==========================================================================
Ubuntu Security Notice USN-3507-1
December 07, 2017
linux, linux-raspi2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 17.10
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
– linux: Linux kernel
– linux-raspi2: Linux kernel for Raspberry Pi 2
Details:
Mohamed Ghannam discovered that a use-after-free vulnerability existed in
the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16939)
It was discovered that the Linux kernel did not properly handle copy-on-
write of transparent huge pages. A local attacker could use this to cause a
denial of service (application crashes) or possibly gain administrative
privileges. (CVE-2017-1000405)
Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array
implementation in the Linux kernel sometimes did not properly handle adding
a new entry. A local attacker could use this to cause a denial of service
(system crash). (CVE-2017-12193)
Eric Biggers discovered that the key management subsystem in the Linux
kernel did not properly restrict adding a key that already exists but is
uninstantiated. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2017-15299)
It was discovered that a null pointer dereference error existed in the
PowerPC KVM implementation in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash). (CVE-2017-15306)
Eric Biggers discovered a race condition in the key management subsystem of
the Linux kernel around keys in a negative state. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-15951)
Andrey Konovalov discovered that the USB subsystem in the Linux kernel did
not properly validate USB BOS metadata. A physically proximate attacker
could use this to cause a denial of service (system crash).
(CVE-2017-16535)
Andrey Konovalov discovered an out-of-bounds read in the GTCO digitizer USB
driver for the Linux kernel. A physically proximate attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-16643)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.10:
linux-image-4.13.0-1008-raspi2 4.13.0-1008.8
linux-image-4.13.0-19-generic 4.13.0-19.22
linux-image-4.13.0-19-generic-lpae 4.13.0-19.22
linux-image-4.13.0-19-lowlatency 4.13.0-19.22
linux-image-generic 4.13.0.19.20
linux-image-generic-lpae 4.13.0.19.20
linux-image-lowlatency 4.13.0.19.20
linux-image-raspi2 4.13.0.1008.6
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://www.ubuntu.com/usn/usn-3507-1
CVE-2017-1000405, CVE-2017-12193, CVE-2017-15299, CVE-2017-15306,
CVE-2017-15951, CVE-2017-16535, CVE-2017-16643, CVE-2017-16939
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.13.0-19.22
https://launchpad.net/ubuntu/+source/linux-raspi2/4.13.0-1008.8
—–BEGIN PGP SIGNATURE—–
iQIcBAABCgAGBQJaKdvsAAoJEC8Jno0AXoH0qAcP/1bs4YAr7k4gywAZ6YKn79Gh
dTvn5OyzVtpb1pYM1nFHjBxtHEFMFZ6JNhnHvj7nthWcYYRzF6T1R3XTpTDaZKCx
4DjJ2inwXhnXQU6JeLC5cgHM+e9tgoAGLnIy0dFaMta9ebXJDNzk6co5hfSdgMuF
JYCNkQXGvnqusUMCSaKqyl48HiYzsuA9h8NRUWky8qcirD38xInRu2K6OKx96peR
XtmxjTf2z5Enex/3huRB5qnYBUkXA3ISmhPYQCbixhjsH3SLBUoptU1z3XHFXJAz
Uhf4CTxZIYdr7nRL0Kw9raG7S2hhyrrODfzIjALL1cbKlYOdjFOgd7v98yG45uDR
bTvZfaY8bGlV9DscjcIfUNxapiiUZXIcY6FQNsfh4iJMIHEX6xYj03G/R6+Naf9Q
7hA3Q8WMa4EHTPDej+Dkj7dQQCzZoBRWeKIZvfan58nhN8xvh3g7gIcm4J/YBUVh
IKPK9jAPsVKMK3BjbSU5TU+NljdPLk/1LMqmfSmaz33g0dFr/Nxew0NHa8PJV7og
/ZlOTgF16QcnGrZDUBRQQA0Pl6FOmvCIkXeZNiFpNniaG2Szzw5ZDkLA/BgrzZzz
QBFIuYiNZuRDh6aI11yBb/r+2ip6cjMCbQmZPMcHVVvXO6dboclZvStjxzo1I86s
1MNhnOP+nlUEOyABG6GX
=qG7F
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-3508-1
December 07, 2017
linux, linux-raspi2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 17.04
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
– linux: Linux kernel
– linux-raspi2: Linux kernel for Raspberry Pi 2
Details:
