Jump to content
Compatible Support Forums
Sign in to follow this  
news

[LSN-0024-1] Linux kernel vulnerability

Recommended Posts

==========================================================================

Kernel Live Patch Security Notice LSN-0024-1

June 21, 2017

 

linux vulnerability

==========================================================================

 

A security issue affects these releases of Ubuntu:

 

| Series | Base kernel | Arch | flavors |

|------------------+--------------+----------+------------------|

| Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic |

| Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency |

| Ubuntu 14.04 LTS | 4.4.0 | amd64 | generic |

| Ubuntu 14.04 LTS | 4.4.0 | amd64 | lowlatency |

 

Summary:

 

Several security issues were fixed in the kernel.

 

Software Description:

- linux: Linux kernel

 

Details:

 

It was discovered that the stack guard page for processes in the Linux

kernel was not sufficiently large enough to prevent overlapping with the

heap. An attacker could leverage this with another vulnerability to execute

arbitrary code and gain administrative privileges (CVE-2017-1000364)

 

Update instructions:

 

The problem can be corrected by up[censored] your livepatches to the following

versions:

 

| Kernel | Version | flavors |

|-----------------+----------+--------------------------|

| 4.4.0-21.37 | 24.2 | generic, lowlatency |

| 4.4.0-22.39 | 24.2 | generic, lowlatency |

| 4.4.0-22.40 | 24.2 | generic, lowlatency |

| 4.4.0-24.43 | 24.2 | generic, lowlatency |

| 4.4.0-28.47 | 24.2 | generic, lowlatency |

| 4.4.0-31.50 | 24.2 | generic, lowlatency |

| 4.4.0-34.53 | 24.2 | generic, lowlatency |

| 4.4.0-36.55 | 24.2 | generic, lowlatency |

| 4.4.0-38.57 | 24.2 | generic, lowlatency |

| 4.4.0-42.62 | 24.2 | generic, lowlatency |

| 4.4.0-43.63 | 24.2 | generic, lowlatency |

| 4.4.0-45.66 | 24.2 | generic, lowlatency |

| 4.4.0-47.68 | 24.2 | generic, lowlatency |

| 4.4.0-51.72 | 24.2 | generic, lowlatency |

| 4.4.0-53.74 | 24.2 | generic, lowlatency |

| 4.4.0-57.78 | 24.2 | generic, lowlatency |

| 4.4.0-59.80 | 24.2 | generic, lowlatency |

| 4.4.0-62.83 | 24.2 | generic, lowlatency |

| 4.4.0-63.84 | 24.2 | generic, lowlatency |

| 4.4.0-64.85 | 24.2 | generic, lowlatency |

| 4.4.0-66.87 | 24.2 | generic, lowlatency |

| 4.4.0-67.88 | 24.2 | generic, lowlatency |

| 4.4.0-70.91 | 24.2 | generic, lowlatency |

| 4.4.0-71.92 | 24.2 | generic, lowlatency |

| 4.4.0-72.93 | 24.2 | generic, lowlatency |

| 4.4.0-75.96 | 24.2 | generic, lowlatency |

| 4.4.0-77.98 | 24.2 | generic, lowlatency |

| 4.4.0-78.99 | 24.2 | generic, lowlatency |

| 4.4.0-79.100 | 24.2 | generic, lowlatency |

| lts-4.4.0-21.37_14.04.1-lts-xenial | 24.2 | generic, lowlatency |

| lts-4.4.0-22.39_14.04.1-lts-xenial | 24.2 | generic, lowlatency |

| lts-4.4.0-22.40_14.04.1-lts-xenial | 24.2 | generic, lowlatency |

| lts-4.4.0-24.43_14.04.1-lts-xenial | 24.2 | generic, lowlatency |

| lts-4.4.0-28.47_14.04.1-lts-xenial | 24.2 | generic, lowlatency |

| lts-4.4.0-31.50_14.04.1-lts-xenial | 24.2 | generic, lowlatency |

| lts-4.4.0-34.53_14.04.1-lts-xenial | 24.2 | generic, lowlatency |

| lts-4.4.0-36.55_14.04.1-lts-xenial | 24.2 | generic, lowlatency |

| lts-4.4.0-38.57_14.04.1-lts-xenial | 24.2 | generic, lowlatency |

| lts-4.4.0-42.62_14.04.1-lts-xenial | 24.2 | generic, lowlatency |

| lts-4.4.0-45.66_14.04.1-lts-xenial | 24.2 | generic, lowlatency |

| lts-4.4.0-47.68_14.04.1-lts-xenial | 24.2 | generic, lowlatency |

| lts-4.4.0-51.72_14.04.1-lts-xenial | 24.2 | generic, lowlatency |

| lts-4.4.0-53.74_14.04.1-lts-xenial | 24.2 | generic, lowlatency |

| lts-4.4.0-57.78_14.04.1-lts-xenial | 24.2 | generic, lowlatency |

| lts-4.4.0-59.80_14.04.1-lts-xenial | 24.2 | generic, lowlatency |

| lts-4.4.0-62.83_14.04.1-lts-xenial | 24.2 | generic, lowlatency |

| lts-4.4.0-63.84_14.04.2-lts-xenial | 24.2 | generic, lowlatency |

| lts-4.4.0-64.85_14.04.1-lts-xenial | 24.2 | generic, lowlatency |

| lts-4.4.0-66.87_14.04.1-lts-xenial | 24.2 | generic, lowlatency |

| lts-4.4.0-70.91_14.04.1-lts-xenial | 24.2 | generic, lowlatency |

| lts-4.4.0-71.92_14.04.1-lts-xenial | 24.2 | generic, lowlatency |

 

Additionally, you should install an updated kernel with these fixes and

reboot at your convienience.

 

References:

CVE-2017-1000364

 

--

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×