==========================================================================
Ubuntu Security Notice USN-3377-1
August 03, 2017

linux, linux-raspi2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.04

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux: Linux kernel
– linux-raspi2: Linux kernel for Raspberry Pi 2

Details:

Fan Wu and Shixiong Zhao discovered a race condition between inotify events
and vfs rename operations in the Linux kernel. An unprivileged local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2017-7533)

It was discovered that the Linux kernel did not properly restrict
RLIMIT_STACK size. A local attacker could use this in conjunction with
another vulnerability to possibly execute arbitrary code.
(CVE-2017-1000365)

李强 discovered that the Virtio GPU driver in the Linux kernel did not
properly free memory in some situations. A local attacker could use this to
cause a denial of service (memory consumption). (CVE-2017-10810)

石磊 discovered that the RxRPC Kerberos 5 ticket handling code in the
Linux kernel did not properly verify metadata. A remote attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-7482)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
linux-image-4.10.0-1013-raspi2 4.10.0-1013.16
linux-image-4.10.0-30-generic 4.10.0-30.34
linux-image-4.10.0-30-generic-lpae 4.10.0-30.34
linux-image-4.10.0-30-lowlatency 4.10.0-30.34
linux-image-generic 4.10.0.30.31
linux-image-generic-lpae 4.10.0.30.31
linux-image-lowlatency 4.10.0.30.31
linux-image-raspi2 4.10.0.1013.15

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://www.ubuntu.com/usn/usn-3377-1
CVE-2017-1000365, CVE-2017-10810, CVE-2017-7482, CVE-2017-7533

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.10.0-30.34
https://launchpad.net/ubuntu/+source/linux-raspi2/4.10.0-1013.16

—–BEGIN PGP SIGNATURE—–

iQIcBAABCgAGBQJZg2neAAoJEC8Jno0AXoH0+agP/19OJn5eNFbf41AAB/r2N71r
Dy4ZMtB+vpTRGhVN8PXkH6o8F/+JGpPQVOUPG0VWXuZl6rn1h7NGIs8DeL1U4rJ9
HsYth8mI9siqhyv4d+9lyoDst1dhc8U1vXN/jMFJKfOdMpDIdLmgSBc5D4BYOGQk
ssbNa6oeBSSqoOYlYcbmRkdEenYop9Lwnj7104ekXJZDtq/EBk4YgguTNGTyRHC6
wzvl59h2vf4DSY0vQQe1flXA0y2PU2VYj7qVjWkGrLqhpdKPx4KAm7oqY+G15vOn
u9iAAasy4ZQMQT2pRn126ZAfeQUE9liwK9/C9hOQyckSiAXuugrLEIoqzbr/4IS7
ieBlh/sYFxI+2tw6GR+8fmi/wMd40GVdcOJX1p6EOwTZJTyccstyPlBgpCK+78By
ETFEPpUPYDInRdhOzvDx4nWWitcXqFAxe+5hdysdNDkTEtIXxzzYBqyBu+XpJ+pw
ljsBIhQCWAWt24yPu7PAERjb9cvI+xgwfhH4++1uViVScYRc0S0YHJoklk5Rj6HF
rZ4yemZHUCw4tJgtgJmRtn7wP0C3yHqA+cMGlWHSYRPUQpW6DF9PYpig2z3gxdj0
cf1EioXNPz22alDHBXb2G1RAW7YjGbheILpoC0T/N7kGc+3YzoEY1fwctVyM2hZm
LFWLKYS01OhbyIX/7x0m
=d8Gc
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3377-2
August 03, 2017

linux-hwe vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux-hwe: Linux hardware enablement (HWE) kernel

Details:

USN-3377-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.
This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu
16.04 LTS.

