
=qOn5
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-3219-1
March 07, 2017
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
Summary:
The system could be made to crash or run programs as an administrator.
Software Description:
– linux: Linux kernel
Details:
Alexander Popov discovered that the N_HDLC line discipline implementation
in the Linux kernel contained a double-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly gain
administrative privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-3.13.0-112-generic 3.13.0-112.159
linux-image-3.13.0-112-generic-lpae 3.13.0-112.159
linux-image-3.13.0-112-lowlatency 3.13.0-112.159
linux-image-3.13.0-112-powerpc-e500 3.13.0-112.159
linux-image-3.13.0-112-powerpc-e500mc 3.13.0-112.159
linux-image-3.13.0-112-powerpc-smp 3.13.0-112.159
linux-image-3.13.0-112-powerpc64-emb 3.13.0-112.159
linux-image-3.13.0-112-powerpc64-smp 3.13.0-112.159
linux-image-generic 3.13.0.112.120
linux-image-generic-lpae 3.13.0.112.120
linux-image-lowlatency 3.13.0.112.120
linux-image-powerpc-e500 3.13.0.112.120
linux-image-powerpc-e500mc 3.13.0.112.120
linux-image-powerpc-smp 3.13.0.112.120
linux-image-powerpc64-emb 3.13.0.112.120
linux-image-powerpc64-smp 3.13.0.112.120
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-3219-1
CVE-2017-2636
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-112.159
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJYv346AAoJEC8Jno0AXoH07vMP/Ajn9ZKb/Uc7js4v9gibaF0Q
oDve5Q/u1uGhoswgWbx/68N5nWLTD+S5jZ+uDZ1qHIchuyHKR56H98WdII3Uwyip
Frgq7R9EPMaYTMyov18dQHqN/mxtOJrjopx59wf7EA6AnVeir3c9yOAoNgrlE40H
ejPBwDEB9HzpiLtRydF1qT6vPvnkSi/EXFRSH0zStYYdA5P3J0XKr9zF0vGyzFdB
/LzFnCpUfbaBOcT0lItIs6uGdtZOuyjLlWuhDNcFCP5LDKeClJZpNsOZWKLZQVzH
VsYs5OWrrM4Y0i6151qV7jG+QBYdBnNixiFZSzISkSO4/a9aAF8kDs9dFM9AQNfY
isukGOFDXABFxNma/zrGNyRIkaQ8w2r2LKK1zeqzK87lTy6tt3iepP0eU/cgkI6F
gkoqhyvDO1stXjA1FjumIvK9ItP/nBOPEHJBmlVfEY3MbHLlaLr7KzVpvL5Af561
wu71c7vP6c7WgkErRlHsh3XM+r4flWR2TzJOBTVacfXLeMTHy4HXDexb+5MS4njX
gki5oG+lDlDSx3krNHLYioV/9Cv5rlrN2DTJ/Shv6PxV9AA6DLzyuxC8Sgcezcuo
xYNcvwZen8viTbO5sNqLV59v1ksxqaZCB6tvxB7wKOk+OMoSBn+AILqfdd1RpZUD
B5Kltvs2N6qLbV4FYQyT
=jjGP
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-3219-2
March 08, 2017
linux-lts-trusty vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 12.04 LTS
Summary:
The system could be made to crash or run programs as an administrator.
Software Description:
– linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise
Details:
USN-3219-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 LTS.
