==========================================================================
Ubuntu Security Notice USN-3422-1
September 18, 2017

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux: Linux kernel

Details:

It was discovered that a buffer overflow existed in the Bluetooth stack of
the Linux kernel when handling L2CAP configuration responses. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2017-1000251)

It was discovered that the asynchronous I/O (aio) subsystem of the Linux
kernel did not properly set permissions on aio memory mappings in some
situations. An attacker could use this to more easily exploit other
vulnerabilities. (CVE-2016-10044)

Baozeng Ding and Andrey Konovalov discovered a race condition in the L2TPv3
IP Encapsulation implementation in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2016-10200)

Andreas Gruenbacher and Jan Kara discovered that the filesystem
implementation in the Linux kernel did not clear the setgid bit during a
setxattr call. A local attacker could use this to possibly elevate group
privileges. (CVE-2016-7097)

Sergej Schumilo, Ralf Spenneberg, and Hendrik Schwartke discovered that the
key management subsystem in the Linux kernel did not properly allocate
memory in some situations. A local attacker could use this to cause a
denial of service (system crash). (CVE-2016-8650)

Vlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO
PCI driver for the Linux kernel. A local attacker with access to a vfio PCI
device file could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084)

It was discovered that an information leak existed in __get_user_asm_ex()
in the Linux kernel. A local attacker could use this to expose sensitive
information. (CVE-2016-9178)

CAI Qian discovered that the sysctl implementation in the Linux kernel did
not properly perform reference counting in some situations. An unprivileged
attacker could use this to cause a denial of service (system hang).
(CVE-2016-9191)

It was discovered that the keyring implementation in the Linux kernel in
some situations did not prevent special internal keyrings from being joined
by userspace keyrings. A privileged local attacker could use this to bypass
module verification. (CVE-2016-9604)

It was discovered that an integer overflow existed in the trace subsystem
of the Linux kernel. A local privileged attacker could use this to cause a
denial of service (system crash). (CVE-2016-9754)

Andrey Konovalov discovered that the IPv4 implementation in the Linux
kernel did not properly handle invalid IP options in some situations. An
attacker could use this to cause a denial of service or possibly execute
arbitrary code. (CVE-2017-5970)

Dmitry Vyukov discovered that the Linux kernel did not properly handle TCP
packets with the URG flag. A remote attacker could use this to cause a
denial of service. (CVE-2017-6214)

It was discovered that a race condition existed in the AF_PACKET handling
code in the Linux kernel. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2017-6346)

It was discovered that the keyring implementation in the Linux kernel did
not properly restrict searches for dead keys. A local attacker could use
this to cause a denial of service (system crash). (CVE-2017-6951)

Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux
kernel contained a stack-based buffer overflow. A local attacker with
access to an sg device could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2017-7187)

Eric Biggers discovered a memory leak in the keyring implementation in the
Linux kernel. A local attacker could use this to cause a denial of service
(memory consumption). (CVE-2017-7472)

It was discovered that a buffer overflow existed in the Broadcom FullMAC
WLAN driver in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-7541)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-3.13.0-132-generic 3.13.0-132.181
linux-image-3.13.0-132-generic-lpae 3.13.0-132.181
linux-image-3.13.0-132-lowlatency 3.13.0-132.181
linux-image-3.13.0-132-powerpc-e500 3.13.0-132.181
linux-image-3.13.0-132-powerpc-e500mc 3.13.0-132.181
linux-image-3.13.0-132-powerpc-smp 3.13.0-132.181
linux-image-3.13.0-132-powerpc64-emb 3.13.0-132.181
linux-image-3.13.0-132-powerpc64-smp 3.13.0-132.181
linux-image-generic 3.13.0.132.141
linux-image-generic-lpae 3.13.0.132.141
linux-image-lowlatency 3.13.0.132.141
linux-image-powerpc-e500 3.13.0.132.141
linux-image-powerpc-e500mc 3.13.0.132.141
linux-image-powerpc-smp 3.13.0.132.141
linux-image-powerpc64-emb 3.13.0.132.141
linux-image-powerpc64-smp 3.13.0.132.141

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://www.ubuntu.com/usn/usn-3422-1
CVE-2016-10044, CVE-2016-10200, CVE-2016-7097, CVE-2016-8650,
CVE-2016-9083, CVE-2016-9084, CVE-2016-9178, CVE-2016-9191,
CVE-2016-9604, CVE-2016-9754, CVE-2017-1000251, CVE-2017-5970,
CVE-2017-6214, CVE-2017-6346, CVE-2017-6951, CVE-2017-7187,
CVE-2017-7472, CVE-2017-7541

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-132.181

—–BEGIN PGP SIGNATURE—–

iQIcBAABCgAGBQJZwFllAAoJEC8Jno0AXoH0tBwP/1b/2ilK/AX8qitEQ1OK1gqP
eCwtoNNJftloubciPbvWQGiOQhFhoGAqOQ+B+EtOdXqXxCdEN0iBK/8Nf7PUQK8I
dKVQrgocGb5WGAUhM+2pINDdA6/n+15PrDffev/EUNi67ZRNEo7iOIm16/4BZoe/
pVRUjWUjc0PcxUTlDX8CCQmV2m+1siXgJesK6dFGnPsjhbph9b+wvgvwMRtIx/BK
E9NZ+HMR6gZQpCKjnXBGfR4TsKjmsINob8hwu3Hbvx2dzJEx3wi8QcM6JJmPhbUT
oVRL2lqXOAUhyLPPMGcpTmcv39ByQaUauiQ8z6rV2kkXd+rKAAmOW97auLUFcz/p
L09iB+mupohyLHdbrRpfdCdbDaSPQ27Jii9Ak94nVZxZVd88k2Nioo1lNfZwnwTZ
dHQKIXjC3VuYA27kwqXNBZ59prZtqVfAC2b85FunwFIUwcigDlY734bLXeFPO0KC
F5M/WuFJgvy+phjJOYf96K+VEngpZE9B5TzetO5Efz/1CuSY+9zKSn3b58pP0Iz4
UH28DoyUsMRb1QL01dDb/l81IyI9kqlPZnpkjMO85TguvUAYWA+oic3ckZQbRfNk
Otzx2qz+oG5foDg74KUPXvOTD02Kx0kK+66HK4dXz0RnLrYSl7u4yH7OonJt++EL
IOZ28GpDvc6WBp5rV5ma
=uxsX
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3422-2
September 18, 2017

linux-lts-trusty vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise ESM

Details:

USN-3422-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 LTS.

It was discovered that a buffer overflow existed in the Bluetooth stack of
the Linux kernel when handling L2CAP configuration responses. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2017-1000251)

It was discovered that the asynchronous I/O (aio) subsystem of the Linux
kernel did not properly set permissions on aio memory mappings in some
situations. An attacker could use this to more easily exploit other
vulnerabilities. (CVE-2016-10044)

Baozeng Ding and Andrey Konovalov discovered a race condition in the L2TPv3
IP Encapsulation implementation in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2016-10200)

Andreas Gruenbacher and Jan Kara discovered that the filesystem
implementation in the Linux kernel did not clear the setgid bit during a
setxattr call. A local attacker could use this to possibly elevate group
privileges. (CVE-2016-7097)

Sergej Schumilo, Ralf Spenneberg, and Hendrik Schwartke discovered that the
key management subsystem in the Linux kernel did not properly allocate
memory in some situations. A local attacker could use this to cause a
denial of service (system crash). (CVE-2016-8650)

Vlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO
PCI driver for the Linux kernel. A local attacker with access to a vfio PCI
device file could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084)

It was discovered that an information leak existed in __get_user_asm_ex()
in the Linux kernel. A local attacker could use this to expose sensitive
information. (CVE-2016-9178)

CAI Qian discovered that the sysctl implementation in the Linux kernel did
not properly perform reference counting in some situations. An unprivileged
attacker could use this to cause a denial of service (system hang).
(CVE-2016-9191)

It was discovered that the keyring implementation in the Linux kernel in
some situations did not prevent special internal keyrings from being joined
by userspace keyrings. A privileged local attacker could use this to bypass
module verification. (CVE-2016-9604)

