Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 620
Alerts This Week
Warning Icon 1 620

Ubuntu 16.04 LTS: 0030-1 Critical: Kernel Denial of Service Issue

ubuntu
Calendar Grey September 18, 2017
Dist Ubuntu Esm H88
Tackling various kernel vulnerabilities impacting several Ubuntu versions through urgent updates and fixes.
Several security issues were fixed in the kernel.

Summary

Several security issues were fixed in the kernel.

Software Description:

- linux: Linux kernel

Details:

The Linux Kernel running on AMD64 systems will sometimes map the contents

of PIE executable, the heap or ld.so to where the stack is mapped allowing

attackers to more easily manipulate the stack. (CVE-2017-1000379)

It was discovered that a buffer overflow existed in the Bluetooth stack of

the Linux kernel when handling L2CAP cpnfiguration responses. A physically

proximate attacker could use this to cause a denial of service (system

crash). (CVE-2017-1000251)

It was discovered that the Flash-Friendly File System (f2fs) implementation

in the Linux kernel did not properly validate superblock metadata. A local

attacker could use this to cause a denial of service (system crash) or

possibly execute arbitrary code. (CVE-2017-10663)

Update Instructions

The problem can be corrected by updating your livepatches to the following
versions:

| Kernel          | Version  | flavors                  |
|-----------------+----------+--------------------------|
| 4.4.0-21.37     | 30.3     | generic, lowlatency      |
| 4.4.0-22.39     | 30.3     | generic, lowlatency      |
| 4.4.0-22.40     | 30.3     | generic, lowlatency      |
| 4.4.0-24.43     | 30.3     | generic, lowlatency      |
| 4.4.0-28.47     | 30.3     | generic, lowlatency      |
| 4.4.0-31.50     | 30.3     | generic, lowlatency      |
| 4.4.0-34.53     | 30.3     | generic, lowlatency      |
| 4.4.0-36.55     | 30.3     | generic, lowlatency      |
| 4.4.0-38.57     | 30.3     | generic, lowlatency      |
| 4.4.0-42.62     | 30.3     | generic, lowlatency      |
| 4.4.0-43.63     | 30.3     | generic, lowlatency      |
| 4.4.0-45.66     | 30.3     | generic, lowlatency      |
| 4.4.0-47.68     | 30.3     | generic, lowlatency      |
| 4.4.0-51.72     | 30.3     | generic, lowlatency      |
| 4.4.0-53.74     | 30.3     | generic, lowlatency      |
| 4.4.0-57.78     | 30.3     | generic, lowlatency      |
| 4.4.0-59.80     | 30.3     | generic, lowlatency      |
| 4.4.0-62.83     | 30.3     | generic, lowlatency      |
| 4.4.0-63.84     | 30.3     | generic, lowlatency      |
| 4.4.0-64.85     | 30.3     | generic, lowlatency      |
| 4.4.0-66.87     | 30.3     | generic, lowlatency      |
| 4.4.0-67.88     | 30.3     | generic, lowlatency      |
| 4.4.0-70.91     | 30.3     | generic, lowlatency      |
| 4.4.0-71.92     | 30.3     | generic, lowlatency      |
| 4.4.0-72.93     | 30.3     | generic, lowlatency      |
| 4.4.0-75.96     | 30.3     | generic, lowlatency      |
| 4.4.0-77.98     | 30.3     | generic, lowlatency      |
| 4.4.0-78.99     | 30.3     | generic, lowlatency      |
| 4.4.0-79.100    | 30.3     | generic, lowlatency      |
| 4.4.0-81.104    | 30.3     | generic, lowlatency      |
| 4.4.0-83.106    | 30.3     | generic, lowlatency      |
| 4.4.0-87.110    | 30.3     | generic, lowlatency      |
| 4.4.0-89.112    | 30.3     | generic, lowlatency      |
| 4.4.0-91.114    | 30.3     | generic, lowlatency      |
| 4.4.0-92.115    | 30.3     | generic, lowlatency      |
| 4.4.0-93.116    | 30.3     | generic, lowlatency      |
| lts-4.4.0-21.37_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-22.39_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-22.40_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-24.43_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-28.47_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-31.50_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-34.53_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-36.55_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-38.57_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-42.62_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-45.66_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-47.68_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-51.72_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-53.74_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-57.78_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-59.80_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-62.83_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-63.84_14.04.2-lts-xenial | 14.04.2  | generic, lowlatency      |
| lts-4.4.0-64.85_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-66.87_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-70.91_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-71.92_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-72.93_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-75.96_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-78.99_14.04.2-lts-xenial | 14.04.2  | generic, lowlatency      |
| lts-4.4.0-79.100_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-81.104_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-87.110_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-89.112_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-91.114_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |
| lts-4.4.0-92.115_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |

Additionally, you should install an updated kernel with these fixes and
reboot at your convienience.

References

CVE-2017-1000251, CVE-2017-1000379, CVE-2017-10663

--

ubuntu-security-announce mailing list

ubuntu-security-announce@lists.ubuntu.com

Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Severity
critical
Lowest
Low
Medium
High
Critical

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.