Fan Wu and Shixiong Zhao discovered a race condition between inotify events
and vfs rename operations in the Linux kernel. An unprivileged local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2017-7533)

It was discovered that the Linux kernel did not properly restrict
RLIMIT_STACK size. A local attacker could use this in conjunction with
another vulnerability to possibly execute arbitrary code.
(CVE-2017-1000365)

李强 discovered that the Virtio GPU driver in the Linux kernel did not
properly free memory in some situations. A local attacker could use this to
cause a denial of service (memory consumption). (CVE-2017-10810)

石磊 discovered that the RxRPC Kerberos 5 ticket handling code in the
Linux kernel did not properly verify metadata. A remote attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-7482)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.10.0-30-generic 4.10.0-30.34~16.04.1
linux-image-4.10.0-30-generic-lpae 4.10.0-30.34~16.04.1
linux-image-4.10.0-30-lowlatency 4.10.0-30.34~16.04.1
linux-image-generic-hwe-16.04 4.10.0.30.33
linux-image-generic-lpae-hwe-16.04 4.10.0.30.33
linux-image-lowlatency-hwe-16.04 4.10.0.30.33

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://www.ubuntu.com/usn/usn-3377-2
https://www.ubuntu.com/usn/usn-3377-1
CVE-2017-1000365, CVE-2017-10810, CVE-2017-7482, CVE-2017-7533

Package Information:
https://launchpad.net/ubuntu/+source/linux-hwe/4.10.0-30.34~16.04.1

—–BEGIN PGP SIGNATURE—–

iQIcBAABCgAGBQJZg2oKAAoJEC8Jno0AXoH0b0EP/1G+y46bfWyYP/oclV3q818C
I6uh35FrN9I1tiulfMnjuxukgYqNyfRsDZwb/5JMpm+YhN1nRRonKZt++Qjpwe2d
Zok3QJYhZBYOv7b64kuIPvlhtzuFs9Ihs33gp3ae0sXPG97vosn8WSR0mPKJZajM
TkeVifbxNs2af0+CJQY5eRCteEqk0wClt9u+kT7ulShzrhNipLEpJy/LD2HpBETD
or6ytwFe6+3ppPA2UZ4iDl1/JhAWACZevVzsjLcYUop3O29S7UphgVqLwXPIXBbj
ueYPg9iRCSpe39oYujaRef4t6aogp6xnNMzUuJ1MGzJ/4SqW8fG36erGFjsvf4V3
nLq6aqbitLK+xnMX8arHnl9ocSAvJCIr5UbhIJyqCat2foZ8JdwQYqT4GpoSF3YX
80JyGlgxOVXY98xES9JjRlsw7bnIJ/QBS2txVAGj5h9TJXwjHXDFOTwITZJAsBKd
eeFkoixxO2P1xgAddFHCCRFR3lgBvxjrPTRxrbmdpyDwQHzF+K8tZh9m2wv9qESD
5QN5qREmge8twy5Nauq/VQHkWe3cZZmCz3yBoNlGnfUp5IYEm2BTFBzD/lbSWj82
AJ74JNcnKRT6TSXBzQ2W8NzdCytxVjJXQm/qgCIF8IrG0XFROWFdP5dQ7yoYa8w5
b7XlmsqXB8RYWdk6gZHL
=Wirx
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3378-1
August 03, 2017

linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-gke: Linux kernel for Google Container Engine (GKE) systems
– linux-raspi2: Linux kernel for Raspberry Pi 2
– linux-snapdragon: Linux kernel for Snapdragon processors

Details:

Fan Wu and Shixiong Zhao discovered a race condition between inotify events
and vfs rename operations in the Linux kernel. An unprivileged local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2017-7533)

It was discovered that the Linux kernel did not properly restrict
RLIMIT_STACK size. A local attacker could use this in conjunction with
another vulnerability to possibly execute arbitrary code.
(CVE-2017-1000365)

李强 discovered that the Virtio GPU driver in the Linux kernel did not
properly free memory in some situations. A local attacker could use this to
cause a denial of service (memory consumption). (CVE-2017-10810)

