==========================================================================
Ubuntu Security Notice USN-3343-1
June 29, 2017
linux vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
– linux: Linux kernel
Details:
USN 3335-1 fixed a vulnerability in the Linux kernel. However, that
fix introduced regressions for some Java applications. This update
addresses the issue. We apologize for the inconvenience.
It was discovered that a use-after-free vulnerability in the core voltage
regulator driver of the Linux kernel. A local attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2014-9940)
It was discovered that a buffer overflow existed in the trace subsystem in
the Linux kernel. A privileged local attacker could use this to execute
arbitrary code. (CVE-2017-0605)
Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)
Li Qiang discovered that an integer overflow vulnerability existed in the
Direct Rendering Manager (DRM) driver for VMWare devices in the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2017-7294)
It was discovered that a double-free vulnerability existed in the IPv4
stack of the Linux kernel. An attacker could use this to cause a denial of
service (system crash). (CVE-2017-8890)
Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel’s IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)
Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel’s IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)
It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)
It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)
It was discovered that the IPv6 stack in the Linux kernel was performing
its over write consistency check after the data was actually overwritten. A
local attacker could exploit this flaw to cause a denial of service (system
crash). (CVE-2017-9242)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-3.13.0-123-generic 3.13.0-123.172
linux-image-3.13.0-123-generic-lpae 3.13.0-123.172
linux-image-3.13.0-123-lowlatency 3.13.0-123.172
linux-image-3.13.0-123-powerpc-e500 3.13.0-123.172
linux-image-3.13.0-123-powerpc-e500mc 3.13.0-123.172
linux-image-3.13.0-123-powerpc-smp 3.13.0-123.172
linux-image-3.13.0-123-powerpc64-emb 3.13.0-123.172
linux-image-3.13.0-123-powerpc64-smp 3.13.0-123.172
linux-image-generic 3.13.0.123.133
linux-image-generic-lpae 3.13.0.123.133
linux-image-lowlatency 3.13.0.123.133
linux-image-powerpc-e500 3.13.0.123.133
linux-image-powerpc-e500mc 3.13.0.123.133
linux-image-powerpc-smp 3.13.0.123.133
linux-image-powerpc64-emb 3.13.0.123.133
linux-image-powerpc64-smp 3.13.0.123.133
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://www.ubuntu.com/usn/usn-3343-1
https://www.ubuntu.com/usn/usn-3335-1
https://launchpad.net/bugs/1699772
CVE-2014-9940, CVE-2017-0605, CVE-2017-1000363, CVE-2017-7294,
CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076,
CVE-2017-9077, CVE-2017-9242
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-123.172
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJZVLTOAAoJEC8Jno0AXoH0UEsP/2Fk0PXOXe7KO7hjE/Y83Jdy
eNNxz0izvFfs9XLWI3wKDZyzX+GD039iACGs9K7fzYfB5hywKddmCiqJyo7Djoqk
5Ih+NO9zKdTUHfmzc/d9awMi83PDKAusS4GHmGTHIHZze0WEYJkfv6lZ3EeLWkG/
OqFd3AtiRlIwFsCsApEF3h85m58JePCfxexleO9hgFZQGe5PbWwLpUIzMtkpUqMg
aOxBgHihnSH8IoaBpRRVVD0SwIojqlwYrrWcyadNvRFVjVYP7ihQR9a1PVSvZ6zQ
vqx9sJ6THL8sYOQia0WMONvA9sBV/po/0+u/9xHYSzXU7a1UMoxyyfd79jnT6oKt
3zjkN5veS3ZU4RdAVtV80bclfJaAh1DzFCP9NyjgZtsRQh96vJmsJ3TaIpSjyvgi
lca8bUn8TSh0VFFGp2i94UScsA1j5+H3FFgPf0jh5khmCyTsPDIu6V7+6nds76y9
/DXlou5IsZjne6Jl0Eyj2j8yhkUPsH11AVZJ3v0AzFg0tKeWDz234on65dMSMNyg
w59E7qCDvhL33MZXuU41/tKb78YnU/EtY+XFkSDYELYJ5yAuHkmQ73ZLhFDDdpux
15vbuXOfLm1fYA+1G5jXiXoFinB+ymNXp2z6TeJwxiU2IN3mlHpffdWqaqoQ9pf5
8yIqrus8+Gmuj7bnFakj
=5457
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-3344-1
June 29, 2017
linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-gke: Linux kernel for Google Container Engine (GKE) systems
– linux-raspi2: Linux kernel for Raspberry Pi 2
– linux-snapdragon: Linux kernel for Snapdragon processors
Details:
USN 3328-1 fixed a vulnerability in the Linux kernel. However, that
fix introduced regressions for some Java applications. This update
addresses the issue. We apologize for the inconvenience.
Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)
A reference count bug was discovered in the Linux kernel ipx protocol
stack. A local attacker could exploit this flaw to cause a denial of
service or possibly other unspecified problems. (CVE-2017-7487)
It was discovered that a double-free vulnerability existed in the IPv4
stack of the Linux kernel. An attacker could use this to cause a denial of
service (system crash). (CVE-2017-8890)
Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel’s IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)
Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel’s IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)
It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)
It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)
It was discovered that the IPv6 stack in the Linux kernel was performing
its over write consistency check after the data was actually overwritten. A
local attacker could exploit this flaw to cause a denial of service (system
crash). (CVE-2017-9242)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
linux-image-4.4.0-1018-gke 4.4.0-1018.18
linux-image-4.4.0-1022-aws 4.4.0-1022.31
linux-image-4.4.0-1061-raspi2 4.4.0-1061.69
linux-image-4.4.0-1063-snapdragon 4.4.0-1063.68
linux-image-4.4.0-83-generic 4.4.0-83.106
linux-image-4.4.0-83-generic-lpae 4.4.0-83.106
linux-image-4.4.0-83-lowlatency 4.4.0-83.106
linux-image-4.4.0-83-powerpc-e500mc 4.4.0-83.106
linux-image-4.4.0-83-powerpc-smp 4.4.0-83.106
linux-image-4.4.0-83-powerpc64-emb 4.4.0-83.106
linux-image-4.4.0-83-powerpc64-smp 4.4.0-83.106
linux-image-aws 4.4.0.1022.25
linux-image-generic 4.4.0.83.89
linux-image-generic-lpae 4.4.0.83.89
linux-image-gke 4.4.0.1018.20
linux-image-lowlatency 4.4.0.83.89
linux-image-powerpc-e500mc 4.4.0.83.89
linux-image-powerpc-smp 4.4.0.83.89
linux-image-powerpc64-emb 4.4.0.83.89
linux-image-powerpc64-smp 4.4.0.83.89
linux-image-raspi2 4.4.0.1061.62
linux-image-snapdragon 4.4.0.1063.56
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://www.ubuntu.com/usn/usn-3344-1
https://www.ubuntu.com/usn/usn-3328-1
https://launchpad.net/bugs/1699772
CVE-2017-1000363, CVE-2017-7487, CVE-2017-8890, CVE-2017-9074,
CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-83.106
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1022.31
https://launchpad.net/ubuntu/+source/linux-gke/4.4.0-1018.18
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1061.69
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1063.68
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJZVLVVAAoJEC8Jno0AXoH04MwP/0pDHL4fGk4cfV2r18d3zQtj
PvnR8kv0jzt13OJG/qFjfbCAlwvl7B0gNO0ntByOPGcQFELOt51e4e5CVZt0gha1
dhl/LuLyck9D+Qq0L9U3DDLe8v+1Wl6UE3wKZdv9TrAn8M4Uvk8iEwaM6NDU9+0k
bF6mBULEU1MmpnAkoQKFEhOFHKOlXKUJjaXhYbiw6i6dHlbjF4A2PsEXXllPL57A
UgOl7i/9vfdAo+7FiAKB6CTVgRg70yoXDyVYol2EEhf6Cc1dp21pftg96FHdZvzJ
kqziKlg97YQ1MiGRLt4v3wcqKBnJrB57syWXN9ioFvHtoYl+QYR6XIVsfU1/mdkT
cKf868VdMSMQPLdJyT3FJrejSAMiRIW8OI4FJNqZP7dhXuTrAeo19dsYi6ubNJiW
DiqWxYfaWEdTfGViXXhVrb25esyhwh77+NDXIHozt2ZkVqNcdebKMoy+AUqYOu3e
GtIPH491jHAznxzIGobL8OHFuoNXVhkGhrG5KaKHDnuHi1ng6GErGozH5wket6ha
5pPkFYCpvbUjj2Q61bJV6JO2dTsQ5ggI15OUt128XtFWCbKC1mwFaa7ad1KbRexa
xTMbS+PIld7ov9Cl2tX25g/45byBFxAsoRdsEZ793w/R5rDQdK6rASXREgh3hbNJ
IoFneDdyxtTPNB0JNjNB
=27NG
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-3342-1
June 29, 2017
linux, linux-raspi2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.10
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
– linux: Linux kernel
– linux-raspi2: Linux kernel for Raspberry Pi 2
Details:
USN 3326-1 fixed a vulnerability in the Linux kernel. However, that
fix introduced regressions for some Java applications. This update
addresses the issue. We apologize for the inconvenience.
