SECURITY

USN-3469-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3469-1 31st October, 2017 linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gke – Linux kernel for Google Container Engine (GKE) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors Details Anthony Perard discovered that the Xen virtual block driver did notproperly initialize some data structures before passing them to user space.A local attacker in a guest VM could use this to expose sensitiveinformation from the host OS or other guest VMs. (CVE-2017-10911) Bo Zhang discovered that the netlink wireless [ more… ]

USN-3470-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3470-1 31st October, 2017 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel Details Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build()function in the Linux kernel. A local attacker could use to cause a denialof service (system crash) or possibly execute arbitrary code withadministrative privileges. (CVE-2016-8632) Dmitry Vyukov discovered that a race condition existed in the timerfdsubsystem of the Linux kernel when handling might_cancel queuing. A localattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code. (CVE-2017-10661) It was discovered that the Flash-Friendly File System (f2fs) implementationin the Linux kernel did not properly validate superblock metadata. A localattacker could use this to [ more… ]

USN-3468-3: Linux kernel (GCP) vulnerabilities Ubuntu Security Notice USN-3468-3 31st October, 2017 linux-gcp vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems Details It was discovered that the KVM subsystem in the Linux kernel did notproperly bound guest IRQs. A local attacker in a guest VM could use this tocause a denial of service (host system crash). (CVE-2017-1000252) It was discovered that the Flash-Friendly File System (f2fs) implementationin the Linux kernel did not properly validate superblock metadata. A localattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code. (CVE-2017-10663) Anthony Perard discovered that the Xen virtual block driver did notproperly initialize some data structures before passing [ more… ]

USN-3468-2: Linux kernel (HWE) vulnerabilities Ubuntu Security Notice USN-3468-2 31st October, 2017 linux-hwe vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-hwe – Linux hardware enablement (HWE) kernel Details USN-3468-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.This update provides the corresponding updates for the Linux HardwareEnablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that the KVM subsystem in the Linux kernel did notproperly bound guest IRQs. A local attacker in a guest VM could use this tocause a denial of service (host system crash). (CVE-2017-1000252) It was discovered that the Flash-Friendly File System (f2fs) implementationin the Linux kernel did not properly validate superblock metadata. A localattacker could use this to cause a denial of [ more… ]