You are here
Home > Preporuke > Sigurnosni nedostaci jezgre operacijskog sustava

Sigurnosni nedostaci jezgre operacijskog sustava

==========================================================================
Ubuntu Security Notice USN-3540-1
January 23, 2018

linux, linux-aws, linux-euclid vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

Several security issues were addressed in the Linux kernel.

Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-euclid: Linux kernel for Intel Euclid systems

Details:

Jann Horn discovered that microprocessors utilizing speculative
execution and branch prediction may allow unauthorized memory
reads via sidechannel attacks. This flaw is known as Spectre. A
local attacker could use this to expose sensitive information,
including kernel memory. This update provides mitigations for the
i386 (CVE-2017-5753 only), amd64, ppc64el, and s390x architectures.
(CVE-2017-5715, CVE-2017-5753)

USN-3522-1 mitigated CVE-2017-5754 (Meltdown) for the amd64
architecture in Ubuntu 16.04 LTS. This update provides the
corresponding mitigations for the ppc64el architecture. Original
advisory details:

Jann Horn discovered that microprocessors utilizing speculative
execution and indirect branch prediction may allow unauthorized memory
reads via sidechannel attacks. This flaw is known as Meltdown. A local
attacker could use this to expose sensitive information, including
kernel memory. (CVE-2017-5754)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.4.0-1049-aws 4.4.0-1049.58
linux-image-4.4.0-112-generic 4.4.0-112.135
linux-image-4.4.0-112-generic-lpae 4.4.0-112.135
linux-image-4.4.0-112-lowlatency 4.4.0-112.135
linux-image-4.4.0-112-powerpc-e500mc 4.4.0-112.135
linux-image-4.4.0-112-powerpc-smp 4.4.0-112.135
linux-image-4.4.0-112-powerpc64-emb 4.4.0-112.135
linux-image-4.4.0-112-powerpc64-smp 4.4.0-112.135
linux-image-4.4.0-9023-euclid 4.4.0-9023.24
linux-image-aws 4.4.0.1049.51
linux-image-euclid 4.4.0.9023.24
linux-image-generic 4.4.0.112.118
linux-image-generic-lpae 4.4.0.112.118
linux-image-lowlatency 4.4.0.112.118
linux-image-powerpc-e500mc 4.4.0.112.118
linux-image-powerpc-smp 4.4.0.112.118
linux-image-powerpc64-emb 4.4.0.112.118
linux-image-powerpc64-smp 4.4.0.112.118

Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2)
requires corresponding processor microcode/firmware updates or,
in virtual environments, hypervisor updates. On i386 and amd64
architectures, the IBRS and IBPB features are required to enable the
kernel mitigations. Ubuntu is working with Intel and AMD to provide
future microcode updates that implement IBRS and IBPB as they are made
available. Ubuntu users with a processor from a different vendor should
contact the vendor to identify necessary firmware updates. Ubuntu
will provide corresponding QEMU updates in the future for users of
self-hosted virtual environments in coordination with upstream QEMU.
Ubuntu users in cloud environments should contact the cloud provider
to confirm that the hypervisor has been updated to expose the new
CPU features to virtual machines.

After a standard system update you need to reboot your computer to
apply the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3540-1
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-112.135
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1049.58
https://launchpad.net/ubuntu/+source/linux-euclid/4.4.0-9023.24

—–BEGIN PGP SIGNATURE—–

iQIcBAABCgAGBQJaZpBwAAoJEC8Jno0AXoH0J/UP/3motOWZ3q4M+tK9Z5pfS/hs
rAIX9XeFAxmakeCTo9638BoOTcIi1+CKwTfWyiK38wPBplQQQalxv4LWjERhNr7Z
z77+yZkGM5GPPC9ovDyr+9mZbcYBfKE5ziE/hf5eqK1b/xDV1jstDQa+n4m9CtNh
2paKDSFSK4s14Xzxj+5K3de9pvvhtO7pnK7e8wM55L4laJTUzr0QOifIYEmkMaK5
ndPH4skSpBQpCWji08pXD5G2dDR/z5ID2C4cKJJkGT7Do88PU8CZ2dD6pAChxnw3
XMkF1DZ3fcrdCuDiSz1a1V5WWRafsD7w4nSyh99xty/PwJquvWy4JmKpVubJcQqG
9HF2z+IVwwc8tFp36YutOadlO9sLDhhwTkjeKm+ILNwy8XMauwd9INGTMjlsBQiL
AcsxX+s6FnqNZWDXvAMJTBdfpXioSdvPHozPFdFbkq/EZpvtP0amjCRaStUHt0PU
YZ8tpx2dvGSt7nHGrfI16EKeT2fBG84Hl6d+sfQVmABGXCr+G9Ui+fkIx0ZZPAu0
QXa1xJgfB23w5lf8kC/WPdP5y0bA1APWsHw4joOZc1TpEyKpnFqMgemUWpH+L0Wj
4EgeR9cYn226f7nbZi564gdjjP1uGK5SKRvxV4wQE0RBZkOeyMnC0noROpkD/l0r
PwN87E445s6veADVSU4y
=zpaV
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3541-1
January 23, 2018