It was discovered that a use-after-free flaw existed in the filesystem
encryption subsystem in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash). (CVE-2017-7374)
Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)
Ingo Molnar discovered that the VideoCore DRM driver in the Linux kernel
did not return an error after detecting certain overflows. A local attacker
could exploit this issue to cause a denial of service (OOPS).
(CVE-2017-5577)
Li Qiang discovered that an integer overflow vulnerability existed in the
Direct Rendering Manager (DRM) driver for VMWare devices in the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2017-7294)
It was discovered that a double-free vulnerability existed in the IPv4
stack of the Linux kernel. An attacker could use this to cause a denial of
service (system crash). (CVE-2017-8890)
Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel’s IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)
Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel’s IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)
It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)
It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)
It was discovered that the IPv6 stack in the Linux kernel was performing
its over write consistency check after the data was actually overwritten. A
local attacker could exploit this flaw to cause a denial of service (system
crash). (CVE-2017-9242)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.10:
linux-image-4.8.0-1042-raspi2 4.8.0-1042.46
linux-image-4.8.0-58-generic 4.8.0-58.63
linux-image-4.8.0-58-generic-lpae 4.8.0-58.63
linux-image-4.8.0-58-lowlatency 4.8.0-58.63
linux-image-4.8.0-58-powerpc-e500mc 4.8.0-58.63
linux-image-4.8.0-58-powerpc-smp 4.8.0-58.63
linux-image-4.8.0-58-powerpc64-emb 4.8.0-58.63
linux-image-generic 4.8.0.58.71
linux-image-generic-lpae 4.8.0.58.71
linux-image-lowlatency 4.8.0.58.71
linux-image-powerpc-e500mc 4.8.0.58.71
linux-image-powerpc-smp 4.8.0.58.71
linux-image-powerpc64-emb 4.8.0.58.71
linux-image-powerpc64-smp 4.8.0.58.71
linux-image-raspi2 4.8.0.1042.46
linux-image-virtual 4.8.0.58.71
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://www.ubuntu.com/usn/usn-3342-1
https://www.ubuntu.com/usn/usn-3326-1
https://launchpad.net/bugs/1699772
CVE-2017-1000363, CVE-2017-5577, CVE-2017-7294, CVE-2017-7374,
CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076,
CVE-2017-9077, CVE-2017-9242
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.8.0-58.63
https://launchpad.net/ubuntu/+source/linux-raspi2/4.8.0-1042.46
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJZVLSUAAoJEC8Jno0AXoH0xyAP/0Gv3+6gEIQtQxw4DXT2Lx/W
9vQXHpHid7dvC1cSErTLgSKl9oGmQGdVsN4oGqaqLKJCIDnCEZ55fhdAfvHgdKWl
F0nkrE0Sn2VUYEcPOxJamoDhyQj2w/jqOvWGllVdVQfe5/pmPJHh4LvfvdrZqrir
NEld3x1slrp1nn914Pu8Yiknv1dAiXV5TuL9iNQEZfD0N0AfKfhizyPZzpQfJV1w
BKbAY/r6nWaN6RDxX3Rb/j47uk0hJXnlIm4cVWpitZ9rSKr2Ipf5hun6ZVI2Bg5Z
xN0VExEs7YD/9aj/0KVlIOi7noIN/b0Y0XwOg/AyeknhNbAnappybqwjSxz3UNcw
XLmx03M32FHAOvXwQEN9e0KZiSxIetKb0Qohy9xqD6xj4HGfr9G1Yzu6zjVXgzxy
QyEIT0Zsit7s2SpvdePc2WM7+cJTA9qishgL/BQlKIKl6XVuk7F3BuWvThGCQxCC
CpeBio/WmiYVlV/k65a08mfk3OPPGhkXvQj5yoICwdhkBDsjLADUhwPAZR1HLTB4
GSaQHaJIeDQ2oHcLY9cfW+wrdbUATCyFYgZrT2utnAYRYC/o1OT1U51xYwh4R0Dm
u+KUS+qBkUmZ7GnPCRCBjX+95Mrnp+OqCLJEaWcVf8t3F2R3oFx2slseyZFMiZj8
RkTcQGr/s+gmCn8mnrTb
=hKL6
