Ubuntu Security Notice 3186-1 - It was discovered that iucode-tool incorrectly handled certain microcodes when using the -tr loader. If a user were tricked into processing a specially crafted microcode, a remote attacker could use this issue to cause iucode-tool to crash, resulting in a denial of service, or possibly execute arbitrary code.
2a283f87c0c3fc55613e7c8182cc0b0d4799a908c82e6514a23e5d63635df2bb
===========================================================================
Ubuntu Security Notice USN-3186-1
February 01, 2017
iucode-tool vulnerability
===========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
Summary:
iucode-tool could be made to crash or run programs if it opened a specially
crafted file.
Software Description:
- iucode-tool: Intel processor microcode tool
Details:
It was discovered that iucode-tool incorrectly handled certain microcodes
when using the -tr loader. If a user were tricked into processing a
specially crafted microcode, a remote attacker could use this issue to
cause iucode-tool to crash, resulting in a denial of service, or possibly
execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.10:
iucode-tool 1.6.1-1ubuntu0.1
Ubuntu 16.04 LTS:
iucode-tool 1.5.1-1ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3186-1
CVE-2017-0357
Package Information:
https://launchpad.net/ubuntu/+source/iucode-tool/1.6.1-1ubuntu0.1
https://launchpad.net/ubuntu/+source/iucode-tool/1.5.1-1ubuntu0.1