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.10

Summary:

Several security issues were addressed in the Linux kernel.

Software Description:
– linux: Linux kernel

Details:

Jann Horn discovered that microprocessors utilizing speculative
execution and branch prediction may allow unauthorized memory
reads via sidechannel attacks. This flaw is known as Spectre. A
local attacker could use this to expose sensitive information,
including kernel memory. This update provides mitigations for the
i386 (CVE-2017-5753 only), amd64, ppc64el, and s390x architectures.
(CVE-2017-5715, CVE-2017-5753)

USN-3523-1 mitigated CVE-2017-5754 (Meltdown) for the amd64
architecture in Ubuntu 17.10. This update provides the corresponding
mitigations for the ppc64el architecture. Original advisory details:

Jann Horn discovered that microprocessors utilizing speculative
execution and indirect branch prediction may allow unauthorized memory
reads via sidechannel attacks. This flaw is known as Meltdown. A local
attacker could use this to expose sensitive information, including
kernel memory. (CVE-2017-5754)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
linux-image-4.13.0-31-generic 4.13.0-31.34
linux-image-4.13.0-31-lowlatency 4.13.0-31.34
linux-image-generic 4.13.0.31.33
linux-image-lowlatency 4.13.0.31.33

Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2)
requires corresponding processor microcode/firmware updates or,
in virtual environments, hypervisor updates. On i386 and amd64
architectures, the IBRS and IBPB features are required to enable the
kernel mitigations. Ubuntu is working with Intel and AMD to provide
future microcode updates that implement IBRS and IBPB as they are made
available. Ubuntu users with a processor from a different vendor should
contact the vendor to identify necessary firmware updates. Ubuntu
will provide corresponding QEMU updates in the future for users of
self-hosted virtual environments in coordination with upstream QEMU.
Ubuntu users in cloud environments should contact the cloud provider
to confirm that the hypervisor has been updated to expose the new
CPU features to virtual machines.

After a standard system update you need to reboot your computer to
apply the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3541-1
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.13.0-31.34

—–BEGIN PGP SIGNATURE—–

iQIcBAABCgAGBQJaZpCdAAoJEC8Jno0AXoH0w8UP+wb42nZp8vsy/cXDjHggutKE
/BGeFmOTJpVmYBoAPI2YZnL6jarWyckaPYFsbGgih55jQwXO4ZEMeI/97DOsY+hy
cyCao+ArkfppljA+RsN783Y4HFogFx2vuC6Qh5AYFpLBve6mrIgC+HuUJKyh7Wd2
uqmmE0GhID+CN0jLAsWNkqeh89WSPpFo23cHqpEZk8hOmGwQkRNa0NtIx6+49tSD
bOzF2MiVhfLJmnlLHRMwWtvZBx/coLJRo4VuS+T3J301nr+Df2RX3JcRn6VVjqc9
v0miENDw4cx5b8Pu/pp25c5b7xgshVA1pdHM6UfGy/T+LbAMzsnYNKyEJcA01rzc
lTOyXKd6HdWK3sXd18iidtZaFKKvIBWpjh6lnTv/r9FqXiD22t+shKGarVvjXK/L
ikO0/8fwDC+JjvLjGbIBqYHQZA0QlA7TA6y47QAe2q8ApzR5tLYXTW/momGICxMm
2/jZXfUG2dS6gXEXW+M4L5NaMb55Zab/skDezvbmgnBcjW+MK/wl/ZkoCiVuUq/R
aB4oCozEIPnKFNLXY7Gbg6CQqV7dfNtBfucUeT382YP6fXtA18FLD1/3m3dzsnEQ
3BtiB19sAm4yWkxr15+OXVJ3JqDsJ4yxju5YiLdcq6ScjylfvMmAjZAxzre284Ra
7RmXV+dCLGkDqj7K3Ndn
=he1h
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3542-1
January 23, 2018

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

Several security issues were addressed in the Linux kernel.