石磊 discovered that the RxRPC Kerberos 5 ticket handling code in the
Linux kernel did not properly verify metadata. A remote attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-7482)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.4.0-1024-gke 4.4.0-1024.24
linux-image-4.4.0-1028-aws 4.4.0-1028.37
linux-image-4.4.0-1067-raspi2 4.4.0-1067.75
linux-image-4.4.0-1069-snapdragon 4.4.0-1069.74
linux-image-4.4.0-89-generic 4.4.0-89.112
linux-image-4.4.0-89-generic-lpae 4.4.0-89.112
linux-image-4.4.0-89-lowlatency 4.4.0-89.112
linux-image-4.4.0-89-powerpc-e500mc 4.4.0-89.112
linux-image-4.4.0-89-powerpc-smp 4.4.0-89.112
linux-image-4.4.0-89-powerpc64-emb 4.4.0-89.112
linux-image-4.4.0-89-powerpc64-smp 4.4.0-89.112
linux-image-aws 4.4.0.1028.31
linux-image-generic 4.4.0.89.95
linux-image-generic-lpae 4.4.0.89.95
linux-image-gke 4.4.0.1024.26
linux-image-lowlatency 4.4.0.89.95
linux-image-powerpc-e500mc 4.4.0.89.95
linux-image-powerpc-smp 4.4.0.89.95
linux-image-powerpc64-emb 4.4.0.89.95
linux-image-powerpc64-smp 4.4.0.89.95
linux-image-raspi2 4.4.0.1067.68
linux-image-snapdragon 4.4.0.1069.62

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://www.ubuntu.com/usn/usn-3378-1
CVE-2017-1000365, CVE-2017-10810, CVE-2017-7482, CVE-2017-7533

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-89.112
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1028.37
https://launchpad.net/ubuntu/+source/linux-gke/4.4.0-1024.24
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1067.75
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1069.74

—–BEGIN PGP SIGNATURE—–

iQIcBAABCgAGBQJZg2o2AAoJEC8Jno0AXoH04YYQAKQLSKIdGUuCLw6pWTEZoQys
kIk568HhcpQk8eRRGc5DetQdrt7hDek67ynZgCyGMQG8eMiwQGGu+MghvG3iKtOg
PipzklW16cYhygFbXeM7RDnCczgxPv5Qpmhs4643AuvTYSe7fpOsQ82LO2TgvV7f
mMqe2nh+KK2ukw/+r7AumO7gDABQ2UxW0//tcR/SO23O8GAQzjL4IDaxmft64ll9
l5L2H1XTG2YzMqh4ifoBtrpF2ZqXQuTrCznACyOS02BJrAav38PgbkOHiCklXHLR
P1MHQMWZvXajjZoMcIz1B6mh24ynepMnm2qtvNHBO2oMB72xs5iLaDa+d6R4nWFM
A3HQxIyWOpStTXBYKt6GNbD1bhkf8O4DdBOo9dFWGsr1OC6CcHivV/lrOwzwtJ3C
6hiup7EUDYXwlTge23I375UGHXWHcg4ZKTRNWS8yltSBN68p73HmzjonVTaL3xnK
aK/NSLYoH5C/O8b+G2Ag7isqRw2Lz0wAh6dCflp0hY1B+aJ9QsU3V/qpIT2jPTIS
W4NKrPE2ErFZkR0iBTOzB0N72HAPcLp6iKCqBcVd/j+nzbmTq4mIKR2E38aPluJ6
Zrsp6Ol4cWpeWJ/178QoWFVu2wBHjJ1kvJdjo9SOB0bWNG1sgp/s/c4GwGGjQIMQ
IofXjVtY4ut265lafqhn
=RixZ
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3378-2
August 03, 2017

linux-lts-xenial vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

USN-3378-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.

