Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Ubuntu 14.04 LTS USN-6866-3 Moderate: Fixes for Azure Kernel DoS Issues

ubuntu
Calendar Grey July 10, 2024
Dist Ubuntu Esm H88
Ubuntu 20.04 LTS has critical patches for the linux-azure kernel that tackle vulnerabilities including Distributed Denial of Service (DDoS) threats.
Several security issues were fixed in the Linux kernel.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-azure: Linux kernel for Microsoft Azure Cloud systems Details: It was discovered that the ext4 file system implementation in the Linux kernel did not properly validate data state on write operations. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service (system crash). (CVE-2021-33631) It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injecti...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service ubuntu linux kernel linux-azure

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS linux-image-4.15.0-1178-azure 4.15.0-1178.193~14.04.1 Available with Ubuntu Pro linux-image-azure 4.15.0.1178.193~14.04.1 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References

https://ubuntu.com/security/notices/USN-6866-3

https://ubuntu.com/security/notices/USN-6866-1

CVE-2021-33631, CVE-2021-47063, CVE-2023-52615, CVE-2023-6270,

CVE-2024-2201, CVE-2024-23307, CVE-2024-24861, CVE-2024-26642,

CVE-2024-26720, CVE-2024-26736, CVE-2024-26898, CVE-2024-26922

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6866-3

Topics%20covered

Topics Covered

security advisory denial of service ubuntu linux kernel linux-azure

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here