Software Description:
– linux: Linux kernel

Details:

Jann Horn discovered that microprocessors utilizing speculative
execution and branch prediction may allow unauthorized memory reads via
sidechannel attacks. This flaw is known as Spectre. A local attacker
could use this to expose sensitive information, including kernel
memory. This update provides mitigations for the i386 (CVE-2017-5753
only) and amd64 architectures.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-3.13.0-141-generic 3.13.0-141.190
linux-image-3.13.0-141-lowlatency 3.13.0-141.190
linux-image-generic 3.13.0.141.151
linux-image-lowlatency 3.13.0.141.151

Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2)
requires corresponding processor microcode/firmware updates or,
in virtual environments, hypervisor updates. On i386 and amd64
architectures, the IBRS and IBPB features are required to enable the
kernel mitigations. Ubuntu is working with Intel and AMD to provide
future microcode updates that implement IBRS and IBPB as they are made
available. Ubuntu users with a processor from a different vendor should
contact the vendor to identify necessary firmware updates. Ubuntu
will provide corresponding QEMU updates in the future for users of
self-hosted virtual environments in coordination with upstream QEMU.
Ubuntu users in cloud environments should contact the cloud provider
to confirm that the hypervisor has been updated to expose the new
CPU features to virtual machines.

After a standard system update you need to reboot your computer to
apply the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3542-1
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
CVE-2017-5715, CVE-2017-5753

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-141.190

—–BEGIN PGP SIGNATURE—–

iQIcBAABCgAGBQJaZpEGAAoJEC8Jno0AXoH0fLoP/RuItlQhwZu2ckXaW3R853Bo
AjbDHSHZghRpQQXaRyn5xmJEG8xzvQ1d5RwoGZ0AY7UUnZty5iH2TWj0YDzSwk3g
PuTHkr4EWSxP4NUANxvjtbmh+AF+FZiR9u1MUMDr52as2S4Ach/utOUTUOgNP3Gi
t3ehz3GKr12yhMTxGZm7Oz5zCx/mI5ZqLn/HFpltLj/XQPQ3ZeIPDBMflJUzcIok
fKT8+HGMkTVVCmqPUb6I34lWpdNFPxV86LwNNl1MG1kkmiRXkvhmoamEJvrQc0F3
dvkkvrpXtWMeWJsYVUZAbC+2KLNqTQK+z5f+0BdLOR6WaGub6HGinK2hZp6Co+2S
RNIZq6KMU5++y486dVmB/a65f9ACxnVlgFCuTziLtCO7khNvRLHrtHvHAIWCaPFh
7QP8XMiEM3UaByZ7Eu3X3f8re1EcRBZNEH3Bf332TemdV6TNsWqYm81fJEnTsMWV
9u17GIA0t9R4rqjs6J9XqryJ/OpxhD/I35zCLnI0t0Kby574f1h3tHx7SXe7uSM+
qQ7RPrBWy9duRUl1CW7aNU8wPuWCNmb0OdjbFgj71eAhiCe196H+t8ZNUrrurIoJ
3rmiCEh/27jXrwM5/DBoU8YXCtNLgWqfT/4lfL8RZVWbbCK1Ygu/mOlKtDtC2KS+
XYVeiJGkbhXpN+mZoX/v
=gJOQ
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3540-2
January 23, 2018

linux-lts-xenial, linux-aws vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

Several security issues were addressed in the Linux kernel.

Software Description:
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

USN-3540-1 addressed vulnerabilities in the Linux kernel for Ubuntu
16.04 LTS. This update provides the corresponding updates for the
Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for
Ubuntu 14.04 LTS.

