Ubuntu 0045-1: Linux kernel vulnerability

    Date14 Nov 2018
    4643
    Posted ByAnthony Pell
    Several security issues were fixed in the kernel.
    ==========================================================================
    Kernel Live Patch Security Notice 0045-1
    November 13, 2018
    
    linux vulnerability
    ==========================================================================
    
    A security issue affects these releases of Ubuntu:
    
    | Series           | Base kernel  | Arch     | flavors          |
    |------------------+--------------+----------+------------------|
    | Ubuntu 14.04 LTS | 4.4.0        | amd64    | generic          |
    | Ubuntu 14.04 LTS | 4.4.0        | amd64    | lowlatency       |
    | Ubuntu 16.04 LTS | 4.4.0        | amd64    | generic          |
    | Ubuntu 16.04 LTS | 4.4.0        | amd64    | lowlatency       |
    | Ubuntu 18.04 LTS | 4.15.0       | amd64    | generic          |
    | Ubuntu 18.04 LTS | 4.15.0       | amd64    | lowlatency       |
    
    Summary:
    
    Several security issues were fixed in the kernel.
    
    Software Description:
    - linux: Linux kernel
    
    Details:
    
    It was discovered that the generic SCSI driver in the Linux kernel did not
    properly enforce permissions on kernel memory access. A local attacker
    could use this to expose sensitive information or possibly elevate
    privileges. (CVE-2017-13168)
    
    Wen Xu discovered that the ext4 filesystem implementation in the Linux
    kernel did not properly ensure that xattr information remained in inode
    bodies. An attacker could use this to construct a malicious ext4 image
    that, when mounted, could cause a denial of service (system crash).
    (CVE-2018-10880)
    
    It was discovered that an integer overflow existed in the HID Bluetooth
    implementation in the Linux kernel that could lead to a buffer overwrite.
    An attacker could use this to cause a denial of service (system crash) or
    possibly execute arbitrary code. (CVE-2018-9363)
    
    It was discovered that an integer overflow existed in the CD-ROM driver of
    the Linux kernel. A local attacker could use this to expose sensitive
    information (kernel memory). (CVE-2018-16658)
    
    Update instructions:
    
    The problem can be corrected by updating your livepatches to the following
    versions:
    
    | Kernel                   | Version  | flavors                  |
    |--------------------------+----------+--------------------------|
    | 4.4.0-133.159            | 45.1     | generic, lowlatency      |
    | 4.4.0-133.159~14.04.1    | 45.1     | lowlatency, generic      |
    | 4.4.0-134.160            | 45.1     | generic, lowlatency      |
    | 4.4.0-134.160~14.04.1    | 45.1     | lowlatency, generic      |
    | 4.4.0-135.161~14.04.1    | 45.1     | lowlatency, generic      |
    | 4.4.0-137.163~14.04.1    | 45.1     | generic, lowlatency      |
    | 4.4.0-138.164            | 45.1     | generic, lowlatency      |
    | 4.4.0-138.164~14.04.1    | 45.1     | lowlatency, generic      |
    | 4.15.0-32.35             | 45.1     | lowlatency, generic      |
    | 4.15.0-32.35~16.04.1     | 45.1     | generic, lowlatency      |
    | 4.15.0-33.36             | 45.1     | lowlatency, generic      |
    | 4.15.0-33.36~16.04.1     | 45.1     | lowlatency, generic      |
    | 4.15.0-34.37             | 45.1     | generic, lowlatency      |
    | 4.15.0-34.37~16.04.1     | 45.1     | lowlatency, generic      |
    | 4.15.0-36.39             | 45.1     | generic, lowlatency      |
    | 4.15.0-36.39~16.04.1     | 45.1     | generic, lowlatency      |
    | 4.15.0-38.41             | 45.1     | lowlatency, generic      |
    | 4.15.0-38.41~16.04.1     | 45.1     | lowlatency, generic      |
    
    References:
      CVE-2017-13168, CVE-2018-10880, CVE-2018-9363, CVE-2018-16658
    
    
    -- 
    ubuntu-security-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"90","type":"x","order":"1","pct":78.95,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15.79,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5.26,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.