==========================================================================
Ubuntu Security Notice USN-3443-1
October 10, 2017
linux, linux-raspi2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 17.04
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
– linux: Linux kernel
– linux-raspi2: Linux kernel for Raspberry Pi 2
Details:
It was discovered that on the PowerPC architecture, the kernel did not
properly sanitize the signal stack when handling sigreturn(). A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-1000255)
Andrey Konovalov discovered that a divide-by-zero error existed in the TCP
stack implementation in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash). (CVE-2017-14106)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
linux-image-4.10.0-1019-raspi2 4.10.0-1019.22
linux-image-4.10.0-37-generic 4.10.0-37.41
linux-image-4.10.0-37-generic-lpae 4.10.0-37.41
linux-image-4.10.0-37-lowlatency 4.10.0-37.41
linux-image-generic 4.10.0.37.37
linux-image-generic-lpae 4.10.0.37.37
linux-image-lowlatency 4.10.0.37.37
linux-image-powerpc-e500mc 4.10.0.37.37
linux-image-powerpc-smp 4.10.0.37.37
linux-image-powerpc64-emb 4.10.0.37.37
linux-image-powerpc64-smp 4.10.0.37.37
linux-image-raspi2 4.10.0.1019.20
linux-image-virtual 4.10.0.37.37
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://www.ubuntu.com/usn/usn-3443-1
CVE-2017-1000255, CVE-2017-14106
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.10.0-37.41
https://launchpad.net/ubuntu/+source/linux-raspi2/4.10.0-1019.22
—–BEGIN PGP SIGNATURE—–
iQIcBAABCgAGBQJZ3SXbAAoJEC8Jno0AXoH00/MP/jOGRWb44dpkFnWudYe53Yu5
B6aBvX5MXWRx/b4vk5MXvJtNM/TPCzu+IXS06dT3wj+nBowdlGpC3Zfr3z5LyW6t
7rP7WpcPdGZ0ucCHdRS+pYjoRZkLUkgN/I6GCkrthye/q7xH/DSZuutpPgIsiC/4
7irPv42qnrh2+8gSbVYgD4QJAZi90MOLCbEqP3NzoTtsJYCDghW9HfXWAkKGNG3R
3C9aHKJL64eon+5PsO3FK5LyJTGcu2ZI0bcCSGrzmb78Bx7xMAMeMPFf1NwU9obH
vwIZL1m2TBfbyPHysv2qJvo/ZrGxWbzea4h8yVmS0/2Dw8ymZH6qHk58ZLUPS4Sv
kkESjO5SPBaSXEScJAHXmidp5bUAhZhNiDnj10qhWM2xdjXvYikCnzELOy9DS0jG
BBRvTqJRnjpwVYRT3vE68mI89iQ8FUNeNcTojv9CxwSdYUUn/4rZNSnDy/D268Hs
M/f2Gb3CHvbKcrdpJAb1LyKd9Un7H8OAdv6shVPdOyE7mMqSTB0SZZijr7XGxo5c
Im0JvU7IWHlDUVtysi1rd5M9VMaEqopQmKdt3hQmA9T1k4YnFJ8bg6Fq1E6QkhUs
E7obCu0z0cFMWZZXxlC2gRhgRizJprrxCSyStsoxn5nyamlCkugL9C/ZWX0wx4JF
hoSqqosyaGiJlPNCz/Hz
=N80u
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-3443-2
October 10, 2017
linux-hwe vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
– linux-hwe: Linux hardware enablement (HWE) kernel
Details:
USN-3443-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS.
It was discovered that on the PowerPC architecture, the kernel did not
properly sanitize the signal stack when handling sigreturn(). A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-1000255)
Andrey Konovalov discovered that a divide-by-zero error existed in the TCP
stack implementation in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash). (CVE-2017-14106)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
linux-image-4.10.0-37-generic 4.10.0-37.41~16.04.1
linux-image-4.10.0-37-generic-lpae 4.10.0-37.41~16.04.1
linux-image-4.10.0-37-lowlatency 4.10.0-37.41~16.04.1
linux-image-generic-hwe-16.04 4.10.0.37.39
linux-image-generic-lpae-hwe-16.04 4.10.0.37.39
linux-image-lowlatency-hwe-16.04 4.10.0.37.39
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://www.ubuntu.com/usn/usn-3443-2
https://www.ubuntu.com/usn/usn-3443-1
CVE-2017-1000255, CVE-2017-14106
Package Information:
https://launchpad.net/ubuntu/+source/linux-hwe/4.10.0-37.41~16.04.1
—–BEGIN PGP SIGNATURE—–
iQIcBAABCgAGBQJZ3SYBAAoJEC8Jno0AXoH0WgoP/3BcOHl/XThuJ0JrIeEZEke0
mI2Od1mW9q2HND3dHq6100R4D67JVyJHrnqeWczw2uZveJpwhPKnYJcKndwb8R15
OGYpcfAh9l66HZM9/fUbyRzOaXlO8lSy5UY6VMKez2JHEZfZEUiUIU4on1eeeeI+
4wjSmPAZzkUSgBW+NaQdhmXCByFZ7btJhVnIvuUQYU9JUCAHxDXX7uFn7nAYRWgf
2UAd5SA9dyzHXSG1PhKW62rawZPKzA2Gb18FxtDCPHMvgio1tzDn5RbyE4lGs3vc
6IxNffmAbV8GlM2FSdRG8hFamazUr3LJ8nTcAJH39AoDDLDyLBhVyo0Ulewffh1B
1gnpWXbOUM620F+Nk6c//hWVMiB+HOQTi4O+YlSKdRzkj0OLR+8oDQg9J+tC/G+e
vkrfAkQ2mrDlTynBrDl4wR1dSLSEy0gRxcXAUcrH3T2o8nvHFVkEJvxUAPK0Mo54
5rx5DNy8l12SFMg+E3m9CgLa44zU7Z5IUzd2+hRcuXTBTXe/oBpihujLoxtAYoGy
ZTv3iMAaU7QvcJNpyPOb9ZVdLtp2gc9fApmD29YgPPEP3dZHvfqxEwvxw2aYBiHe
X1i/BHlFaHXjE9y0KCOpCUEFurWnHxsOxuBt/Ku4Pgz/x8jxRQP3GDQLbb/qVTTR
mmZeSUpoQJExCxe08GYw
=PDmY
—–END PGP SIGNATURE—–
—