Jann Horn discovered that microprocessors utilizing speculative
execution and branch prediction may allow unauthorized memory
reads via sidechannel attacks. This flaw is known as Spectre. A
local attacker could use this to expose sensitive information,
including kernel memory. This update provides mitigations for the
i386 (CVE-2017-5753 only), amd64, ppc64el, and s390x architectures.
(CVE-2017-5715, CVE-2017-5753)

USN-3522-2 mitigated CVE-2017-5754 (Meltdown) for the amd64
architecture in the Linux Hardware Enablement (HWE) kernel from Ubuntu
16.04 LTS for Ubuntu 14.04 LTS. This update provides the corresponding
mitigations for the ppc64el architecture. Original advisory details:

Jann Horn discovered that microprocessors utilizing speculative
execution and indirect branch prediction may allow unauthorized memory
reads via sidechannel attacks. This flaw is known as Meltdown. A local
attacker could use this to expose sensitive information, including
kernel memory. (CVE-2017-5754)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-4.4.0-1011-aws 4.4.0-1011.11
linux-image-4.4.0-111-generic 4.4.0-111.134~14.04.1
linux-image-4.4.0-111-lowlatency 4.4.0-111.134~14.04.1
linux-image-4.4.0-111-powerpc-e500mc 4.4.0-111.134~14.04.1
linux-image-4.4.0-111-powerpc-smp 4.4.0-111.134~14.04.1
linux-image-4.4.0-111-powerpc64-emb 4.4.0-111.134~14.04.1
linux-image-4.4.0-111-powerpc64-smp 4.4.0-111.134~14.04.1
linux-image-aws 4.4.0.1011.11
linux-image-generic-lts-xenial 4.4.0.111.95
linux-image-lowlatency-lts-xenial 4.4.0.111.95
linux-image-powerpc-e500mc-lts-xenial 4.4.0.111.95
linux-image-powerpc-smp-lts-xenial 4.4.0.111.95
linux-image-powerpc64-emb-lts-xenial 4.4.0.111.95
linux-image-powerpc64-smp-lts-xenial 4.4.0.111.95

Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2)
requires corresponding processor microcode/firmware updates or,
in virtual environments, hypervisor updates. On i386 and amd64
architectures, the IBRS and IBPB features are required to enable the
kernel mitigations. Ubuntu is working with Intel and AMD to provide
future microcode updates that implement IBRS and IBPB as they are made
available. Ubuntu users with a processor from a different vendor should
contact the vendor to identify necessary firmware updates. Ubuntu
will provide corresponding QEMU updates in the future for users of
self-hosted virtual environments in coordination with upstream QEMU.
Ubuntu users in cloud environments should contact the cloud provider
to confirm that the hypervisor has been updated to expose the new
CPU features to virtual machines.

After a standard system update you need to reboot your computer to
apply the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3540-2
https://www.ubuntu.com/usn/usn-3540-1
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754

Package Information:
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1011.11
https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-111.134~14.04.1

—–BEGIN PGP SIGNATURE—–

iQIcBAABCgAGBQJaZpFJAAoJEC8Jno0AXoH09TAP/0znFG+eHZ2FbNdZccJovyWv
16J3sWN/8rtg5ICfW/vq+UsBFlnh5b8sc9VhPXS24kUu8vCI1aM2HStvb9BMt8Hx
D4Ew+DByyQn9f3fuvyaWSyd7II2igELKnZfvR8BANZvYT8Ngi7hu7r39i+ORxkXJ
I0XQbe/YiDGlkC7QM6Rh2ru5fSSoGdiqwm3kNDNsEXFq0Q4i39kJhdd5NVWe4YkR
4GZ7cYK3pIigkv15S+aEtWzJ08YPDsaSn4M0nEVk71HBwtfoZY2ETWGNymFKjmM+
FxmK2r16Mzv3sr3hEUPsYKOcwGRBSTfEhaP+ffIEVJxmw+Xswts4KStbu7F7rDoP
8FmeZL6ayBPJbsZNIFQmxIO+lSscoCovnH2kBTVIqR/kcn0I3n+HayCX+mY9jBPV
Gvkrb8V92bu9HoGS5vmxPBuaOGr4mRLCrBpdbBZvT1CinDh7hohFpBwRsns0e3iw
lQeGWEyGGw0o3VlbO/pZa9ebSoFEb/OQ0fGFadAIlvqRB4eEPtWmHtbfIZ3vRNor
QrPMu1qvfBCrToXhM277uLJUczzKQlv3fYazPs+VlNEQTcQeKA3uJxhSqDwGBxrH
XbjWd5e07z7VDaHzQRpZAz8mqaMFgBnbIGoqaaOIiiREfdSV3S1zZJnHfHrDGZqD
x+KLzp2WfHf/aCUd04/5
=Z8o3
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3541-2
January 23, 2018

linux-hwe, linux-azure, linux-gcp, linux-oem vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

Several security issues were addressed in the Linux kernel.

