Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 443
Alerts This Week
Warning Icon 1 443

Ubuntu 14.04 LTS: 0041-1 Moderate: Kernel DoS and Escalation Threats

ubuntu
Calendar Grey August 10, 2018
Dist Ubuntu Esm H88
Multiple vulnerabilities related to kernel security have been addressed in this notice for Ubuntu. Please make sure your systems are promptly updated.
Several security issues were fixed in the kernel.

Summary

Several security issues were fixed in the kernel.

Software Description:

- linux: Linux kernel

Details:

The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel

through 4.16.12 allows local users to cause a denial of service

(stack-based buffer overflow) or possibly have unspecified other impact

because sense buffers have different sizes at the CDROM layer and the SCSI

layer, as demonstrated by a CDROMREADMODE2 ioctl call. (CVE-2018-11506)

Wen Xu discovered that the ext4 file system implementation in the Linux

kernel did not properly initialize the crc32c checksum driver. A local

attacker could use this to cause a denial of service (system crash).

(CVE-2018-1094)

The inode_init_owner function in fs/inode.c in the Linux kernel through

4.17.4 allows local users to create files with an unintended group ownership,

in a scenario where a directory is SGID to a certain group and is writable

by a user who is not a member of that group. Here, the non-member can trigger

...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your livepatches to the following
versions:

| Kernel                   | Version  | flavors                  |
|--------------------------+----------+--------------------------|
| 4.4.0-124.148            | 41.2     | lowlatency, generic      |
| 4.4.0-124.148~14.04.1    | 41.2     | generic, lowlatency      |
| 4.4.0-127.153            | 41.2     | lowlatency, generic      |
| 4.4.0-127.153~14.04.1    | 41.2     | lowlatency, generic      |
| 4.4.0-128.154            | 41.2     | generic, lowlatency      |
| 4.4.0-128.154~14.04.1    | 41.2     | generic, lowlatency      |
| 4.4.0-130.156            | 41.2     | generic, lowlatency      |
| 4.4.0-130.156~14.04.1    | 41.2     | lowlatency, generic      |
| 4.4.0-131.157            | 41.2     | lowlatency, generic      |
| 4.4.0-131.157~14.04.1    | 41.2     | lowlatency, generic      |
| 4.15.0-20.21             | 41.2     | generic, lowlatency      |
| 4.15.0-22.24             | 41.2     | lowlatency, generic      |
| 4.15.0-23.25             | 41.2     | lowlatency, generic      |
| 4.15.0-24.26             | 41.2     | lowlatency, generic      |
| 4.15.0-29.31             | 41.2     | generic, lowlatency      |

References

CVE-2018-11506, CVE-2018-1094, CVE-2018-13405, CVE-2018-13094,

CVE-2018-5390

--

ubuntu-security-announce mailing list

ubuntu-security-announce@lists.ubuntu.com

Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

August 06, 2018

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.