Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 437
Alerts This Week
Warning Icon 1 437

Ubuntu 14.04, 16.04, 18.04: 0043-1 Critical Kernel Denial Of Service

ubuntu
Calendar Grey September 11, 2018
Dist Ubuntu Esm H88
Explore Ubuntu's latest kernel security patches that address critical vulnerabilities, enhancing your system's defenses against threats like privilege escalation
Several security issues were fixed in the kernel.

Summary

Several security issues were fixed in the kernel.

Software Description:

- linux: Linux kernel

Details:

Piotr Gabriel Kosinski and Daniel Shapira discovered a stack-based buffer

overflow in the CDROM driver implementation of the Linux kernel. A local

attacker could use this to cause a denial of service (system crash) or

possibly execute arbitrary code. (CVE-2018-11506)

Jann Horn discovered that the ext4 filesystem implementation in the Linux

kernel did not properly keep xattr information consistent in some

situations. An attacker could use this to construct a malicious ext4 image

that, when mounted, could cause a denial of service (system crash) or

possibly execute arbitrary code. (CVE-2018-11412)

Silvio Cesare discovered that the generic VESA frame buffer driver in the

Linux kernel contained an integer overflow. A local attacker could use this

to cause a denial of service (system crash) or possibly execute arbitrary

code. (CVE-2018-13406)

It was discovered that the Linux kern...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your livepatches to the following
versions:

| Kernel                   | Version  | flavors                  |
|--------------------------+----------+--------------------------|
| 4.4.0-133.159            | 43.1     | generic, lowlatency      |
| 4.4.0-133.159~14.04.1    | 43.1     | lowlatency, generic      |
| 4.15.0-32.35             | 43.1     | lowlatency, generic      |
| 4.15.0-32.35~16.04.1     | 43.4     | generic, lowlatency      |

References

CVE-2018-11506, CVE-2018-11412, CVE-2018-13406, CVE-2018-13405,

CVE-2018-12233

--

ubuntu-security-announce mailing list

ubuntu-security-announce@lists.ubuntu.com

Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Severity
critical
Lowest
Low
Medium
High
Critical

September 11, 2018

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.