exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Kernel Live Patch Security Notice LSN-0024-1

Kernel Live Patch Security Notice LSN-0024-1
Posted Jun 22, 2017
Authored by Benjamin M. Romer

It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges.

tags | advisory, arbitrary, kernel
systems | linux
advisories | CVE-2017-1000364
SHA-256 | f95f04e7b1184d8df724d4c1d6507362007db3395f5fc92d7f1ed879378408ed

Kernel Live Patch Security Notice LSN-0024-1

Change Mirror Download
==========================================================================
Kernel Live Patch Security Notice LSN-0024-1
June 21, 2017

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu:

| Series | Base kernel | Arch | flavors |
|------------------+--------------+----------+------------------|
| Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic |
| Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency |
| Ubuntu 14.04 LTS | 4.4.0 | amd64 | generic |
| Ubuntu 14.04 LTS | 4.4.0 | amd64 | lowlatency |

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

It was discovered that the stack guard page for processes in the Linux
kernel was not sufficiently large enough to prevent overlapping with the
heap. An attacker could leverage this with another vulnerability to execute
arbitrary code and gain administrative privileges (CVE-2017-1000364)

Update instructions:

The problem can be corrected by updating your livepatches to the following
versions:

| Kernel | Version | flavors |
|-----------------+----------+--------------------------|
| 4.4.0-21.37 | 24.2 | generic, lowlatency |
| 4.4.0-22.39 | 24.2 | generic, lowlatency |
| 4.4.0-22.40 | 24.2 | generic, lowlatency |
| 4.4.0-24.43 | 24.2 | generic, lowlatency |
| 4.4.0-28.47 | 24.2 | generic, lowlatency |
| 4.4.0-31.50 | 24.2 | generic, lowlatency |
| 4.4.0-34.53 | 24.2 | generic, lowlatency |
| 4.4.0-36.55 | 24.2 | generic, lowlatency |
| 4.4.0-38.57 | 24.2 | generic, lowlatency |
| 4.4.0-42.62 | 24.2 | generic, lowlatency |
| 4.4.0-43.63 | 24.2 | generic, lowlatency |
| 4.4.0-45.66 | 24.2 | generic, lowlatency |
| 4.4.0-47.68 | 24.2 | generic, lowlatency |
| 4.4.0-51.72 | 24.2 | generic, lowlatency |
| 4.4.0-53.74 | 24.2 | generic, lowlatency |
| 4.4.0-57.78 | 24.2 | generic, lowlatency |
| 4.4.0-59.80 | 24.2 | generic, lowlatency |
| 4.4.0-62.83 | 24.2 | generic, lowlatency |
| 4.4.0-63.84 | 24.2 | generic, lowlatency |
| 4.4.0-64.85 | 24.2 | generic, lowlatency |
| 4.4.0-66.87 | 24.2 | generic, lowlatency |
| 4.4.0-67.88 | 24.2 | generic, lowlatency |
| 4.4.0-70.91 | 24.2 | generic, lowlatency |
| 4.4.0-71.92 | 24.2 | generic, lowlatency |
| 4.4.0-72.93 | 24.2 | generic, lowlatency |
| 4.4.0-75.96 | 24.2 | generic, lowlatency |
| 4.4.0-77.98 | 24.2 | generic, lowlatency |
| 4.4.0-78.99 | 24.2 | generic, lowlatency |
| 4.4.0-79.100 | 24.2 | generic, lowlatency |
| lts-4.4.0-21.37_14.04.1-lts-xenial | 24.2 | generic, lowlatency |
| lts-4.4.0-22.39_14.04.1-lts-xenial | 24.2 | generic, lowlatency |
| lts-4.4.0-22.40_14.04.1-lts-xenial | 24.2 | generic, lowlatency |
| lts-4.4.0-24.43_14.04.1-lts-xenial | 24.2 | generic, lowlatency |
| lts-4.4.0-28.47_14.04.1-lts-xenial | 24.2 | generic, lowlatency |
| lts-4.4.0-31.50_14.04.1-lts-xenial | 24.2 | generic, lowlatency |
| lts-4.4.0-34.53_14.04.1-lts-xenial | 24.2 | generic, lowlatency |
| lts-4.4.0-36.55_14.04.1-lts-xenial | 24.2 | generic, lowlatency |
| lts-4.4.0-38.57_14.04.1-lts-xenial | 24.2 | generic, lowlatency |
| lts-4.4.0-42.62_14.04.1-lts-xenial | 24.2 | generic, lowlatency |
| lts-4.4.0-45.66_14.04.1-lts-xenial | 24.2 | generic, lowlatency |
| lts-4.4.0-47.68_14.04.1-lts-xenial | 24.2 | generic, lowlatency |
| lts-4.4.0-51.72_14.04.1-lts-xenial | 24.2 | generic, lowlatency |
| lts-4.4.0-53.74_14.04.1-lts-xenial | 24.2 | generic, lowlatency |
| lts-4.4.0-57.78_14.04.1-lts-xenial | 24.2 | generic, lowlatency |
| lts-4.4.0-59.80_14.04.1-lts-xenial | 24.2 | generic, lowlatency |
| lts-4.4.0-62.83_14.04.1-lts-xenial | 24.2 | generic, lowlatency |
| lts-4.4.0-63.84_14.04.2-lts-xenial | 24.2 | generic, lowlatency |
| lts-4.4.0-64.85_14.04.1-lts-xenial | 24.2 | generic, lowlatency |
| lts-4.4.0-66.87_14.04.1-lts-xenial | 24.2 | generic, lowlatency |
| lts-4.4.0-70.91_14.04.1-lts-xenial | 24.2 | generic, lowlatency |
| lts-4.4.0-71.92_14.04.1-lts-xenial | 24.2 | generic, lowlatency |

Additionally, you should install an updated kernel with these fixes and
reboot at your convienience.

References:
CVE-2017-1000364

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Login or Register to add favorites

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close