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-3344-2
June 29, 2017
linux-lts-xenial vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
– linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
USN-3344-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
USN 3334-1 fixed a vulnerability in the Linux kernel. However, that
fix introduced regressions for some Java applications. This update
addresses the issue. We apologize for the inconvenience.
Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)
A reference count bug was discovered in the Linux kernel ipx protocol
stack. A local attacker could exploit this flaw to cause a denial of
service or possibly other unspecified problems. (CVE-2017-7487)
It was discovered that a double-free vulnerability existed in the IPv4
stack of the Linux kernel. An attacker could use this to cause a denial of
service (system crash). (CVE-2017-8890)
Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel’s IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)
Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel’s IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)
It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)
It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)
It was discovered that the IPv6 stack in the Linux kernel was performing
its over write consistency check after the data was actually overwritten. A
local attacker could exploit this flaw to cause a denial of service (system
crash). (CVE-2017-9242)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-4.4.0-83-generic 4.4.0-83.106~14.04.1
linux-image-4.4.0-83-generic-lpae 4.4.0-83.106~14.04.1
linux-image-4.4.0-83-lowlatency 4.4.0-83.106~14.04.1
linux-image-4.4.0-83-powerpc-e500mc 4.4.0-83.106~14.04.1
linux-image-4.4.0-83-powerpc-smp 4.4.0-83.106~14.04.1
linux-image-4.4.0-83-powerpc64-emb 4.4.0-83.106~14.04.1
linux-image-4.4.0-83-powerpc64-smp 4.4.0-83.106~14.04.1
linux-image-generic-lpae-lts-xenial 4.4.0.83.68
linux-image-generic-lts-xenial 4.4.0.83.68
linux-image-lowlatency-lts-xenial 4.4.0.83.68
linux-image-powerpc-e500mc-lts-xenial 4.4.0.83.68
linux-image-powerpc-smp-lts-xenial 4.4.0.83.68
linux-image-powerpc64-emb-lts-xenial 4.4.0.83.68
linux-image-powerpc64-smp-lts-xenial 4.4.0.83.68
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://www.ubuntu.com/usn/usn-3344-2
https://www.ubuntu.com/usn/usn-3344-1
https://www.ubuntu.com/usn/usn-3334-1
https://launchpad.net/bugs/1699772
CVE-2017-1000363, CVE-2017-7487, CVE-2017-8890, CVE-2017-9074,
CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-83.106~14.04.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJZVLbbAAoJEC8Jno0AXoH0aP8P/ivtGeS4Tdxh76Wlm2RMyf++
DAJB56vDRkZLgMaHK0+DqrwIc7TP7H8MT7+zUlXBWWshLHrdcoIWUmw8m1BwtJA+
cs45OXkLWJXnoGL3VELsHHi36xBKbNJ5LhFSwVuF9nIhpKygmDTr0bxdVNZfKV3e
bihC1YLIRhzs2uQwreshy0UKHHrfZjQ+sumh8OjpNisJBfAoAUUgmPJVHHq08ra9
aeB2ZOR1A6LdjdAxcioTobTG9k91mMRMblzzEWkpajL/Y6h/ztgdXftNHn7UEqlf
7/hW22U/EEmSLQVKwmvp9ivxBfgW1aLWpBh4BHVycyECImbZMVQ7CaYo7KHZkQ7I
Trlm/AVoy841VxCKya8kB1daazuAonEx289PoJFC8aw1JV9Wi4tIFWKt5PBy/pm4
E26BdWM8t0QGP+81+V+fEKnXqDk986o4oi17bii7uSWS12/ea7o+kVwBLO/uz0MZ
MARRmregxyK7dqUbnVJQFTYjLsrML1q878l7mNNw+q473+dnaX5y3ukdAp+g+XcE
k6BeNyEshRVlZNpSi1zTvyABal7jT0SNl+K4WPrqh0kUBoG08RT4jK69NCP4MmFi
HPpX78cJrZyZPgAsBs4GRs4a9MCr5d3QrHHnK8ZxwNLg6M2dhNsnSYpuHJgY8K4f
mX6k5wqjvdxuD5qaKBFd
=2MwU
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-3345-1
June 29, 2017
linux, linux-raspi2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 17.04
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
– linux: Linux kernel
– linux-raspi2: Linux kernel for Raspberry Pi 2
Details:
USN 3324-1 fixed a vulnerability in the Linux kernel. However, that
fix introduced regressions for some Java applications. This update
addresses the issue. We apologize for the inconvenience.
Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)
It was discovered that a double-free vulnerability existed in the IPv4
stack of the Linux kernel. An attacker could use this to cause a denial of
service (system crash). (CVE-2017-8890)
Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel’s IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)
Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel’s IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)
It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)
It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)
Jann Horn discovered that bpf in Linux kernel does not restrict the output
of the print_bpf_insn function. A local attacker could use this to obtain
sensitive address information. (CVE-2017-9150)
It was discovered that the IPv6 stack in the Linux kernel was performing
its over write consistency check after the data was actually overwritten. A
local attacker could exploit this flaw to cause a denial of service (system
crash). (CVE-2017-9242)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
linux-image-4.10.0-1010-raspi2 4.10.0-1010.13
linux-image-4.10.0-26-generic 4.10.0-26.30
linux-image-4.10.0-26-generic-lpae 4.10.0-26.30
linux-image-4.10.0-26-lowlatency 4.10.0-26.30
linux-image-generic 4.10.0.26.28
linux-image-generic-lpae 4.10.0.26.28
linux-image-lowlatency 4.10.0.26.28
linux-image-raspi2 4.10.0.1010.12
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://www.ubuntu.com/usn/usn-3345-1
https://www.ubuntu.com/usn/usn-3324-1
https://launchpad.net/bugs/1699772
CVE-2017-1000363, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075,
CVE-2017-9076, CVE-2017-9077, CVE-2017-9150, CVE-2017-9242
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.10.0-26.30
https://launchpad.net/ubuntu/+source/linux-raspi2/4.10.0-1010.13
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJZVMmKAAoJEC8Jno0AXoH0uWUP/1JEAp42fclbgtHAYN0uXenh
4UmU+8AndnJfsbAN5C9G2LVIMIZWUOLHwyqeo4Tv/5IwZbOb+FfZIY9Mnd0sRZn8
BRML4vsi5l3rZ4QgidS595uirIH1azV18mZ2qliXJDrer8Pbd8msiw0jfd8S/4/5
iUt4DCojtvJO4F5IjQtBsztAWYHRrrTbIX4VuD5Zz+IrN9MZ0HagCBHXXx4Nzp68
0w30YoZwIEMW9qRjOv+mLJbK8eXsjHmTN3on/hscDULwnbHmnfurEXFtd7UAv9j+
k8SSD8ifDrAtWLWLjFJz0iI3cBOfTMQyeS6qtQqjB3bRs5+oO3MHRvMA8LKmw2rM
TF9b2Xih4ZDRshhxi2S90vsIaXGaOpH9eFee4+RxAIzmOohxTcIjXedCtyvJh5vy
dduA1f/6A0s24dKSshhZSGeEEViryoHiF9MI+VWhSszlqHxohRlEHPUa1oGHRo0N
qhXH5wTV8UzR2zMBQRWxFhMcXamfnQxYFoZDfoVMAIUG0sJS0TM1O3FiRPCJCzPN
W0AVUNj0xtmPrp2NTWjaO+viDbt/q/x9YJlDRsjWG/wiA5+mgXMP3LB0CIVmuYor
f4it3RWsx5GwyRMhiADf1EXO/PM/hCchYquJhqYhBAT9o3Fq/BMMVTVDRBkXuG75
qVDOtB1aTbchya7Acf5J
=wLHM
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-3343-2
June 29, 2017
linux-lts-trusty vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
– linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise
Details:
USN 3343-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 ESM.
