SECURITY

USN-3404-2: Linux kernel (HWE) vulnerability Ubuntu Security Notice USN-3404-2 28th August, 2017 linux-hwe vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary The system could be made to crash under certain conditions. Software description linux-hwe – Linux hardware enablement (HWE) kernel Details USN-3404-1 fixed a vulnerability in the Linux kernel for Ubuntu 17.04.This update provides the corresponding updates for the Linux HardwareEnablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. A reference count bug was discovered in the Linux kernel ipx protocolstack. A local attacker could exploit this flaw to cause a denial ofservice or possibly other unspecified problems. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: linux-image-4.10.0-33-generic 4.10.0-33.37~16.04.1 linux-image-4.10.0-33-lowlatency 4.10.0-33.37~16.04.1 linux-image-generic-hwe-16.04 4.10.0.33.35 linux-image-lowlatency-hwe-16.04 4.10.0.33.35 linux-image-4.10.0-33-generic-lpae 4.10.0-33.37~16.04.1 linux-image-generic-lpae-hwe-16.04 4.10.0.33.35 To update [ more… ]

USN-3406-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3406-1 28th August, 2017 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel Details It was discovered that an out of bounds read vulnerability existed in theassociative array implementation in the Linux kernel. A local attackercould use this to cause a denial of service (system crash) or exposesensitive information. (CVE-2016-7914) It was discovered that a NULL pointer dereference existed in the DirectRendering Manager (DRM) driver for VMWare devices in the Linux kernel. Alocal attacker could use this to cause a denial of service (system crash).(CVE-2017-7261) It was discovered that the USB Cypress HID drivers for the Linux kernel didnot properly validate reported information from the device. An attackerwith physical access [ more… ]

USN-3405-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3405-1 28th August, 2017 linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gke – Linux kernel for Google Container Engine (GKE) systems linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors Details It was discovered that a use-after-free vulnerability existed in the POSIXmessage queue implementation in the Linux kernel. A local attacker coulduse this to cause a denial of service (system crash) or possibly executearbitrary code. (CVE-2017-11176) Huang Weller discovered that the ext4 filesystem implementation in theLinux kernel mishandled a needs-flushing-before-commit list. A localattacker could use this to expose [ more… ]