X-Industry

Ubuntu Security Notices

Posted by Scott Hall on April 27, 2018 at 1:32pm

Ubuntu Security Notices

Ubuntu 3631-1: Linux Kernel (Azure) Vulnerabilities

This patch is for Ubuntu 16.04 and addresses vulnerabilities affecting the following[1]:

  • linux
  • linux-aws
  • linux-kvm
  • linux-raspi2
  • linux-snapdragon

Ubuntu 3631-2: Lunux Kernel (Xenial HWE) Vulnerabilities

This patch is for Ubuntu 14.04 LTS – Ubuntu 16.04 LTS and addresses vulnerabilities affecting the following[2]:

  • linux-LTS-Xenial
  • linux-aws

The following CVE’s are addressed with USN-3631-1 and USN-3631-2 patches.

  • CVE-2017-13305: It was discovered that a buffer overread vulnerability existed in the keyring subsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory)

 

  • CVE-2017-16538: It was discovered that the DM04/QQBOX USB driver in the Linux kernel did not properly handle device attachment and warm-start. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. 

 

 

  • CVE-2018-1000004: Luo Quan and Wei Yang discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel when handling ioctl()s. A local attacker could use this to cause a denial of service (system deadlock).

 

  • CVE-2018-5750: Wang Qize discovered that an information disclosure vulnerability existed in the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A local attacker could use this to expose sensitive information (kernel pointer addresses).

 

 

  • CVE-2018-7566: 范龙飞 discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel that could lead to a use-after-free or an out-of-bounds buffer access. A local attacker with access to /dev/snd/seq could use this to cause a denial of service (system crash) or possibly execute arbitrary code

 

Prevention and Mitigation Strategies

It is strongly recommended that Ubuntu users apply new security patches to their systems as soon as possible. The above-mentioned CVE’s (CVE-2017-13305, CVE-2017-16538, CVE- CVE-2018-1000004, CVE-2018-5750, CVE-2018-7566) are addressed with these security updates along with numerous other non-security issues. Instructions on patching your system are found here and downloads available here at launchpad.net/ubuntu.

 

 

[1] https://usn.ubuntu.com/3631-1/

[2] https://usn.ubuntu.com/3631-2/

Views: 26
Tags: cve-2017-13305, cve-2017-16538, cve-2018-1000004, cve-2018-5750, cve-2018-7566, linux, ubuntu, xenial hwe, ubuntu 1604
E-mail me when people leave their comments –
Follow

You need to be a member of Red Sky Alliance to add comments!