You are here
Home > Preporuke > Sigurnosni nedostaci jezgre operacijskog sustava

Sigurnosni nedostaci jezgre operacijskog sustava

==========================================================================
Ubuntu Security Notice USN-3697-1
July 02, 2018

linux, linux-raspi2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.10

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux: Linux kernel
– linux-raspi2: Linux kernel for Raspberry Pi 2

Details:

It was discovered that a null pointer dereference vulnerability existed in
the DCCP protocol implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash). (CVE-2018-1130)

Jann Horn discovered that the 32 bit adjtimex() syscall implementation for
64 bit Linux kernels did not properly initialize memory returned to user
space in some situations. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2018-11508)

Wang Qize discovered that an information disclosure vulnerability existed
in the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A
local attacker could use this to expose sensitive information (kernel
pointer addresses). (CVE-2018-5750)

It was discovered that the SCTP Protocol implementation in the Linux kernel
did not properly validate userspace provided payload lengths in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2018-5803)

It was discovered that an integer overflow error existed in the futex
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash). (CVE-2018-6927)

It was discovered that an information leak vulnerability existed in the
floppy driver in the Linux kernel. A local attacker could use this to
expose sensitive information (kernel memory). (CVE-2018-7755)

It was discovered that a memory leak existed in the SAS driver subsystem of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2018-7757)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
linux-image-4.13.0-1023-raspi2 4.13.0-1023.24
linux-image-4.13.0-46-generic 4.13.0-46.51
linux-image-4.13.0-46-generic-lpae 4.13.0-46.51
linux-image-4.13.0-46-lowlatency 4.13.0-46.51
linux-image-generic 4.13.0.46.49
linux-image-generic-lpae 4.13.0.46.49
linux-image-lowlatency 4.13.0.46.49
linux-image-raspi2 4.13.0.1023.21

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/usn/usn-3697-1
CVE-2018-1130, CVE-2018-11508, CVE-2018-5750, CVE-2018-5803,
CVE-2018-6927, CVE-2018-7755, CVE-2018-7757

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.13.0-46.51
https://launchpad.net/ubuntu/+source/linux-raspi2/4.13.0-1023.24

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAls6jXAACgkQLwmejQBe
gfQYWQ//diWXLjmlabZAfFCVEzHeqT07nfx7pKhhSA8Mme7Gvda4wCNKi1maLcra
4bkH3oJyE0CrWJ/MpKPFY/QNXC/L7iVv009ODVuGk9dVH4ezPyW9YYFdzJLuTEUH
f46eBLX+9X4SdTpRZ70r20rLFSjz0jYJo2WUCcgl6WVAua0HsJKji9FnJr+xUYi6
hoYj9C8SELrOSsPzaCKB3Fes1Q1v7AZHzhiwJy5J51Nm3nsEFMi3hWmogzSggOHa
exsq8jtErY/6rWAnFIDKK+k6f9kauvI+lT9DoFyozJlIlnHeOexL4XXWmvCpn94D
V+Tnyh6jyMw+G84jl4NL7AzvwnrhyRUu+hJ+zuoosiwusqqFANA6kdcSljhD5sHf
BfOrwUZytO1qhjPcS4F/gmKP/+dI+pLk8scv443X35SuHZY9whBmrei7042MPwd0
n/ltXszkmIERL8O3Ph2gslUqPEqrXegHW+G1ee05PVBfkIx8deWlFVIN06RaY9Ub
SyPXw9ZhEvjtIeBVopomxD5qVhM+44p/hXkd7db1iT89b+YQTkcS+mkEYPuZv56n
cI8x1IOPHlDD1c3IIGr7iiOeXd5EqbR/A9mkf6Suwgz+Zho86PuthFZV8LGuOohs
Qijq/wajdueEhUUuNA1Gj/RkpmO1EaIkGBB0ZWhfRJZPmGxdZA0=
=+xun
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3697-2
July 02, 2018

linux-oem vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux-oem: Linux kernel for OEM processors

Details:

It was discovered that a null pointer dereference vulnerability existed in
the DCCP protocol implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash). (CVE-2018-1130)

Jann Horn discovered that the 32 bit adjtimex() syscall implementation for
64 bit Linux kernels did not properly initialize memory returned to user
space in some situations. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2018-11508)

Wang Qize discovered that an information disclosure vulnerability existed
in the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A
local attacker could use this to expose sensitive information (kernel
pointer addresses). (CVE-2018-5750)

It was discovered that the SCTP Protocol implementation in the Linux kernel
did not properly validate userspace provided payload lengths in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2018-5803)

It was discovered that an integer overflow error existed in the futex
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash). (CVE-2018-6927)

It was discovered that an information leak vulnerability existed in the
floppy driver in the Linux kernel. A local attacker could use this to
expose sensitive information (kernel memory). (CVE-2018-7755)

It was discovered that a memory leak existed in the SAS driver subsystem of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2018-7757)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.13.0-1031-oem 4.13.0-1031.35
linux-image-oem 4.13.0.1031.36

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/usn/usn-3697-2
https://usn.ubuntu.com/usn/usn-3697-1
CVE-2018-1130, CVE-2018-11508, CVE-2018-5750, CVE-2018-5803,
CVE-2018-6927, CVE-2018-7755, CVE-2018-7757

Package Information:
https://launchpad.net/ubuntu/+source/linux-oem/4.13.0-1031.35

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAls6jYEACgkQLwmejQBe
gfQovhAAsIAy+iQu3wRrvSMK1E0g89/U9hpIWCz2oMTDkYZtINB8ZSFcul3+ZMLr
OxOggdkev84oAgPQxAmL3tu5viKnkQPhGd4RKE3tiPmaOR84YJ8ERbuq9UMx0Yqe
8ZgwXLw2EwoYJvTzcTji511qq6JDIXhITwgBRXZ7pbvKOEYipGHg0531JMuuSwaU
Vod7BOcISaBku5qU38BMxUFWQYU7gcFOKmPIUCpK2N976ca4EvvgMA1rROS7Nuif
Uea0kyY2jATC0dlmLwWy+ousiKObC+/qLtuvgxVy0Oqz5t0FUwy0YzxBFJeSZOjJ
ufN0U6DkmnHgVTalVt4EF0YrQq/e4lCcKsewklMEEs2ClOjJtgXO9vm5QEuNoaNb
dA2smCqmg8YGdEJYfvUjPSP125qMl0r9J03LY5iQKmGRojXgV9QdWefjPmWq+/Jz
fxwMb/PILFwfiHzwyRVf2Obo72MSCjnfB6QQh5Cvt5qdXZHqWFCB3tvRbGf/BhK4
DP/ALLStzYvdrkCoXPcV9kTKeeA1fCD0tZRDDPVuygrrHSg+68GmS/nJqIYvSdhs
fxVpcxMUBO9VwSzdHYexCWZKkYsKKUAU6+JlQ29Ly5XqzrIJetWBizWlA+MZXKSO
rmF6yHG16Mf9Fk9qlzcq9o/A1Uu99B77aU9q9Xwn5CbGC9mNUU4=
=XIb7
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci više verzija jezgri operacijskog sustava Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja, izvršavanje proizvoljnog...

Close