Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 14.04 LTS: 0046-1 Moderate: Linux Kernel Security Issues

ubuntu
Calendar Grey December 20, 2018
Dist Ubuntu Esm H88
=========================================================================Kernel Live Patch Security
Several security issues were fixed in the kernel.

Summary

Several security issues were fixed in the kernel.

Software Description:

- linux: Linux kernel

Details:

It was discovered that an integer overflow vulnerability existed in the

CDRom driver of the Linux kernel. A local attacker could use this to expose

sensitive information (kernel memory). (CVE-2018-18710)

It was discovered that a race condition existed in the raw MIDI driver for

the Linux kernel, leading to a double free vulnerability. A local attacker

could use this to cause a denial of service (system crash) or possibly

execute arbitrary code. (CVE-2018-10902)

It was discovered that the BPF verifier in the Linux kernel did not

correctly compute numeric bounds in some situations. A local attacker could

use this to cause a denial of service (system crash) or possibly execute

arbitrary code. (CVE-2018-18445)

Noam Rathaus discovered that a use-after-free vulnerability existed in the

Infiniband implementation in the Linux kernel. An attacker could use this

to cause a denial of s...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your livepatches to the following
versions:

| Kernel                   | Version  | flavors                  |
|--------------------------+----------+--------------------------|
| 4.4.0-133.159            | 46.3     | generic, lowlatency      |
| 4.4.0-133.159~14.04.1    | 46.3     | lowlatency, generic      |
| 4.4.0-134.160            | 46.3     | generic, lowlatency      |
| 4.4.0-134.160~14.04.1    | 46.3     | lowlatency, generic      |
| 4.4.0-135.161~14.04.1    | 46.3     | lowlatency, generic      |
| 4.4.0-137.163            | 46.3     | generic, lowlatency      |
| 4.4.0-137.163~14.04.1    | 46.3     | generic, lowlatency      |
| 4.4.0-138.164            | 46.3     | generic, lowlatency      |
| 4.4.0-138.164~14.04.1    | 46.3     | lowlatency, generic      |
| 4.4.0-139.165            | 46.3     | generic, lowlatency      |
| 4.4.0-139.165~14.04.1    | 46.3     | lowlatency, generic      |
| 4.4.0-140.166            | 46.3     | lowlatency, generic      |
| 4.4.0-140.166~14.04.1    | 46.3     | lowlatency, generic      |
| 4.15.0-32.35             | 46.3     | lowlatency, generic      |
| 4.15.0-33.36             | 46.3     | lowlatency, generic      |
| 4.15.0-34.37             | 46.3     | generic, lowlatency      |
| 4.15.0-36.39             | 46.3     | generic, lowlatency      |
| 4.15.0-38.41             | 46.3     | lowlatency, generic      |
| 4.15.0-39.42             | 46.3     | generic, lowlatency      |
| 4.15.0-42.45             | 46.3     | lowlatency, generic      |

References

CVE-2018-18710, CVE-2018-10902, CVE-2018-18445, CVE-2018-14734,

CVE-2018-10880, CVE-2018-18690, CVE-2018-9363, CVE-2017-5753,

CVE-2018-16276, CVE-2018-16658

--

ubuntu-security-announce mailing list

ubuntu-security-announce@lists.ubuntu.com

Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Severity
important
Lowest
Low
Medium
High
Critical

December 20, 2018

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here