[LSN-0034-1] Linux kernel vulnerability

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[LSN-0034-1] Linux kernel vulnerability

benjamin.romer
==========================================================================
Kernel Live Patch Security Notice LSN-0034-1
January 9, 2018

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu:

| Series           | Base kernel  | Arch     | flavors          |
|------------------+--------------+----------+------------------|
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | generic          |
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | lowlatency       |
| Ubuntu 14.04 LTS | 4.4.0        | amd64    | generic          |
| Ubuntu 14.04 LTS | 4.4.0        | amd64    | lowlatency       |

Summary:

On January 9, fixes for CVE-2017-5754 were released into the Ubuntu Xenial
kernel version 4.4.0-108.131. This CVE, also known as "Meltdown," is a security
vulnerability caused by flaws in the design of speculative execution
hardware in the computer's CPU.

Details on the vulnerability and our response can be found here:
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

Due to the high complexity of the fixes, we are unable to livepatch this
CVE. Please plan to reboot into kernel version 4.4.0-108.131 or newer as soon
as possible.

Software Description:
- linux: Linux kernel

Update instructions:

The problem can be corrected by installing an updated kernel with these
fixes and rebooting.

References:
CVE-2017-5754

--
ubuntu-security-announce mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce