Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in the kernel.
Software Description:
- linux: Linux kernel
Details:
The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel
through 4.16.12 allows local users to cause a denial of service
(stack-based buffer overflow) or possibly have unspecified other impact
because sense buffers have different sizes at the CDROM layer and the SCSI
layer, as demonstrated by a CDROMREADMODE2 ioctl call. (CVE-2018-11506)
Wen Xu discovered that the ext4 file system implementation in the Linux
kernel did not properly initialize the crc32c checksum driver. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2018-1094)
The inode_init_owner function in fs/inode.c in the Linux kernel through
4.17.4 allows local users to create files with an unintended group ownership,
in a scenario where a directory is SGID to a certain group and is writable
by a user who is not a member of that group. Here, the non-member can trigger
...
The problem can be corrected by updating your livepatches to the following versions: | Kernel | Version | flavors | |--------------------------+----------+--------------------------| | 4.4.0-124.148 | 41.2 | lowlatency, generic | | 4.4.0-124.148~14.04.1 | 41.2 | generic, lowlatency | | 4.4.0-127.153 | 41.2 | lowlatency, generic | | 4.4.0-127.153~14.04.1 | 41.2 | lowlatency, generic | | 4.4.0-128.154 | 41.2 | generic, lowlatency | | 4.4.0-128.154~14.04.1 | 41.2 | generic, lowlatency | | 4.4.0-130.156 | 41.2 | generic, lowlatency | | 4.4.0-130.156~14.04.1 | 41.2 | lowlatency, generic | | 4.4.0-131.157 | 41.2 | lowlatency, generic | | 4.4.0-131.157~14.04.1 | 41.2 | lowlatency, generic | | 4.15.0-20.21 | 41.2 | generic, lowlatency | | 4.15.0-22.24 | 41.2 | lowlatency, generic | | 4.15.0-23.25 | 41.2 | lowlatency, generic | | 4.15.0-24.26 | 41.2 | lowlatency, generic | | 4.15.0-29.31 | 41.2 | generic, lowlatency |
CVE-2018-11506, CVE-2018-1094, CVE-2018-13405, CVE-2018-13094,
CVE-2018-5390
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Get the latest Linux and open source security news straight to your inbox.