SECURITY

USN-3485-2: Linux kernel (Xenial HWE) vulnerabilities Ubuntu Security Notice USN-3485-2 21st November, 2017 linux-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3485-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu14.04 LTS. It was discovered that a race condition existed in the ALSA subsystem ofthe Linux kernel when creating and deleting a port via ioctl(). A localattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code. (CVE-2017-15265) Eric Biggers discovered that the key management subsystem in the Linuxkernel did not properly restrict adding a key [ more… ]

USN-3484-2: Linux kernel (HWE) vulnerability Ubuntu Security Notice USN-3484-2 21st November, 2017 linux-hwe vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary The system could be made to crash or run programs as an administrator. Software description linux-hwe – Linux hardware enablement (HWE) kernel Details USN-3484-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.This update provides the corresponding updates for the Linux HardwareEnablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that the KVM subsystem in the Linux kernel did notproperly keep track of nested levels in guest page tables. A local attackerin a guest VM could use this to cause a denial of service (host OS crash)or possibly execute arbitrary code in the host OS. Update instructions The problem can be corrected by updating your system to [ more… ]

USN-3485-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3485-1 20th November, 2017 linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gke – Linux kernel for Google Container Engine (GKE) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors Details It was discovered that a race condition existed in the ALSA subsystem ofthe Linux kernel when creating and deleting a port via ioctl(). A localattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code. (CVE-2017-15265) Eric Biggers discovered that the key management subsystem [ more… ]

USN-3480-2: Apport regressions Ubuntu Security Notice USN-3480-2 20th November, 2017 apport regressions A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Summary USN-3480-1 introduced regressions in Apport. Software description apport – automatically generate crash reports for debugging Details USN-3480-1 fixed vulnerabilities in Apport. The fix for CVE-2017-14177introduced a regression in the ability to handle crashes for users thatconfigured their systems to use the Upstart init system in Ubuntu 16.04LTS and Ubuntu 17.04. The fix for CVE-2017-14180 temporarily disabledcrash forwarding to containers. This update addresses the problems. We apologize for the inconvenience. Original advisory details: Sander Bos discovered that Apport incorrectly handled core dumps for setuid binaries. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. (CVE-2017-14177) Sander Bos discovered [ more… ]