Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 533
Alerts This Week
Warning Icon 1 533

Ubuntu 16.04 LTS LSN-0036-1 Critical Kernel Denial of Service Threats

ubuntu
Calendar Grey April 2, 2018
Scroller Ubuntu Esm H88
Kernel Live Patch Alert LSN-0042-2 outlines crucial updates addressing security gaps for Ubuntu clients.
Several security issues were fixed in the kernel.

Summary

Several security issues were fixed in the kernel.

Software Description:

- linux: Linux kernel

Details:

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group

Temporal Key (GTK) during the group key handshake, allowing an attacker

within radio range to replay frames from access points to

clients. (CVE-2017-13080)

Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation

in the Linux kernel improperly performed sign extension in some situations.

A local attacker could use this to cause a denial of service (system crash)

or possibly execute arbitrary code. (CVE-2017-16995)

Update Instructions

The problem can be corrected by updating your livepatches to the following
versions:

| Kernel          | Version  | flavors                  |
|-----------------+----------+--------------------------|
| 4.4.0-116.140   | 33.2     | generic, lowlatency      |
| lts-4.4.0-116.140_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |

Additionally, you should install an updated kernel with these fixes and
reboot at your convienience.

References

CVE-2017-13080, CVE-2017-16995

--

ubuntu-security-announce mailing list

ubuntu-security-announce@lists.ubuntu.com

Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Severity
critical
Lowest
Low
Medium
High
Critical

April 2, 2018

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.