Fan Wu and Shixiong Zhao discovered a race condition between inotify events
and vfs rename operations in the Linux kernel. An unprivileged local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2017-7533)

It was discovered that the Linux kernel did not properly restrict
RLIMIT_STACK size. A local attacker could use this in conjunction with
another vulnerability to possibly execute arbitrary code.
(CVE-2017-1000365)

李强 discovered that the Virtio GPU driver in the Linux kernel did not
properly free memory in some situations. A local attacker could use this to
cause a denial of service (memory consumption). (CVE-2017-10810)

石磊 discovered that the RxRPC Kerberos 5 ticket handling code in the
Linux kernel did not properly verify metadata. A remote attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-7482)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-4.4.0-89-generic 4.4.0-89.112~14.04.1
linux-image-4.4.0-89-generic-lpae 4.4.0-89.112~14.04.1
linux-image-4.4.0-89-lowlatency 4.4.0-89.112~14.04.1
linux-image-4.4.0-89-powerpc-e500mc 4.4.0-89.112~14.04.1
linux-image-4.4.0-89-powerpc-smp 4.4.0-89.112~14.04.1
linux-image-4.4.0-89-powerpc64-emb 4.4.0-89.112~14.04.1
linux-image-4.4.0-89-powerpc64-smp 4.4.0-89.112~14.04.1
linux-image-generic-lpae-lts-xenial 4.4.0.89.74
linux-image-generic-lts-xenial 4.4.0.89.74
linux-image-lowlatency-lts-xenial 4.4.0.89.74
linux-image-powerpc-e500mc-lts-xenial 4.4.0.89.74
linux-image-powerpc-smp-lts-xenial 4.4.0.89.74
linux-image-powerpc64-emb-lts-xenial 4.4.0.89.74
linux-image-powerpc64-smp-lts-xenial 4.4.0.89.74

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://www.ubuntu.com/usn/usn-3378-2
https://www.ubuntu.com/usn/usn-3378-1
CVE-2017-1000365, CVE-2017-10810, CVE-2017-7482, CVE-2017-7533

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-89.112~14.04.1

—–BEGIN PGP SIGNATURE—–

iQIcBAABCgAGBQJZg2p4AAoJEC8Jno0AXoH0P88P/2uoviUxNJIEwrg5MJhD0gyZ
aVztzD4p/LHoT3Pxg30X1W16aXsj0FawkCL/G4Y3ebjHRoqO73Z6uq/sdl6n3+z6
si4TdK8H0QceI3XUK+hK4hacLYxX85Ev3uHPdgEuIAkPCcKgLEMbudKbUqRnMGgB
CezYfJJG4bg68a/ypIi+k8rD2qjjYDYs3kjaDcuCJuWRu3p4efRxTo8ztmotGaaC
YY0Ka0XmgYBYLOaGvnlbhvp79mzupEToATI6VxSAc4JfCMQtLPPCDBOtHK1kFwZ7
fklpwaS19IikWLCUG3NUm4+E7o8VMRG7Mw1m307xR7+nixDVYA+Gty/VzFTqTRYC
maiMikRHLs4Jne6KwGZ1WqH/D+TemyGRqN0nNL0AYRaaI7GixJiV1797ZDfzco8F
ByoTSjiK3CrZNM8Y0thmfAwwwKdy+y7U8ofjIMk5UJQ/TyMuOkMWtNmFZ4gkmMgP
kSNC31vb1vi+2OZObUDigfX13jGlCSBPR0G/pKd69xBgMCLNeA2qhBWhgAYeokbd
+SqRDDVoAs+na2NM75cjnf/MyXEQpmRgOmwUuikJIipaNWVmxq3hYH9stUy9pYnC
ajNkW0XVFPeq1tn3j/UwQI1KcLvQsqWjq4GPA36sZJJ2DnyveRceJEZVf6cgUwBY
k1zILBjfIvCjvC/ABNyO
=IuZF
—–END PGP SIGNATURE—–
—