Alexander Popov discovered that the N_HDLC line discipline implementation
in the Linux kernel contained a double-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly gain
administrative privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
linux-image-3.13.0-112-generic 3.13.0-112.159~precise1
linux-image-3.13.0-112-generic-lpae 3.13.0-112.159~precise1
linux-image-generic-lpae-lts-trusty 3.13.0.112.103
linux-image-generic-lts-trusty 3.13.0.112.103
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-3219-2
http://www.ubuntu.com/usn/usn-3219-1
CVE-2017-2636
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-112.159~precise1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJYv36JAAoJEC8Jno0AXoH0YHIP/jGTHHPfZqe69zL5UcG4/E1S
Sc9AXu6XnO1b/RDbaVMporczdgtU6oTuhR40W9Z1TAzcbr7DrqlPcu5emKQs8EI2
eHfcGUI/fNf+rwiIYzI7r9cHysRo+cM2yVZnqe/IttMXY552h91lyafFYUrA0oyE
80lFq5xV8UVJh8w3GdyzKhcHwwnLE20/+K3fmoJPeOFJEGZH2QGbh/BF2YT67xFH
MTLNv2X6+jKdDj+qWZgLAnwFH07uJaVmaeQx6nM8jHDtJCJjuNkK7+NGb06KpELu
aktEe7jt6JAHKNZ7wMQTvSPEmAFjvms6Rg2Jj3Ca/xgzAB0923IvrR61KJocZu7z
23/CjY99HKYS6nsdAytgD14t9o2/6V8hL+uLFAH5fhRWy50gBEw4ErQew95cxRPI
2mFfIe62oF/SlolTIjW5Ocw1cuGDtl6jeuOXDWgiM4ZU/ZbqRDQhX9Zo/vgOEFh8
3sWH7Nu8P2B1owZOugMoC7ZtZym027KQb8gEg34NiUEumBvIL7jlwqqanYvatxZj
IpZMU+w+8cBd5zc64ax8uvQQ7t3NyzCcfNKGuhzoCCFRT2Z1qI2TAyfCb9qR3gE+
Zrf2B1CNXpYoZFPuX7kmCK5exNY74jDuaEXytBvQ8P8S5jA8nQ89DlF623ID7ngn
RsdH5dq/N9KnpLEOLWEZ
=3s2E
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-3220-2
March 08, 2017
linux-lts-xenial vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
Summary:
The system could be made to crash or run programs as an administrator.
Software Description:
– linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
USN-3220-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
Alexander Popov discovered that the N_HDLC line discipline implementation
in the Linux kernel contained a double-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly gain
administrative privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-4.4.0-66-generic 4.4.0-66.87~14.04.1
linux-image-4.4.0-66-generic-lpae 4.4.0-66.87~14.04.1
linux-image-4.4.0-66-lowlatency 4.4.0-66.87~14.04.1
linux-image-4.4.0-66-powerpc-e500mc 4.4.0-66.87~14.04.1
linux-image-4.4.0-66-powerpc-smp 4.4.0-66.87~14.04.1
linux-image-4.4.0-66-powerpc64-emb 4.4.0-66.87~14.04.1
linux-image-4.4.0-66-powerpc64-smp 4.4.0-66.87~14.04.1
linux-image-generic-lpae-lts-xenial 4.4.0.66.52
linux-image-generic-lts-xenial 4.4.0.66.52
linux-image-lowlatency-lts-xenial 4.4.0.66.52
linux-image-powerpc-e500mc-lts-xenial 4.4.0.66.52
linux-image-powerpc-smp-lts-xenial 4.4.0.66.52
linux-image-powerpc64-emb-lts-xenial 4.4.0.66.52
linux-image-powerpc64-smp-lts-xenial 4.4.0.66.52
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-3220-2
http://www.ubuntu.com/usn/usn-3220-1
CVE-2017-2636
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-66.87~14.04.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJYv39sAAoJEC8Jno0AXoH0zeQP/0OfBahpCHU/QovJEa2rpOOi
gVVQCxatp+qsHkDm1rjjM3qUo/nvyRhCVO2sYApCMvdd6rQJlIr8MMgWVhPlLQFA
g+Eva5tgHSdJqAWY/2cDDi9+YQUMGD6B7AtDYDJFhLJfSnTNl5Ns1qlhc6TDZgtV
+e+aYU1+uF+S9m/dY2AmY1y8XRVumhsCop6aYP3wRyDFjE+52p+VNtfPlzXmTWnR
aaBbOd2dHlJBFrpN6O1APkQ6XSRIlsw+gsvaNuxS0sPwm3Ak4qXosfl/q0GrJXBF
u4aLBsYG8B8f9UHWArdQG7bLzS3cbzEXFNaFyq5k0lCd9dW76TF6aYpIIhuFsoz1
CrfoWJbCN6lvcDqoebC0SXHQJhJB0kF5skkNkIaagWuLXAv+og7pzs5YinjU8PAh
1aOhH1le5Xfm8my65ZUp6GKm3Qvs0EknC4XE2tZyx7oYxFRk/IptlOwdd1BlaiUU
NQxmAaaWbw4BlyyYAJY3mw3zA4z67uvCwYrpDyHQLE0NE4SOPsKp+QdNGFswmXaf
X7rCjPFuH/JsO2or69vAC/FG+01aoEI206QxET3tQKEWUu/c7ShV+47Onkq7PMJ3
fVkzlxm62LbeRopNk8d0h3MWx5012PNAgYLbBVVOeGaIZY8tzT+uCxypJz5/Rzl3
eq5EHksr5bawJip78YQ3
=IWPa
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-3221-2
March 08, 2017
linux-hwe vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 LTS
Summary:
The system could be made to crash or run programs as an administrator.
