[LSN-0036-1] Linux kernel vulnerability

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[LSN-0036-1] Linux kernel vulnerability

benjamin.romer
==========================================================================
Kernel Live Patch Security Notice LSN-0036-1
April 2, 2018

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu:

| Series           | Base kernel  | Arch     | flavors          |
|------------------+--------------+----------+------------------|
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | generic          |
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | lowlatency       |
| Ubuntu 14.04 LTS | 4.4.0        | amd64    | generic          |
| Ubuntu 14.04 LTS | 4.4.0        | amd64    | lowlatency       |

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group
Temporal Key (GTK) during the group key handshake, allowing an attacker
within radio range to replay frames from access points to
clients. (CVE-2017-13080)

Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation
in the Linux kernel improperly performed sign extension in some situations.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2017-16995)

Update instructions:

The problem can be corrected by updating your livepatches to the following
versions:

| Kernel          | Version  | flavors                  |
|-----------------+----------+--------------------------|
| 4.4.0-116.140   | 33.2     | generic, lowlatency      |
| lts-4.4.0-116.140_14.04.1-lts-xenial | 14.04.1  | generic, lowlatency      |

Additionally, you should install an updated kernel with these fixes and
reboot at your convienience.

References:
  CVE-2017-13080, CVE-2017-16995

--
ubuntu-security-announce mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce