Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in the kernel.
Software Description:
- linux: Linux kernel
Details:
Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF)
implementation in the Linux kernel contained a branch-pruning logic issue
around unreachable code. A local attacker could use this to cause a denial
of service. (CVE-2017-17862)
The ext4_iget function in fs/ext4/inode.c in the Linux kernel through
4.15.15 mishandles the case of a root directory with a zero i_links_count,
which allows attackers to cause a denial of service
(ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted
ext4 image. (CVE-2018-1092)
The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux
kernel through 4.15.15 allows attackers to cause a denial of service
(out-of-bounds read and system crash) via a crafted ext4 image because
balloc.c and ialloc.c do not validate bitmap block numbers. (CVE-2018-1093)
A memory leak in the hwsim_new_radio_nl function in
d...
The problem can be corrected by updating your livepatches to the following versions: | Kernel | Version | flavors | |---------------------------+----------+--------------------------| | 4.4.0-124.148 | 39.1 | generic, lowlatency | | lts-4.4.0-124.148~14.04.1 | 39.1 | generic, lowlatency | | 4.15.0-20.21 | 39.3 | generic, lowlatency | Additionally, you should install an updated kernel with these fixes and reboot at your convienience.
CVE-2017-17862, CVE-2018-1092, CVE-2018-1093, CVE-2018-8087, CVE-2018-1000004
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Get the latest Linux and open source security news straight to your inbox.