Software Description:
– linux-azure: Linux kernel for Microsoft Azure Cloud systems
– linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
– linux-hwe: Linux hardware enablement (HWE) kernel
– linux-oem: Linux kernel for OEM processors

Details:

USN-3541-1 addressed vulnerabilities in the Linux kernel for Ubuntu
17.10. This update provides the corresponding updates for the
Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu
16.04 LTS.

Jann Horn discovered that microprocessors utilizing speculative
execution and branch prediction may allow unauthorized memory
reads via sidechannel attacks. This flaw is known as Spectre. A
local attacker could use this to expose sensitive information,
including kernel memory. This update provides mitigations for the
i386 (CVE-2017-5753 only), amd64, ppc64el, and s390x architectures.
(CVE-2017-5715, CVE-2017-5753)

USN-3523-2 mitigated CVE-2017-5754 (Meltdown) for the amd64
architecture in the Linux Hardware Enablement (HWE) kernel from Ubuntu
17.10 for Ubuntu 16.04 LTS. This update provides the corresponding
mitigations for the ppc64el architecture. Original advisory details:

Jann Horn discovered that microprocessors utilizing speculative
execution and indirect branch prediction may allow unauthorized memory
reads via sidechannel attacks. This flaw is known as Meltdown. A local
attacker could use this to expose sensitive information, including
kernel memory. (CVE-2017-5754)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.13.0-1006-azure 4.13.0-1006.8
linux-image-4.13.0-1007-gcp 4.13.0-1007.10
linux-image-4.13.0-1017-oem 4.13.0-1017.18
linux-image-4.13.0-31-generic 4.13.0-31.34~16.04.1
linux-image-4.13.0-31-lowlatency 4.13.0-31.34~16.04.1
linux-image-azure 4.13.0.1006.7
linux-image-gcp 4.13.0.1007.9
linux-image-generic-hwe-16.04 4.13.0.31.51
linux-image-gke 4.13.0.1007.9
linux-image-lowlatency-hwe-16.04 4.13.0.31.51
linux-image-oem 4.13.0.1017.21

Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2)
requires corresponding processor microcode/firmware updates or,
in virtual environments, hypervisor updates. On i386 and amd64
architectures, the IBRS and IBPB features are required to enable the
kernel mitigations. Ubuntu is working with Intel and AMD to provide
future microcode updates that implement IBRS and IBPB as they are made
available. Ubuntu users with a processor from a different vendor should
contact the vendor to identify necessary firmware updates. Ubuntu
will provide corresponding QEMU updates in the future for users of
self-hosted virtual environments in coordination with upstream QEMU.
Ubuntu users in cloud environments should contact the cloud provider
to confirm that the hypervisor has been updated to expose the new
CPU features to virtual machines.

After a standard system update you need to reboot your computer to
apply the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3541-2
https://www.ubuntu.com/usn/usn-3541-1
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754

Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/4.13.0-1006.8
https://launchpad.net/ubuntu/+source/linux-gcp/4.13.0-1007.10
https://launchpad.net/ubuntu/+source/linux-hwe/4.13.0-31.34~16.04.1
https://launchpad.net/ubuntu/+source/linux-oem/4.13.0-1017.18

—–BEGIN PGP SIGNATURE—–

iQIcBAABCgAGBQJaZpF5AAoJEC8Jno0AXoH0RDoP/1U525nrNTis8BxFI1ETsGq4
lUeVo77SST6iA0/SR1zwfXzy3QN6DVAjiQZKmXKv7QaTa/SmhqjubTwfLwOwmC6g
lwP9BVPS6GrGBYylgyENxR2YtEKNF5x97Ja2NkwR99jAbFrcOD/P2CjrB0UlDkLg
IYjVj4ojy4banBbjDSlm4cstCgqPhcVtxMJiNUmE1WwT7sgygySjkZMma49xNl3U
1L31GZssKH7U7Zb3cKt+3gwUh2bQlZDy+NxUE2JGg/VljdaiA/mGHJzU8k180TaQ
aFsMeC3AQA+sgGMOwD+MCzTRzju6v8B6A/TogbetNMSP3C3AsYPMT58LXpkPYdMo
QmmYSVQeWDo1qO30n6COXs9b7/CrBrLoTF7g4p0+MP4SFJZfClm7dAflr8LGva0d
/r91Ury/mH3P8hvIEPH8BHcOdv68bC+Hn2p6qmclztJHs5N4B72D/Fc9d2/By34g
JvgDVN/3OMRSSZ4HceF0IIdjzjpl1hY/woCDn/x3Ez0rkN2XDtXwXsKborsAKMnv
jrBQcpGG0BVX2DAZMvcJ0ffCTvOy8Cue7oXMlaQ6FXGtdJAG6R3rcvmS3wg0xjns
jwWl4kinL4zlvrTAIUP5Jt0tcjqY+/uqCx6tVBs89iYullNW+GSIUUZwyvkEmQWl
eUd24CkfYhxUHB+Hh9Yu
=roSG
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3542-2
January 23, 2018