USN 3335-2 fixed a vulnerability in the Linux kernel. However, that
fix introduced regressions for some Java applications. This update
addresses the issue. We apologize for the inconvenience.
It was discovered that a use-after-free vulnerability in the core voltage
regulator driver of the Linux kernel. A local attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2014-9940)
It was discovered that a buffer overflow existed in the trace subsystem in
the Linux kernel. A privileged local attacker could use this to execute
arbitrary code. (CVE-2017-0605)
Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)
Li Qiang discovered that an integer overflow vulnerability existed in the
Direct Rendering Manager (DRM) driver for VMWare devices in the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2017-7294)
It was discovered that a double-free vulnerability existed in the IPv4
stack of the Linux kernel. An attacker could use this to cause a denial of
service (system crash). (CVE-2017-8890)
Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel’s IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)
Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel’s IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)
It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)
It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)
It was discovered that the IPv6 stack in the Linux kernel was performing
its over write consistency check after the data was actually overwritten. A
local attacker could exploit this flaw to cause a denial of service (system
crash). (CVE-2017-9242)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
linux-image-3.13.0-123-generic 3.13.0-123.172~precise1
linux-image-3.13.0-123-generic-lpae 3.13.0-123.172~precise1
linux-image-generic-lpae-lts-trusty 3.13.0.123.114
linux-image-generic-lts-trusty 3.13.0.123.114
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://www.ubuntu.com/usn/usn-3343-2
https://www.ubuntu.com/usn/usn-3343-1
https://www.ubuntu.com/usn/usn-3335-2
https://launchpad.net/bugs/1699772
CVE-2014-9940, CVE-2017-0605, CVE-2017-1000363, CVE-2017-7294,
CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076,
CVE-2017-9077, CVE-2017-9242
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJZVMnhAAoJEC8Jno0AXoH0048P/3WmldWcQcY/YWy2P25QKti3
RD1F1sz58UGwp3wcVAu9j3PU/GAnQM6q91GSWBjbiWbsru9vndLC25W2T8kLLMK3
fh6zAhK7HaI1vYNQrGkr4DmEFbcvm2sRMscWXQ2FKBkwHVifYWrQHGWO3rUII0x8
0tTQMaExEim2EAMJH3snki6OWWTiPeEqBgZkxu3wbr6OtylNC1hj4FRUZ++hyx5D
J/tQce1zE6pC4TuIktOt3tiWb7/K0SRPdzkeodHNOrCzGxFKlVmqKnfBLln3CxDk
RbzIuG4wmXIlgKJ+sxlioRw4QW1DT8HliuI4r+8lerQg469l81ROgsxM1iUbmaIC
mgZlgjGUX0B3fKj3EOST/W65oYpI3XGgAQo7mBLj+hwyjKZ4vH71350sKYtYVqck
UP3J5+Og3bHYJRC7ZigCo/Aoxam/uwnp7dfT1PE9qmFE881Hb9ohz4S9EvLkk5+E
NDbK2+DOVJ/AQ8X2/o+rO1A+gacqA52WWSBX86pkW1nGCYYqIFozYmKyFtgTTwRx
k/hunHA4cAlbtdzC+Q/Wn6/aGjX+G19IHJuz2U2Ya2m7z+5J0wi46wMov6ogJ5zL
sPrEkJZvveZCOaC39EUqhFwvvtzJmbL+thxCkoxT3Py2j6R/PonkBb31KJHGgY6g
YFL8zQbjZSTY05IsgLTq
=ZbCK
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-3338-2
June 29, 2017
linux regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
– linux: Linux kernel
Details:
USN-3338-1 fixed vulnerabilities in the Linux kernel. However, the fix
for CVE-2017-1000364 introduced regressions for some Java applications.
