Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 501
Alerts This Week
Warning Icon 1 501

Ubuntu 14.04 LTS Kernel Advisory 0040-1 Critical: System Crash Threat

ubuntu
Calendar Grey July 3, 2018
Dist Ubuntu Esm H88
Urgent security flaws in the kernel impacting several Ubuntu editions necessitate prompt updates to avert potential system failures.
Several security issues were fixed in the kernel.

Summary

Several security issues were fixed in the kernel.

Software Description:

- linux: Linux kernel

Details:

Wen Xu discovered that the ext4 filesystem implementation in the Linux

kernel did not properly handle corrupted meta data in some situations. An

attacker could use this to specially craft an ext4 file system that caused

a denial of service (system crash) when mounted. (CVE-2018-1093)

Wen Xu discovered that the ext4 filesystem implementation in the Linux

kernel did not properly handle corrupted meta data in some situations. An

attacker could use this to specially craft an ext4 file system that caused

a denial of service (system crash) when mounted. (CVE-2018-1092)

It was discovered that an information leak vulnerability existed in the

floppy driver in the Linux kernel. A local attacker could use this to

expose sensitive information (kernel memory). (CVE-2018-7755)

Julian Stecklina and Thomas Prescher discovered that FPU register states

(such as MMX, SSE, and AVX registers) wh...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your livepatches to the following
versions:

| Kernel                   | Version  | flavors                  |
|--------------------------+----------+--------------------------|
| 4.4.0-124.148            | 40.6     | lowlatency, generic      |
| 4.4.0-124.148~14.04.1    | 40.6     | generic, lowlatency      |
| 4.4.0-127.153            | 40.6     | lowlatency, generic      |
| 4.4.0-127.153~14.04.1    | 40.6     | lowlatency, generic      |
| 4.4.0-128.154            | 40.6     | generic, lowlatency      |
| 4.4.0-128.154~14.04.1    | 40.6     | generic, lowlatency      |
| 4.15.0-20.21             | 40.7     | generic, lowlatency      |
| 4.15.0-22.24             | 40.7     | lowlatency, generic      |
| 4.15.0-23.25             | 40.7     | lowlatency, generic      |

References

CVE-2018-1093, CVE-2018-1092, CVE-2018-7755, CVE-2018-3665

--

ubuntu-security-announce mailing list

ubuntu-security-announce@lists.ubuntu.com

Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Severity
critical
Lowest
Low
Medium
High
Critical

July 03, 2018

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.