Ubuntu 0045-1: Linux kernel vulnerability

    Date14 Nov 2018
    CategoryUbuntu
    4560
    Posted ByAnthony Pell
    Several security issues were fixed in the kernel.
    ==========================================================================
    Kernel Live Patch Security Notice 0045-1
    November 13, 2018
    
    linux vulnerability
    ==========================================================================
    
    A security issue affects these releases of Ubuntu:
    
    | Series           | Base kernel  | Arch     | flavors          |
    |------------------+--------------+----------+------------------|
    | Ubuntu 14.04 LTS | 4.4.0        | amd64    | generic          |
    | Ubuntu 14.04 LTS | 4.4.0        | amd64    | lowlatency       |
    | Ubuntu 16.04 LTS | 4.4.0        | amd64    | generic          |
    | Ubuntu 16.04 LTS | 4.4.0        | amd64    | lowlatency       |
    | Ubuntu 18.04 LTS | 4.15.0       | amd64    | generic          |
    | Ubuntu 18.04 LTS | 4.15.0       | amd64    | lowlatency       |
    
    Summary:
    
    Several security issues were fixed in the kernel.
    
    Software Description:
    - linux: Linux kernel
    
    Details:
    
    It was discovered that the generic SCSI driver in the Linux kernel did not
    properly enforce permissions on kernel memory access. A local attacker
    could use this to expose sensitive information or possibly elevate
    privileges. (CVE-2017-13168)
    
    Wen Xu discovered that the ext4 filesystem implementation in the Linux
    kernel did not properly ensure that xattr information remained in inode
    bodies. An attacker could use this to construct a malicious ext4 image
    that, when mounted, could cause a denial of service (system crash).
    (CVE-2018-10880)
    
    It was discovered that an integer overflow existed in the HID Bluetooth
    implementation in the Linux kernel that could lead to a buffer overwrite.
    An attacker could use this to cause a denial of service (system crash) or
    possibly execute arbitrary code. (CVE-2018-9363)
    
    It was discovered that an integer overflow existed in the CD-ROM driver of
    the Linux kernel. A local attacker could use this to expose sensitive
    information (kernel memory). (CVE-2018-16658)
    
    Update instructions:
    
    The problem can be corrected by updating your livepatches to the following
    versions:
    
    | Kernel                   | Version  | flavors                  |
    |--------------------------+----------+--------------------------|
    | 4.4.0-133.159            | 45.1     | generic, lowlatency      |
    | 4.4.0-133.159~14.04.1    | 45.1     | lowlatency, generic      |
    | 4.4.0-134.160            | 45.1     | generic, lowlatency      |
    | 4.4.0-134.160~14.04.1    | 45.1     | lowlatency, generic      |
    | 4.4.0-135.161~14.04.1    | 45.1     | lowlatency, generic      |
    | 4.4.0-137.163~14.04.1    | 45.1     | generic, lowlatency      |
    | 4.4.0-138.164            | 45.1     | generic, lowlatency      |
    | 4.4.0-138.164~14.04.1    | 45.1     | lowlatency, generic      |
    | 4.15.0-32.35             | 45.1     | lowlatency, generic      |
    | 4.15.0-32.35~16.04.1     | 45.1     | generic, lowlatency      |
    | 4.15.0-33.36             | 45.1     | lowlatency, generic      |
    | 4.15.0-33.36~16.04.1     | 45.1     | lowlatency, generic      |
    | 4.15.0-34.37             | 45.1     | generic, lowlatency      |
    | 4.15.0-34.37~16.04.1     | 45.1     | lowlatency, generic      |
    | 4.15.0-36.39             | 45.1     | generic, lowlatency      |
    | 4.15.0-36.39~16.04.1     | 45.1     | generic, lowlatency      |
    | 4.15.0-38.41             | 45.1     | lowlatency, generic      |
    | 4.15.0-38.41~16.04.1     | 45.1     | lowlatency, generic      |
    
    References:
      CVE-2017-13168, CVE-2018-10880, CVE-2018-9363, CVE-2018-16658
    
    
    -- 
    ubuntu-security-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    	
    Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"37","type":"x","order":"1","pct":51.39,"resources":[]},{"id":"88","title":"Should be more technical","votes":"10","type":"x","order":"2","pct":13.89,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"25","type":"x","order":"3","pct":34.72,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.