This update addresses the issue. We apologize for the inconvenience.
Original advisory details:
It was discovered that the stack guard page for processes in the Linux
kernel was not sufficiently large enough to prevent overlapping with the
heap. An attacker could leverage this with another vulnerability to execute
arbitrary code and gain administrative privileges (CVE-2017-1000364)
Jesse Hertz and Tim Newsham discovered that the Linux netfilter
implementation did not correctly perform validation when handling 32 bit
compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local
unprivileged attacker could use this to cause a denial of service (system
crash) or execute arbitrary code with administrative privileges.
(CVE-2016-4997)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
linux-image-3.2.0-129-generic 3.2.0-129.174
linux-image-3.2.0-129-generic-pae 3.2.0-129.174
linux-image-3.2.0-129-highbank 3.2.0-129.174
linux-image-3.2.0-129-omap 3.2.0-129.174
linux-image-3.2.0-129-powerpc-smp 3.2.0-129.174
linux-image-3.2.0-129-powerpc64-smp 3.2.0-129.174
linux-image-3.2.0-129-virtual 3.2.0-129.174
linux-image-generic 3.2.0.129.143
linux-image-generic-pae 3.2.0.129.143
linux-image-highbank 3.2.0.129.143
linux-image-omap 3.2.0.129.143
linux-image-powerpc 3.2.0.129.143
linux-image-powerpc-smp 3.2.0.129.143
linux-image-powerpc64-smp 3.2.0.129.143
linux-image-virtual 3.2.0.129.143
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://www.ubuntu.com/usn/usn-3338-2
https://www.ubuntu.com/usn/usn-3338-1
https://launchpad.net/bugs/1699772
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJZVMmyAAoJEC8Jno0AXoH0RGYP/0lQaNboOJUQT5dU2Bz+96Qz
B1lFyL+utx/hRFk3nWCbJCjafb3QV6jxVs0KZZ9i6XALmXa3x+wVSJwx0Xx9WpqP
0SSXaRZxkYwteJfFKl/BlGo72NN1nlh2P7BRjgraJWHPf1ZoDtdQInrTBlJ0ogTe
g6NXgNsvF93UnHckrF1fc3gZI4LNOfkFjN73wjWg05MiIRx6blT9vuCcVuTD5/00
dCJcf6ZknVU4auipi7DnBkW8HN7H+kak5hAi3whcYmHYTIPNgtasRTtUDAHSSOGZ
hfUPgh/o/vsGnOjwea2FS/DymPncp+rq5B9faX/WO+mvryYSCqrVxTV+eblCUGOU
bK+OcLwCcqbjOfgj9uCLHPrqhdzgZrPtaOfQty189zeJcEmeIKRnSCRiA8FA/Vw0
EkL10ApFPvfXcSn7zOU31VAsyd0aD0/D2XrXLqAqTIp7dxGojSh6YC5dJzqOXGvm
U2wP2rqxzLRMR1H8FAZ29Kkca5InLa4JlLGlxl5eSaR6B1i95w2c2iJWAPk41o6Z
xejiPiMoJOZK6dG+aAjwGaqQXRZSP/cY+KR5KcYfCBA7T9t7ilwkNkHXkNugZa6L
BMR5VB4jYKbo14H4958KLoKGYkNw6YDqFhfWAaHtcXpeuDitXbY5Et9RjOs/2MoI
YMEOI6oVXjLqTR14taIn
=w2NG
—–END PGP SIGNATURE—–
—
==========================================================================
Ubuntu Security Notice USN-3342-2
June 29, 2017
linux-hwe vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
– linux-hwe: Linux hardware enablement (HWE) kernel
Details:
USN-3342-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS.
