--===============8145163320249231600== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="5me2qT3T17SWzdxI" Content-Disposition: inline
--5me2qT3T17SWzdxI Content-Type: text/plain; charset=utf-8 Content-Disposition: inlin Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3617-2 April 03, 2018
linux-hwe, linux-gcp, linux-oem vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-hwe: Linux hardware enablement (HWE) kernel - linux-oem: Linux kernel for OEM processors
Details:
USN-3617-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS.
It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861)
It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407)
It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129)
Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532)
Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537)
Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645)
Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646)
Andrey Konovalov discovered that the ASIX Ethernet USB driver in the Linux kernel did not properly handle suspend and resume events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16647)
Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16649)
Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16650)
It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16994)
It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448)
It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450)
Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information. (CVE-2017-17741)
It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805)
It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806)
It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a tasks' default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)
It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204)
It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026)
It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5332)
Mohamed Ghannam discovered a null pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333)
èéŸé£ discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: linux-image-4.13.0-1012-gcp 4.13.0-1012.16 linux-image-4.13.0-1022-oem 4.13.0-1022.24 linux-image-4.13.0-38-generic 4.13.0-38.43~16.04.1 linux-image-4.13.0-38-generic-lpae 4.13.0-38.43~16.04.1 linux-image-4.13.0-38-lowlatency 4.13.0-38.43~16.04.1 linux-image-gcp 4.13.0.1012.14 linux-image-generic-hwe-16.04 4.13.0.38.57 linux-image-generic-lpae-hwe-16.04 4.13.0.38.57 linux-image-gke 4.13.0.1012.14 linux-image-lowlatency-hwe-16.04 4.13.0.38.57 linux-image-oem 4.13.0.1022.26
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://usn.ubuntu.com/usn/usn-3617-2 https://usn.ubuntu.com/usn/usn-3617-1 CVE-2017-0861, CVE-2017-1000407, CVE-2017-15129, CVE-2017-16532, CVE-2017-16537, CVE-2017-16645, CVE-2017-16646, CVE-2017-16647, CVE-2017-16649, CVE-2017-16650, CVE-2017-16994, CVE-2017-17448, CVE-2017-17450, CVE-2017-17741, CVE-2017-17805, CVE-2017-17806, CVE-2017-17807, CVE-2017-18204, CVE-2018-1000026, CVE-2018-5332, CVE-2018-5333, CVE-2018-5344
Package Information: https://launchpad.net/ubuntu/+source/linux-gcp/4.13.0-1012.16 https://launchpad.net/ubuntu/+source/linux-hwe/4.13.0-38.43~16.04.1 https://launchpad.net/ubuntu/+source/linux-oem/4.13.0-1022.24
--5me2qT3T17SWzdxI Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAlrD4jsACgkQLwmejQBe gfTb+Q/+Jew52OZooPyPv6TUImV3nbwYSaGNN2zFIFvcJcP5geEduHO5/5rcUL7f 9xcj4PtnAigmKDPB/6HFyYSlL3Ngg15GTlpQ1itkYXa8npe5HGR6UhfOr79CqmkV rwpWKRbcD/RfkCaqf4AQ2f7AqnYVS0IhnqE5hVSmQEdxgc812uJl7AFfyCZG64Ew Jkcf1Makz1N4axymOzQ+6CeFDYNwKfnB7ZnU66c5OstQIlSpXgmqr+Bu/xXMpAZQ g9tuD1D1el68mu2IeWk0ni2XgHMrBSRa8hpjx9c9Nd1d9zQggabQV3SPU3pSuAMy JVEv586oGpkwxUZzwnvAbv+0cg3JVJHOvVCSlebVJ9qjgozrsErjlI36jlBVbCnS e7hzbL5+0pCup2aaSNOhd3mSzffm+x1Yj71wrEVzLAUzhWo9WeE0lW3NmXyboCGg qVQJ8imrsYso6vZVG4l9Y6nj+5zhAs7DxW63cSRFYQZL0bL4lpgGh1bxmHZ/gwK3 VeVMB8Cl/EHais3t7OdX/UMcTHdOUdsTDPPGpDrt8O2sZw5WpwBbQf/Ax3tyJYHq S2gw627jPTRCEOAiDTi0iplgk2b96pDPzhMZCvK3pmm3Bn2HgWuVzuNazLQ1zauq XALH9ZAAXGcfIxnCeiY3u+A7bEkLM80b+iwacTy8M1rRkubmi5k= =+Zon -----END PGP SIGNATURE-----
--5me2qT3T17SWzdxI--
--===============8145163320249231600== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============8145163320249231600==--
|