what you don't know can hurt you

Ubuntu Security Notice USN-3208-1

Ubuntu Security Notice USN-3208-1
Posted Feb 23, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3208-1 - It was discovered that the generic SCSI block layer in the Linux kernel did not properly restrict write operations in certain situations. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. CAI Qian discovered that the sysctl implementation in the Linux kernel did not properly perform reference counting in some situations. An unprivileged attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-10088, CVE-2016-9191, CVE-2016-9588, CVE-2017-2583, CVE-2017-2584, CVE-2017-5549, CVE-2017-6074
MD5 | dc8e418a9c1c2155f1ee17f0ce6afe42

Ubuntu Security Notice USN-3208-1

Change Mirror Download

==========================================================================
Ubuntu Security Notice USN-3208-1
February 22, 2017

linux, linux-snapdragon vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel
- linux-snapdragon: Linux kernel for Snapdragon Processors

Details:

It was discovered that the generic SCSI block layer in the Linux kernel did
not properly restrict write operations in certain situations. A local
attacker could use this to cause a denial of service (system crash) or
possibly gain administrative privileges. (CVE-2016-10088)

CAI Qian discovered that the sysctl implementation in the Linux kernel did
not properly perform reference counting in some situations. An unprivileged
attacker could use this to cause a denial of service (system hang).
(CVE-2016-9191)

Jim Mattson discovered that the KVM implementation in the Linux kernel
mismanages the #BP and #OF exceptions. A local attacker in a guest virtual
machine could use this to cause a denial of service (guest OS crash).
(CVE-2016-9588)

Andy Lutomirski and Willy Tarreau discovered that the KVM implementation in
the Linux kernel did not properly emulate instructions on the SS segment
register. A local attacker in a guest virtual machine could use this to
cause a denial of service (guest OS crash) or possibly gain administrative
privileges in the guest OS. (CVE-2017-2583)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel
improperly emulated certain instructions. A local attacker could use this
to obtain sensitive information (kernel memory). (CVE-2017-2584)

It was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in
the Linux kernel did not properly initialize memory related to logging. A
local attacker could use this to expose sensitive information (kernel
memory). (CVE-2017-5549)

Andrey Konovalov discovered a use-after-free vulnerability in the DCCP
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or possibly gain administrative
privileges. (CVE-2017-6074)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.4.0-1048-snapdragon 4.4.0-1048.52
linux-image-4.4.0-64-generic 4.4.0-64.85
linux-image-4.4.0-64-generic-lpae 4.4.0-64.85
linux-image-4.4.0-64-lowlatency 4.4.0-64.85
linux-image-4.4.0-64-powerpc-e500mc 4.4.0-64.85
linux-image-4.4.0-64-powerpc-smp 4.4.0-64.85
linux-image-4.4.0-64-powerpc64-emb 4.4.0-64.85
linux-image-4.4.0-64-powerpc64-smp 4.4.0-64.85
linux-image-generic 4.4.0.64.68
linux-image-generic-lpae 4.4.0.64.68
linux-image-lowlatency 4.4.0.64.68
linux-image-powerpc-e500mc 4.4.0.64.68
linux-image-powerpc-smp 4.4.0.64.68
linux-image-powerpc64-emb 4.4.0.64.68
linux-image-powerpc64-smp 4.4.0.64.68
linux-image-snapdragon 4.4.0.1048.40

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
http://www.ubuntu.com/usn/usn-3208-1
CVE-2016-10088, CVE-2016-9191, CVE-2016-9588, CVE-2017-2583,
CVE-2017-2584, CVE-2017-5549, CVE-2017-6074

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-64.85
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1048.52


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

January 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    8 Files
  • 2
    Jan 2nd
    11 Files
  • 3
    Jan 3rd
    11 Files
  • 4
    Jan 4th
    2 Files
  • 5
    Jan 5th
    2 Files
  • 6
    Jan 6th
    18 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    10 Files
  • 10
    Jan 10th
    13 Files
  • 11
    Jan 11th
    2 Files
  • 12
    Jan 12th
    4 Files
  • 13
    Jan 13th
    21 Files
  • 14
    Jan 14th
    18 Files
  • 15
    Jan 15th
    12 Files
  • 16
    Jan 16th
    18 Files
  • 17
    Jan 17th
    11 Files
  • 18
    Jan 18th
    3 Files
  • 19
    Jan 19th
    2 Files
  • 20
    Jan 20th
    9 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close