Mohamed Ghannam discovered that a use-after-free vulnerability existed in
the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16939)
It was discovered that the Linux kernel did not properly handle copy-on-
write of transparent huge pages. A local attacker could use this to cause a
denial of service (application crashes) or possibly gain administrative
privileges. (CVE-2017-1000405)
Yonggang Guo discovered that a race condition existed in the driver
subsystem in the Linux kernel. A local attacker could use this to possibly
gain administrative privileges. (CVE-2017-12146)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
linux-image-4.10.0-1023-raspi2 4.10.0-1023.26
linux-image-4.10.0-42-generic 4.10.0-42.46
linux-image-4.10.0-42-generic-lpae 4.10.0-42.46
linux-image-4.10.0-42-lowlatency 4.10.0-42.46
linux-image-generic 4.10.0.42.42
linux-image-generic-lpae 4.10.0.42.42
linux-image-lowlatency 4.10.0.42.42
linux-image-raspi2 4.10.0.1023.24
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://www.ubuntu.com/usn/usn-3508-1
CVE-2017-1000405, CVE-2017-12146, CVE-2017-16939
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.10.0-42.46
https://launchpad.net/ubuntu/+source/linux-raspi2/4.10.0-1023.26
—–BEGIN PGP SIGNATURE—–
iQIcBAABCgAGBQJaKdv6AAoJEC8Jno0AXoH0+00P/i5P9B3WxSYre1JOzSaiV/mA
MPACS8+iBkwzUOM5t2YyTSNXIdb6U6T8rHeXkw7YMYot2IaGV3xYy8iQ+ydFkq7A
WGU0x77hgRdN63Yo0Zjha+farOLc6wQWJuHRvBcwEQS/KX1veJW1Vc6WkwKCGLm6
VmPbAAf3OWXs3bgQU6gT7bp/sWZkUPjtcJTX4Gyqpjy5+xoqoIXnUF6XtYZkUmPW
kZU4myHRD5VINyZpFXSyrFShO+48A+tXongvtUCQ83tH11UwxGCf6IG1ntO3/0ci
dTRSep/2LalQPQitQtnyrkn8Uiisw45pWil9e8RXm4biJBpfQP8XOR/RIr1EyiQA
7Gs2hMZNo5Mzyi0Af8B/byYmI6EM6eZ9rpVecMvtAJWSnY2GxSi15/b2ysNzJ0wX
xFWPOZvmHxCKGWJVQBTiWE6d+PB67pOmxbcjtpSPUnHG+x0aEWJ6oO2N3fEFpHYt
K5881SHjC+ZQal1ELFylY/RFX9fNoYemtTSMMYjCDZExB/YGvp5+AWSQ5Zy7Ey5H
2F1NzCO2+yUav5dM3YwntyPhkMCUkDmfaMlh5T1Kxp4PF1FV71+wwPdRCYiTIGCZ
4QcDNhGcRc6vcO43Q97uqk7MCvLs+gWxsFjtiLyxJNFRd4gDY0Te8AT/IdSTi/1V
HuK3hbBInPln68+QMF/p
=efxv
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-3509-1
December 07, 2017
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-kvm: Linux kernel for cloud environments
– linux-raspi2: Linux kernel for Raspberry Pi 2
– linux-snapdragon: Linux kernel for Snapdragon processors
Details:
Mohamed Ghannam discovered that a use-after-free vulnerability existed in
the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16939)
It was discovered that the Linux kernel did not properly handle copy-on-
write of transparent huge pages. A local attacker could use this to cause a
denial of service (application crashes) or possibly gain administrative
privileges. (CVE-2017-1000405)
Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array
implementation in the Linux kernel sometimes did not properly handle adding
a new entry. A local attacker could use this to cause a denial of service
(system crash). (CVE-2017-12193)
Andrey Konovalov discovered an out-of-bounds read in the GTCO digitizer USB
driver for the Linux kernel. A physically proximate attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-16643)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
linux-image-4.4.0-1012-kvm 4.4.0-1012.17
linux-image-4.4.0-103-generic 4.4.0-103.126
linux-image-4.4.0-103-generic-lpae 4.4.0-103.126
linux-image-4.4.0-103-lowlatency 4.4.0-103.126
linux-image-4.4.0-103-powerpc-e500mc 4.4.0-103.126
linux-image-4.4.0-103-powerpc-smp 4.4.0-103.126
linux-image-4.4.0-103-powerpc64-emb 4.4.0-103.126
linux-image-4.4.0-103-powerpc64-smp 4.4.0-103.126
linux-image-4.4.0-1043-aws 4.4.0-1043.52
linux-image-4.4.0-1079-raspi2 4.4.0-1079.87
linux-image-4.4.0-1081-snapdragon 4.4.0-1081.86
linux-image-aws 4.4.0.1043.45
linux-image-generic 4.4.0.103.108
linux-image-generic-lpae 4.4.0.103.108
linux-image-kvm 4.4.0.1012.12
