Stay Secure with the Latest Linux Advisories

security advisorydenial of servicecritical issue

Ubuntu 16.04 LTS USN-3084-4 Critical: Kernel Denial Of Service

Several security issues were fixed in the kernel.. =========================================================================Ubuntu Security Notice USN-3084-4 September 19, 2016 linux-snapdragon vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in the kernel. Software Description: - linux-snapdragon: Linux kernel for Snapdragon Processors Details: Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local attacker could use this to corrupt audit logs or disrupt system-call auditing. (CVE-2016-6136) It was discovered that the powerpc and powerpc64 hypervisor-mode KVM implementation in the Linux kernel for did not properly maintain state about transactional memory. An unprivileged attacker in a guest could cause a denial of service (CPU lockup) in the host OS. (CVE-2016-5412) Pengfei Wang discovered a race condition in the Chrome OS embedded controller device driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6156) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: linux-image-4.4.0-1026-snapdragon 4.4.0-1026.29 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-3084-4 CVE-2016-5412, CVE-2016-6136, CVE-2016-6156 Package Information: https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1026.29 . Important security patch for Ubuntu 16.04 LTS addressing kernel flaws impacting Snapdragon systems. Urgent measures required.. Ubuntu kernel vulnerabilities, Snapdragon, Linux security patches. . Severity: Critical. LinuxSecurity.com Team

Sep 19, 2016 •Critical Ubuntu