USN-3333-1 fixed a vulnerability in the Linux kernel. However, that
fix introduced regressions for some Java applications. This update
addresses the issue. We apologize for the inconvenience.
It was discovered that a use-after-free flaw existed in the filesystem
encryption subsystem in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash). (CVE-2017-7374)
Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)
Ingo Molnar discovered that the VideoCore DRM driver in the Linux kernel
did not return an error after detecting certain overflows. A local attacker
could exploit this issue to cause a denial of service (OOPS).
(CVE-2017-5577)
Li Qiang discovered that an integer overflow vulnerability existed in the
Direct Rendering Manager (DRM) driver for VMWare devices in the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2017-7294)
It was discovered that a double-free vulnerability existed in the IPv4
stack of the Linux kernel. An attacker could use this to cause a denial of
service (system crash). (CVE-2017-8890)
Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel’s IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)
Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel’s IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)
It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)
It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)
It was discovered that the IPv6 stack in the Linux kernel was performing
its over write consistency check after the data was actually overwritten. A
local attacker could exploit this flaw to cause a denial of service (system
crash). (CVE-2017-9242)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
linux-image-4.8.0-58-generic 4.8.0-58.63~16.04.1
linux-image-4.8.0-58-generic-lpae 4.8.0-58.63~16.04.1
linux-image-4.8.0-58-lowlatency 4.8.0-58.63~16.04.1
linux-image-generic-hwe-16.04 4.8.0.58.29
linux-image-generic-lpae-hwe-16.04 4.8.0.58.29
linux-image-lowlatency-hwe-16.04 4.8.0.58.29
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://www.ubuntu.com/usn/usn-3342-2
https://www.ubuntu.com/usn/usn-3342-1
https://www.ubuntu.com/usn/usn-3333-1
https://launchpad.net/bugs/1699772
CVE-2017-1000363, CVE-2017-5577, CVE-2017-7294, CVE-2017-7374,
CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076,
CVE-2017-9077, CVE-2017-9242
Package Information:
https://launchpad.net/ubuntu/+source/linux-hwe/4.8.0-58.63~16.04.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJZVUn/AAoJEC8Jno0AXoH0CWEP/j970DfqZSVdxMDmh5Ghalnc
AMTAtt2vjS7H2jqugotCmjZHFYba+g3qVHbTiq8brVhqpabLVJ8BnyFHF2V2Ht+m
wkQOG4f+jDB0jPp0kqpV8SSt7DQlYopa50pVMsCMKEVZfaoC1RBDv3OJgWYxeiBg
C2O9eVslWbqz4+S4RtJVxM6J3GEyt6tCsgelGP4oSpf7L6KVzdkAMMQrpwxB4UeB
pb9b7uwM+EmFFM1WWlC/6FFkNrM5hyhozAJZcF1/rReTECMfDhVrcotn5NZhc0TC
cMFix17mX+S3Lo1yJfs5h1ouT+GfWJgrfA14pmqpib4Vx79LqOjZ0GEB64VANNr3
2JSX0zrU9ErjogHXdSpnCZ73QJU2IzLnJsLAQ4a3hynkDlISkKIY94mpZcV2Q7eY
x5s/w0bTsowEA06psMHgYlfFnHR+3+aJ3b4vx7Uwq9jfsUiqiW9pDbgU4r5gN0an
xiU6nI88gtMmyrVd1+GUnrCiyKb2BqnppIRACLcz4RSFClZrJ6Vr6zK7Z43dxMef
hnE5kDnfFWUrTkw8Q6tsvZdevMnnF+VvBGOHzneDiLan5+0TeWP8j4nXAfwj/dZP
eGtWSEROGRz99+UVsucxpuDCLczKMTGx133tl6NDmkKAWVNYb9ciGZD6VW5zdHdu
uOSk/1sirvrd7j4rEeQb
=zg9f
—–END PGP SIGNATURE—–
–