USN-3617-3: Linux kernel (Raspberry Pi 2) vulnerabilities<\/p>\n
A security issue affects these releases of Ubuntu and its derivatives:<\/p>\n
Several security issues were fixed in the Linux kernel.<\/p>\n
It was discovered that a race condition leading to a use-after-free
\nvulnerability existed in the ALSA PCM subsystem of the Linux kernel. A
\nlocal attacker could use this to cause a denial of service (system crash)
\nor possibly execute arbitrary code. (CVE-2017-0861)<\/p>\n
It was discovered that a use-after-free vulnerability existed in the
\nnetwork namespaces implementation in the Linux kernel. A local attacker
\ncould use this to cause a denial of service (system crash) or possibly
\nexecute arbitrary code. (CVE-2017-15129)<\/p>\n
Andrey Konovalov discovered that the usbtest device driver in the Linux
\nkernel did not properly validate endpoint metadata. A physically proximate
\nattacker could use this to cause a denial of service (system crash).
\n(CVE-2017-16532)<\/p>\n
Andrey Konovalov discovered that the SoundGraph iMON USB driver in the
\nLinux kernel did not properly validate device metadata. A physically
\nproximate attacker could use this to cause a denial of service (system
\ncrash). (CVE-2017-16537)<\/p>\n
Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver
\nin the Linux kernel did not properly validate device descriptors. A
\nphysically proximate attacker could use this to cause a denial of service
\n(system crash). (CVE-2017-16645)<\/p>\n
Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the
\nLinux kernel did not properly handle detach events. A physically proximate
\nattacker could use this to cause a denial of service (system crash).
\n(CVE-2017-16646)<\/p>\n
Andrey Konovalov discovered that the ASIX Ethernet USB driver in the Linux
\nkernel did not properly handle suspend and resume events. A physically
\nproximate attacker could use this to cause a denial of service (system
\ncrash). (CVE-2017-16647)<\/p>\n
Andrey Konovalov discovered that the CDC USB Ethernet driver did not
\nproperly validate device descriptors. A physically proximate attacker could
\nuse this to cause a denial of service (system crash). (CVE-2017-16649)<\/p>\n
Andrey Konovalov discovered that the QMI WWAN USB driver did not properly
\nvalidate device descriptors. A physically proximate attacker could use this
\nto cause a denial of service (system crash). (CVE-2017-16650)<\/p>\n
It was discovered that the HugeTLB component of the Linux kernel did not
\nproperly handle holes in hugetlb ranges. A local attacker could use this to
\nexpose sensitive information (kernel memory). (CVE-2017-16994)<\/p>\n
It was discovered that the netfilter component of the Linux did not
\nproperly restrict access to the connection tracking helpers list. A local
\nattacker could use this to bypass intended access restrictions.
\n(CVE-2017-17448)<\/p>\n
It was discovered that the netfilter passive OS fingerprinting (xt_osf)
\nmodule did not properly perform access control checks. A local attacker
\ncould improperly modify the system-wide OS fingerprint list.
\n(CVE-2017-17450)<\/p>\n
Dmitry Vyukov discovered that the KVM implementation in the Linux kernel
\ncontained an out-of-bounds read when handling memory-mapped I\/O. A local
\nattacker could use this to expose sensitive information. (CVE-2017-17741)<\/p>\n
It was discovered that the Salsa20 encryption algorithm implementations in
\nthe Linux kernel did not properly handle zero-length inputs. A local
\nattacker could use this to cause a denial of service (system crash).
\n(CVE-2017-17805)<\/p>\n
It was discovered that the HMAC implementation did not validate the state
\nof the underlying cryptographic hash algorithm. A local attacker could use
\nthis to cause a denial of service (system crash) or possibly execute
\narbitrary code. (CVE-2017-17806)<\/p>\n
It was discovered that the keyring implementation in the Linux kernel did
\nnot properly check permissions when a key request was performed on a tasks’
\ndefault keyring. A local attacker could use this to add keys to
\nunauthorized keyrings. (CVE-2017-17807)<\/p>\n
It was discovered that a race condition existed in the OCFS2 file system
\nimplementation in the Linux kernel. A local attacker could use this to
\ncause a denial of service (kernel deadlock). (CVE-2017-18204)<\/p>\n
It was discovered that the Broadcom NetXtremeII ethernet driver in the
\nLinux kernel did not properly validate Generic Segment Offload (GSO) packet
\nsizes. An attacker could use this to cause a denial of service (interface
\nunavailability). (CVE-2018-1000026)<\/p>\n
It was discovered that the Reliable Datagram Socket (RDS) implementation in
\nthe Linux kernel contained an out-of-bounds during RDMA page allocation. An
\nattacker could use this to cause a denial of service (system crash) or
\npossibly execute arbitrary code. (CVE-2018-5332)<\/p>\n
Mohamed Ghannam discovered a null pointer dereference in the RDS (Reliable
\nDatagram Sockets) protocol implementation of the Linux kernel. A local
\nattacker could use this to cause a denial of service (system crash).
\n(CVE-2018-5333)<\/p>\n
\u8303\u9f99\u98de discovered that a race condition existed in loop block device
\nimplementation in the Linux kernel. A local attacker could use this to
\ncause a denial of service (system crash) or possibly execute arbitrary
\ncode. (CVE-2018-5344)<\/p>\n
The problem can be corrected by updating your system to the following package versions:<\/p>\n
To update your system, please follow these instructions: https:\/\/wiki.ubuntu.com\/Security\/Upgrades<\/a>.<\/p>\n After a standard system update you need to reboot your computer to make ATTENTION: Due to an unavoidable ABI change the kernel updates have Source: USN-3617-3: Linux kernel (Raspberry Pi 2) vulnerabilities<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" USN-3617-3: Linux kernel (Raspberry Pi 2) vulnerabilities linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Summary Several security issues were fixed in the Linux kernel. Software Description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861) It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129) Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. [ more… ]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[586],"tags":[587],"class_list":["post-23349","post","type-post","status-publish","format-standard","hentry","category-ubuntu-usn","tag-ubuntu-usn"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/23349","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/comments?post=23349"}],"version-history":[{"count":1,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/23349\/revisions"}],"predecessor-version":[{"id":23350,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/23349\/revisions\/23350"}],"wp:attachment":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media?parent=23349"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/categories?post=23349"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/tags?post=23349"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nall the necessary changes.<\/p>\n
\nbeen given a new version number, which requires you to recompile and
\nreinstall all third party kernel modules you might have installed.
\nUnless you manually uninstalled the standard kernel metapackages
\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
\nlinux-powerpc), a standard system upgrade will automatically perform
\nthis as well.<\/p>\nReferences<\/h2>\n
\n