========================================================================== Kernel Live Patch Security Notice LSN-0012-1 October 20, 2016 linux vulnerability ========================================================================== A security issue affects these releases of Ubuntu: | Series | Base kernel | Arch | flavors | |------------------+--------------+----------+------------------| | Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency | Summary: Several security issues were fixed in the kernel. Software Description: - linux: Linux kernel Details: VladimAr BeneA! discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload (GRO) processing implementations in the Linux kernel, A remote attacker could use this to cause a stack corruption, leading to a denial of service (system crash). (CVE-2016-7039, CVE-2016-8666) It was discovered that a race condition existed in the memory manager of the Linux kernel when handling copy-on-write breakage of private read-only memory mappings. A local attacker could use this to gain administrative privileges. (CVE-2016-5195) Update instructions: The problem can be corrected by updating your livepatches to the following versions: | Kernel | Version | flavors | |-----------------+----------+--------------------------| | 4.4.0-21.37 | 13.3 | generic, lowlatency | | 4.4.0-22.39 | 13.3 | generic, lowlatency | | 4.4.0-22.40 | 13.3 | generic, lowlatency | | 4.4.0-24.43 | 13.3 | generic, lowlatency | | 4.4.0-28.47 | 13.3 | generic, lowlatency | | 4.4.0-31.50 | 13.3 | generic, lowlatency | | 4.4.0-34.53 | 13.3 | generic, lowlatency | | 4.4.0-36.55 | 13.3 | generic, lowlatency | | 4.4.0-38.57 | 13.3 | generic, lowlatency | | 4.4.0-42.62 | 13.3 | generic, lowlatency | | 4.4.0-43.63 | 13.3 | generic, lowlatency | Additionally, you should install an updated kernel with these fixes and reboot at your convienience. References: CVE-2016-7039, CVE-2016-8666, CVE-2016-5195