linux-image-lowlatency 4.4.0.103.108
linux-image-powerpc-e500mc 4.4.0.103.108
linux-image-powerpc-smp 4.4.0.103.108
linux-image-powerpc64-emb 4.4.0.103.108
linux-image-powerpc64-smp 4.4.0.103.108
linux-image-raspi2 4.4.0.1079.79
linux-image-snapdragon 4.4.0.1081.73
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://www.ubuntu.com/usn/usn-3509-1
CVE-2017-1000405, CVE-2017-12193, CVE-2017-16643, CVE-2017-16939
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-103.126
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1043.52
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1012.17
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1079.87
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1081.86
—–BEGIN PGP SIGNATURE—–
iQIcBAABCgAGBQJaKdwnAAoJEC8Jno0AXoH0Q6EP/ja4fPDelMLTXzsgOAkD3uXi
70Btj2/5WZwhK3VOih1LdQVkFVz8OfRGyzC7JB2lJC5ioKlshtXXAMkfe24cZfZU
iaSAOWNY+ryxbs7M9zzRMnE7X2rCikeHlwCfHWWCN3NWcg52WdREzm4Rr7+2IGlo
XJOe0AO6KrTc5PRgI4DV8rgZBibQXCIMF0fUUWCoRbFUwRJqwW4qn53ENGYRYIY3
PZ9ZuNI5UhGMoeizJuz/ablOtGEWkWUIVzD374iui26CgfHkqjGRm6lpKTf+fosh
fx8qMqfQLF1pmaIQ/sm0XIHLQ4vkPX6H+ztQNizO6LVNXIi5VFUdXA33lyLujDSJ
7iQtqm3OHQrTZYaJg+RJuLGjRQadmTQFEFkOCflgdsiCiHds/CxPZffm6v6Cp/U2
Iq9/OlUSA/SJDIpIxCccuE3j4cobS2i+noAEjKZwA1IwMIwlMuS0T358YwUjQPun
2lx4aOoZv66bHG5MOJsTGbCYFVSuNfWmXtDIXQMxtnnUBCwgtUl0lm1bEZ4WTg4K
tjRhGalGBAt04SqC89lbkwXjaswMLBqGR6JxsAe5CUdX/nHIotDAqdVDM9KcJ5OM
JrbybsDylHPWYfMZO7+OlQIsBuyRFKYOgk8KwLMRA7MJDhlafSJ5SBp4asBOuCmf
yNNffZwC5Gkj0CY9sX4A
=XL4C
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-3510-1
December 08, 2017
linux vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
– linux: Linux kernel
Details:
Mohamed Ghannam discovered that a use-after-free vulnerability existed in
the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16939)
It was discovered that the Linux kernel did not properly handle copy-on-
write of transparent huge pages. A local attacker could use this to cause a
denial of service (application crashes) or possibly gain administrative
privileges. (CVE-2017-1000405)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
linux-image-3.13.0-137-generic 3.13.0-137.186
linux-image-3.13.0-137-generic-lpae 3.13.0-137.186
linux-image-3.13.0-137-lowlatency 3.13.0-137.186
linux-image-3.13.0-137-powerpc-e500 3.13.0-137.186
linux-image-3.13.0-137-powerpc-e500mc 3.13.0-137.186
linux-image-3.13.0-137-powerpc-smp 3.13.0-137.186
linux-image-3.13.0-137-powerpc64-emb 3.13.0-137.186
linux-image-3.13.0-137-powerpc64-smp 3.13.0-137.186
linux-image-generic 3.13.0.137.146
linux-image-generic-lpae 3.13.0.137.146
linux-image-lowlatency 3.13.0.137.146
linux-image-powerpc-e500 3.13.0.137.146
linux-image-powerpc-e500mc 3.13.0.137.146
linux-image-powerpc-smp 3.13.0.137.146
linux-image-powerpc64-emb 3.13.0.137.146
linux-image-powerpc64-smp 3.13.0.137.146
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://www.ubuntu.com/usn/usn-3510-1
CVE-2017-1000405, CVE-2017-16939
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-137.186
—–BEGIN PGP SIGNATURE—–
iQIcBAABCgAGBQJaKdxJAAoJEC8Jno0AXoH0SYQP/3USeHotbUNOiSGUR+T1Ptj8
9zzO8tsppOzrz1B5gujFYK72L9buAAlPxnpe2mcOvqNmYyeTpOFgVR7RQzsVNED1
FYVz3W9TFVYh+QJMl/HlkphohJUncphWTFQafMtLDYTwW0tAjlZsjQ3FGcFK4kDI
ztC7q155kUPiUYUcPjeOg9DIvl5MBRWcegY0K6bAYFFN6FxERkh0lYgnoVHSx9z4
F9YFKx1k3vfdcPyEltY/fj3DVbrr0OxrZBVnUEcrVxA5KxedPl/lzu2LL6QpFuj+
o6scdfGR9Khe0AtmTiQkHkPGH3rRNza+GcL/qVHDNNL6IvoFsjk8rlC7WfLYExd1
o34dI4ucklElQKOmNqFJENPLq1VgK3xWudd1gtvdc3k3jgwQXUmP96jA2ffFIAoi
Dx16OIRMcRsaMUepggJFDpndKIEfheyQoZ6i1Ii3q8ri2Fv/xZOiduiMZvy5ppH5
wRnSKsAN9kIIplpK2lniOgDBo1fpkDO1s2S9MHAdLHst4JlLSA6A40fUrFhjRMav
qdRXBl7V80ezmoTxB5/zD7r+q6b7oxxOdObS2rFGSNEQX7C4EAdXnhAWzV7WRtft
vWLnQpY9qXlUAoCwg4ImcDcvm46jNKNyPgWWOHm1rCT7vtPxgb93LJhjolTOfcPr
H7xa9Fl2ORRQSdxPrOYf
=ArOi
—–END PGP SIGNATURE—–
—