Several security issues were fixed in the kernel.
Software Description:
- linux: Linux kernel
Details:
It was discovered that a use-after-free flaw existed in the filesystem
encryption subsystem in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash). (CVE-2017-7374)
Jann Horn discovered that the extended Berkeley Packet Filter (eBPF)
implementation in the Linux kernel could overflow reference counters on
systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to
infinite. A local unprivileged attacker could use to create a use-after-
free situation, causing a denial of service (system crash) or possibly gain
administrative privileges. (CVE-2016-4558)
It was discovered that the Linux kernel did not properly restrict
RLIMIT_STACK size. A local attacker could use this in conjunction with
another vulnerability to possibly execute arbitrary code.
(CVE-2017-1000365)
石磊 discovered that the RxRPC Kerberos 5 ticket handling...
The problem can be corrected by updating your livepatches to the following versions: | Kernel | Version | flavors | |-----------------+----------+--------------------------| | 4.4.0-21.37 | 26.1 | generic, lowlatency | | 4.4.0-22.39 | 26.1 | generic, lowlatency | | 4.4.0-22.40 | 26.1 | generic, lowlatency | | 4.4.0-24.43 | 26.1 | generic, lowlatency | | 4.4.0-28.47 | 26.1 | generic, lowlatency | | 4.4.0-31.50 | 26.1 | generic, lowlatency | | 4.4.0-34.53 | 26.1 | generic, lowlatency | | 4.4.0-36.55 | 26.1 | generic, lowlatency | | 4.4.0-38.57 | 26.1 | generic, lowlatency | | 4.4.0-42.62 | 26.1 | generic, lowlatency | | 4.4.0-43.63 | 26.1 | generic, lowlatency | | 4.4.0-45.66 | 26.1 | generic, lowlatency | | 4.4.0-47.68 | 26.1 | generic, lowlatency | | 4.4.0-51.72 | 26.1 | generic, lowlatency | | 4.4.0-53.74 | 26.1 | generic, lowlatency | | 4.4.0-57.78 | 26.1 | generic, lowlatency | | 4.4.0-59.80 | 26.1 | generic, lowlatency | | 4.4.0-62.83 | 26.1 | generic, lowlatency | | 4.4.0-63.84 | 26.1 | generic, lowlatency | | 4.4.0-64.85 | 26.1 | generic, lowlatency | | 4.4.0-66.87 | 26.1 | generic, lowlatency | | 4.4.0-67.88 | 26.1 | generic, lowlatency | | 4.4.0-70.91 | 26.1 | generic, lowlatency | | 4.4.0-71.92 | 26.1 | generic, lowlatency | | 4.4.0-72.93 | 26.1 | generic, lowlatency | | 4.4.0-75.96 | 26.1 | generic, lowlatency | | 4.4.0-77.98 | 26.1 | generic, lowlatency | | 4.4.0-78.99 | 26.1 | generic, lowlatency | | 4.4.0-79.100 | 26.1 | generic, lowlatency | | 4.4.0-81.104 | 26.1 | generic, lowlatency | | 4.4.0-83.106 | 26.1 | generic, lowlatency | | lts-4.4.0-21.37_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-22.39_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-22.40_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-24.43_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-28.47_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-31.50_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-34.53_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-36.55_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-38.57_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-42.62_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-45.66_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-47.68_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-51.72_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-53.74_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-57.78_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-59.80_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-62.83_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-64.85_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-66.87_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-70.91_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-71.92_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-72.93_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-75.96_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-79.100_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-81.104_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | Additionally, you should install an updated kernel with these fixes and reboot at your convienience.
CVE-2016-4558, CVE-2017-1000365, CVE-2017-7374, CVE-2017-7482,
CVE-2017-9150
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Get the latest Linux and open source security news straight to your inbox.