linux-lts-trusty vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

Several security issues were addressed in the Linux kernel.

Software Description:
– linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise ESM

Details:

USN-3542-1 addressed vulnerabilities in the Linux kernel for Ubuntu
14.04 LTS. This update provides the corresponding updates for the
Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for
Ubuntu 12.04 ESM.

Jann Horn discovered that microprocessors utilizing speculative
execution and branch prediction may allow unauthorized memory reads via
sidechannel attacks. This flaw is known as Spectre. A local attacker
could use this to expose sensitive information, including kernel
memory. This update provides mitigations for the i386 (CVE-2017-5753
only) and amd64 architectures.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
linux-image-3.13.0-140-generic 3.13.0-140.189~precise1
linux-image-generic-lts-trusty 3.13.0.140.131

Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2)
requires corresponding processor microcode/firmware updates or,
in virtual environments, hypervisor updates. On i386 and amd64
architectures, the IBRS and IBPB features are required to enable the
kernel mitigations. Ubuntu is working with Intel and AMD to provide
future microcode updates that implement IBRS and IBPB as they are made
available. Ubuntu users with a processor from a different vendor should
contact the vendor to identify necessary firmware updates. Ubuntu
will provide corresponding QEMU updates in the future for users of
self-hosted virtual environments in coordination with upstream QEMU.
Ubuntu users in cloud environments should contact the cloud provider
to confirm that the hypervisor has been updated to expose the new
CPU features to virtual machines.

After a standard system update you need to reboot your computer to
apply the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3542-2
https://www.ubuntu.com/usn/usn-3542-1
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
CVE-2017-5715, CVE-2017-5753

—–BEGIN PGP SIGNATURE—–

iQIcBAABCgAGBQJaZpGbAAoJEC8Jno0AXoH0ooUP/i9LSooJ5ASiJc4DA9+BTdbQ
Ny8Nye4n8eNEg2laFsX92pgz1yahmWuJAPWK48C3PSorMVqmCefd12IxIepzvC4j
g/WUxAvHpVhOWcEvslWGE7uvXNnCCTlQC5knJh3sxCeazM2lTVnzADtRGRfSVeEr
hN9tV2o6hBH1Obh3oz2jrN3kaJMnUWGgJ/Ce8/4qcWP7UMbsjUYgf4GPslRrmubd
GLVl59AYRQEwkuT8uu4qmxpdUrta90rIgd0RX/2PmkgZGtOccXyprpXPayxDMMVL
jgY5TyMZTjtmzd9vVp+sjSVaWChHiZ6vx+YoZ5aL9lqdGSaTWqhgUH2IVFgx1wnR
jkgKSmrZyYO40uFc+WSWvkXxShczcU6tOEtILksNSRUf+Cq4Qnq7bpPv1j7+oyuj
3gWyRQfy0BMYVzbpVJEIDAYDl5h05xiPYkN8PZN4/sDpBQZ5kB1K+BVphKkHwVAo
hhWuRHatZZsPn5z/05efKg+ADua+LIp1HdYNtIbMrNv3zv/zafBBYdaJCZ0iHHQW
RQDZETlxkQELQuvUOAn2UrrI7rlw8rqdhm7ZqP+GCeZfHz3yyZxtxtJfIpo2tuWo
hcPU80Oza2GUv8OJMr9Utuc+onPGZ65NnqONOzsL5HZ+3X+47nRT/xSuUYDLOZSL
LwY9jpjHXP2+K2CON6w6
=2zwB
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke perl-XML-LibXML

Otkriven je sigurnosni nedostatak u programskoj biblioteci perl-XML-LibXML za operacijski sustav SUSE. Otkriveni nedostatak potencijalnim napadačima omogućuje izvršavanje proizvoljnog programskog...

Close