It was discovered that an integer overflow existed in the trace subsystem
of the Linux kernel. A local privileged attacker could use this to cause a
denial of service (system crash). (CVE-2016-9754)

Andrey Konovalov discovered that the IPv4 implementation in the Linux
kernel did not properly handle invalid IP options in some situations. An
attacker could use this to cause a denial of service or possibly execute
arbitrary code. (CVE-2017-5970)

Dmitry Vyukov discovered that the Linux kernel did not properly handle TCP
packets with the URG flag. A remote attacker could use this to cause a
denial of service. (CVE-2017-6214)

It was discovered that a race condition existed in the AF_PACKET handling
code in the Linux kernel. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2017-6346)

It was discovered that the keyring implementation in the Linux kernel did
not properly restrict searches for dead keys. A local attacker could use
this to cause a denial of service (system crash). (CVE-2017-6951)

Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux
kernel contained a stack-based buffer overflow. A local attacker with
access to an sg device could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2017-7187)

Eric Biggers discovered a memory leak in the keyring implementation in the
Linux kernel. A local attacker could use this to cause a denial of service
(memory consumption). (CVE-2017-7472)

It was discovered that a buffer overflow existed in the Broadcom FullMAC
WLAN driver in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-7541)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
linux-image-3.13.0-132-generic 3.13.0-132.181~precise1
linux-image-3.13.0-132-generic-lpae 3.13.0-132.181~precise1
linux-image-generic-lpae-lts-trusty 3.13.0.132.122
linux-image-generic-lts-trusty 3.13.0.132.122

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://www.ubuntu.com/usn/usn-3422-2
https://www.ubuntu.com/usn/usn-3422-1
CVE-2016-10044, CVE-2016-10200, CVE-2016-7097, CVE-2016-8650,
CVE-2016-9083, CVE-2016-9084, CVE-2016-9178, CVE-2016-9191,
CVE-2016-9604, CVE-2016-9754, CVE-2017-1000251, CVE-2017-5970,
CVE-2017-6214, CVE-2017-6346, CVE-2017-6951, CVE-2017-7187,
CVE-2017-7472, CVE-2017-7541

—–BEGIN PGP SIGNATURE—–

iQIcBAABCgAGBQJZwFl2AAoJEC8Jno0AXoH0xRIP/2/fU1SJizN7S0FPDHxh6pZo
cKJYIaOjU2gksj6ZfXxEJPDHHBZgK4wgaZ8xokT/x+REAx8lgMnK0K2bfglT/g+I
A702ea+UolyteH2WvUMPCJNwAVqf6BTCFwlCz8a8f40smPLsL/+0QdGpJ3UjkI0V
M6JCx6LsruhvSpPjkX4JuunGE3WqMajRC4MjMzK4gFUtU0Lcccqg6kYSfzWTKpbC
iNqhmC83NIBAIqL0xSAWRUFsAOpOuQKCLFRA87Qjk+s/803KJQffcnBWTguPiU0J
ca0NE+OVlFtJDaPuW6luaHJ18a31IJ6inksyJm2+IlNkH8ecy87O/enI2KkVMB2h
PA7VyyY0ymU6vfBAf5u9YJkFtvROZdigPbJx8Ex7Bv6zAmsFGQs4u35IkbyyKVwb
LAALcAdfy52ojRwCKxWEpWn82+iNd9ZA0Sn1yEpJjXSAFrpNGXXFC158IAX0JDbM
VZdchzgmlv/kV4jO8bBaPpB6Z6pFZvH+mIjoO3evJjDjK6fNMLvL9ZjgefmO7jMC
IEmR4j6ZntfnBdn5TQT5WBBG5Ue+Co6AO4zr70RynPlLbitXh3FkPxdN0i5WwGQK
N4ZRZqKw6N0KwduR095QMQ/aL9UgpnV+1k9/sA9ewceDtXBCA8swlXMZBiNh0P5/
X6qnChsFep+f8yfXLk3E
=ORix
—–END PGP SIGNATURE—–
—