Software Description:
– linux-hwe: Linux hardware enablement (HWE) kernel for Ubuntu 16.04 LTS
Details:
USN-3221-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS.
Alexander Popov discovered that the N_HDLC line discipline implementation
in the Linux kernel contained a double-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly gain
administrative privileges. (CVE-2017-2636)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
linux-image-4.8.0-41-generic 4.8.0-41.44~16.04.1
linux-image-4.8.0-41-generic-lpae 4.8.0-41.44~16.04.1
linux-image-4.8.0-41-lowlatency 4.8.0-41.44~16.04.1
linux-image-4.8.0-41-powerpc-e500mc 4.8.0-41.44~16.04.1
linux-image-4.8.0-41-powerpc-smp 4.8.0-41.44~16.04.1
linux-image-4.8.0-41-powerpc64-emb 4.8.0-41.44~16.04.1
linux-image-generic-hwe-16.04 4.8.0.41.12
linux-image-generic-lpae-hwe-16.04 4.8.0.41.12
linux-image-lowlatency-hwe-16.04 4.8.0.41.12
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
http://www.ubuntu.com/usn/usn-3221-2
http://www.ubuntu.com/usn/usn-3221-1
CVE-2017-2636
Package Information:
https://launchpad.net/ubuntu/+source/linux-hwe/4.8.0-41.44~16.04.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJYv3+zAAoJEC8Jno0AXoH0k4YP/0j9pSwf0Jb1gIi5wjf/5Zhj
CTbxVU6CkobO4JwRaKLyKfb5MhLWV/e4Fhegz/Hu6d8N0eoBNe72jZkZWQs3IoO8
W5yH8hB9vYHhy+s0SnGxm7jDRzEVogHZyYzvhAFC2QpPr1seeltSY5luqnxB1ddU
H1kZj6FXTjDRiUyJ38EL31hMMYn4lc42Ey5/dN/oLM8CftoeDxo43MdsR0zEVFsE
LTM2TYpjCIqaiXonaCNkvhAGaLXKz0poTVd8tdg3XOohHaD2Hg/O2VA9pc6DdiC6
XL3GIXkJ8I84TgWxTcEuMJLshV2s0DAYhNNqgZooiNpAYRSxfzZeAwNGPhb1dTdB
dxhI4t8aQYk10Gcgru8LqgOxxIP6BdNJzYM0OnEHCh7EihQn3QUUGjA87LAI6sJO
coWurZeexDmCwoclwk/y+AXW2AME4ru1yp8w+6VIottxQ2rgd7lJjnuY4jIOeRjB
Spd35BHC1EtiTIWkQzlyEKkTLFl6U5z3liun6fi/wBplL/kxW308hGew9aFOpR9H
oEzj0feCGvQLDwLUUP72R/gyLp8eIwQyXjtoKCDHegZtiSdw8U6dheymWq4FN907
0QXzWc8+oKL/9YvAsZHqdH+g8WB0AAoNFmLSaKzGH6lKFb17vIWhtjXrYe3qrO3w
trr3Fc5W5bJsmrszQkrS
=puWj
—–END PGP SIGNATURE—–
—