You are here
Home > Preporuke > Dodatak sigurnosnoj zakrpi za jezgru operacijskog sustava

Dodatak sigurnosnoj zakrpi za jezgru operacijskog sustava

  • Detalji os-a: WN7
  • Važnost: INF
  • Operativni sustavi: L
  • Kategorije: LUB

Kernel Live Patch Security Notice LSN-0035-1
February 22, 2018

linux vulnerability

A security issue affects these releases of Ubuntu:

| Series | Base kernel | Arch | flavors |
| Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic |
| Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency |
| Ubuntu 14.04 LTS | 4.4.0 | amd64 | generic |
| Ubuntu 14.04 LTS | 4.4.0 | amd64 | lowlatency |


On February 22, fixes for CVE-2017-5715 were released into the Ubuntu Xenial
kernel version 4.4.0-116.140. This CVE, also known as “Spectre,” is caused
by flaws in the design of speculative execution hardware in the computer’s
CPU, and could be used to access sensitive information in kernel memory.

The mitigation for “Spectre” is accomplished using retpoline, a new compiler
feature that prevents speculation when an indirect call is made. Unfortunately,
it is not possible to generate a livepatch when a compiler change is required
by a fix, as livepatches must be generated with the same compiler as the
target kernel. Please plan to reboot into kernel version 4.4.0-116.140 or
newer as soon as possible.

Additional details on the vulnerability and our response can be found here:

Software Description:
– linux: Linux kernel

Update instructions:

The problem can be corrected by installing an updated kernel with these
fixes and rebooting.


AutorVlatka Misic
Cert idNCERT-REF-2018-02-0179-ADV
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci u jezgri operacijskog sustava SUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju otkrivanje informacija, izvođenje napada uskraćivanja usluge,...