USN-3509-4: Linux kernel (Xenial HWE) regression

By: | December 16, 2017

Share

USN-3509-4: Linux kernel (Xenial HWE) regression

Severity

Unspecified

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 14.04

Description

USN-3509-2 fixed vulnerabilities in the Linux Hardware Enablement kernel for Ubuntu 14.04 LTS. Unfortunately, it also introduced a regression that prevented the Ceph network filesystem from being used. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16939)

It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service (application crashes) or possibly gain administrative privileges. (CVE-2017-1000405)

Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array implementation in the Linux kernel sometimes did not properly handle adding a new entry. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-12193)

Andrey Konovalov discovered an out-of-bounds read in the GTCO digitizer USB driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16643)

Affected Cloud Foundry Products and Versions

Severity is unspecified unless otherwise noted.

  • Cloud Foundry BOSH trusty-stemcells are vulnerable, including:
    • 3312.x versions prior to 3312.49
    • 3363.x versions prior to 3363.45
    • 3421.x versions prior to 3421.35
    • 3445.x versions prior to 3445.21
    • 3468.x versions prior to 3468.16
    • All other stemcells not listed.

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

  • The Cloud Foundry project recommends upgrading the following BOSH trusty-stemcells:
    • Upgrade 3312.x versions to 3312.49
    • Upgrade 3363.x versions to 3363.45
    • Upgrade 3421.x versions to 3421.35
    • Upgrade 3445.x versions to 3445.21
    • Upgrade 3468.x versions to 3468.16
    • All other stemcells should be upgraded to the latest version available on bosh.io.

References

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES