USN-3378-1: Linux kernel vulnerabilities
USN-3378-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3378-1 3rd August, 2017 linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gke – Linux kernel for Google Container Engine (GKE) systems linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors Details Fan Wu and Shixiong Zhao discovered a race condition between inotify eventsand vfs rename operations in the Linux kernel. An unprivileged localattacker could use this to cause a denial of service (system crash) orexecute arbitrary code. (CVE-2017-7533) It was discovered that the Linux kernel did not properly restrictRLIMIT_STACK size. A local attacker could use this in conjunction [ more… ]