CVE-2017-1000363
CVSS7.2
发布时间 :2017-07-17 09:18:18
修订时间 :2017-11-03 21:29:28
NP    

[原文]Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line.


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-787 [跨界内存写]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000363
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000363
(官方数据源) NVD

- 其它链接及资源

http://www.debian.org/security/2017/dsa-3945
(UNKNOWN)  DEBIAN  DSA-3945
http://www.securityfocus.com/bid/98651
(VENDOR_ADVISORY)  BID  98651
https://alephsecurity.com/vulns/aleph-2017023
(VENDOR_ADVISORY)  MISC  https://alephsecurity.com/vulns/aleph-2017023

- 漏洞信息 (F143041)

Ubuntu Security Notice USN-3329-1 (PacketStormID:F143041)
2017-06-20 00:00:00
Ubuntu  security.ubuntu.com
advisory,arbitrary,kernel,local
linux,ubuntu
CVE-2017-1000363,CVE-2017-1000364,CVE-2017-7487,CVE-2017-8890,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
[点击下载]

Ubuntu Security Notice 3329-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.

===========================================================================
Ubuntu Security Notice USN-3329-1
June 19, 2017

linux-gke, linux-meta-gke vulnerabilities
===========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-gke: Linux kernel for Google Container Engine (GKE) systems

Details:

It was discovered that the stack guard page for processes in the Linux
kernel was not sufficiently large enough to prevent overlapping with the
heap. An attacker could leverage this with another vulnerability to execute
arbitrary code and gain administrative privileges (CVE-2017-1000364)

Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)

A reference count bug was discovered in the Linux kernel ipx protocol
stack. A local attacker could exploit this flaw to cause a denial of
service or possibly other unspecified problems. (CVE-2017-7487)

A double free bug was discovered in the IPv4 stack of the Linux kernel. An
attacker could use this to cause a denial of service (system crash).
(CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel's IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel's IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)

It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)

It was discovered that the IPv6 stack was doing over write consistency
check after the data was actually overwritten. A local attacker could
exploit this flaw to cause a denial of service (system crash).
(CVE-2017-9242)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  linux-image-4.4.0-1016-gke      4.4.0-1016.16

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://www.ubuntu.com/usn/usn-3329-1
  CVE-2017-1000363, CVE-2017-1000364, CVE-2017-7487, CVE-2017-8890,
  CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077,
  CVE-2017-9242

Package Information:
  https://launchpad.net/ubuntu/+source/linux-gke/4.4.0-1016.16



--xbIP4JK7ndB1j0dAPR3Qrq9Ow3QXaR4N5--

    

- 漏洞信息 (F143040)

Ubuntu Security Notice USN-3328-1 (PacketStormID:F143040)
2017-06-20 00:00:00
Ubuntu  security.ubuntu.com
advisory,arbitrary,kernel,local
linux,ubuntu
CVE-2017-1000363,CVE-2017-1000364,CVE-2017-7487,CVE-2017-8890,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
[点击下载]

Ubuntu Security Notice 3328-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.

===========================================================================
Ubuntu Security Notice USN-3328-1
June 19, 2017

linux, linux-meta vulnerabilities
===========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel

Details:

It was discovered that the stack guard page for processes in the Linux
kernel was not sufficiently large enough to prevent overlapping with the
heap. An attacker could leverage this with another vulnerability to execute
arbitrary code and gain administrative privileges (CVE-2017-1000364)

Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)

A reference count bug was discovered in the Linux kernel ipx protocol
stack. A local attacker could exploit this flaw to cause a denial of
service or possibly other unspecified problems. (CVE-2017-7487)

A double free bug was discovered in the IPv4 stack of the Linux kernel. An
attacker could use this to cause a denial of service (system crash).
(CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel's IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel's IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)

It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)

It was discovered that the IPv6 stack was doing over write consistency
check after the data was actually overwritten. A local attacker could
exploit this flaw to cause a denial of service (system crash).
(CVE-2017-9242)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  linux-image-4.4.0-81-generic    4.4.0-81.104
  linux-image-4.4.0-81-generic-lpae  4.4.0-81.104
  linux-image-4.4.0-81-lowlatency  4.4.0-81.104
  linux-image-4.4.0-81-powerpc-e500mc  4.4.0-81.104
  linux-image-4.4.0-81-powerpc-smp  4.4.0-81.104
  linux-image-4.4.0-81-powerpc64-emb  4.4.0-81.104
  linux-image-4.4.0-81-powerpc64-smp  4.4.0-81.104
  linux-image-generic             4.4.0.81.87
  linux-image-generic-lpae        4.4.0.81.87
  linux-image-generic-lpae-lts-utopic  4.4.0.81.87
  linux-image-generic-lpae-lts-vivid  4.4.0.81.87
  linux-image-generic-lpae-lts-wily  4.4.0.81.87
  linux-image-generic-lpae-lts-xenial  4.4.0.81.87
  linux-image-generic-lts-utopic  4.4.0.81.87
  linux-image-generic-lts-vivid   4.4.0.81.87
  linux-image-generic-lts-wily    4.4.0.81.87
  linux-image-generic-lts-xenial  4.4.0.81.87
  linux-image-lowlatency          4.4.0.81.87
  linux-image-lowlatency-lts-utopic  4.4.0.81.87
  linux-image-lowlatency-lts-vivid  4.4.0.81.87
  linux-image-lowlatency-lts-wily  4.4.0.81.87
  linux-image-lowlatency-lts-xenial  4.4.0.81.87
  linux-image-powerpc-e500mc      4.4.0.81.87
  linux-image-powerpc-e500mc-lts-utopic  4.4.0.81.87
  linux-image-powerpc-e500mc-lts-vivid  4.4.0.81.87
  linux-image-powerpc-e500mc-lts-wily  4.4.0.81.87
  linux-image-powerpc-e500mc-lts-xenial  4.4.0.81.87
  linux-image-powerpc-smp         4.4.0.81.87
  linux-image-powerpc-smp-lts-utopic  4.4.0.81.87
  linux-image-powerpc-smp-lts-vivid  4.4.0.81.87
  linux-image-powerpc-smp-lts-wily  4.4.0.81.87
  linux-image-powerpc-smp-lts-xenial  4.4.0.81.87
  linux-image-powerpc64-emb       4.4.0.81.87
  linux-image-powerpc64-emb-lts-utopic  4.4.0.81.87
  linux-image-powerpc64-emb-lts-vivid  4.4.0.81.87
  linux-image-powerpc64-emb-lts-wily  4.4.0.81.87
  linux-image-powerpc64-emb-lts-xenial  4.4.0.81.87
  linux-image-powerpc64-smp       4.4.0.81.87
  linux-image-powerpc64-smp-lts-utopic  4.4.0.81.87
  linux-image-powerpc64-smp-lts-vivid  4.4.0.81.87
  linux-image-powerpc64-smp-lts-wily  4.4.0.81.87
  linux-image-powerpc64-smp-lts-xenial  4.4.0.81.87
  linux-image-virtual             4.4.0.81.87
  linux-image-virtual-lts-utopic  4.4.0.81.87
  linux-image-virtual-lts-vivid   4.4.0.81.87
  linux-image-virtual-lts-wily    4.4.0.81.87
  linux-image-virtual-lts-xenial  4.4.0.81.87

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://www.ubuntu.com/usn/usn-3328-1
  CVE-2017-1000363, CVE-2017-1000364, CVE-2017-7487, CVE-2017-8890,
  CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077,
  CVE-2017-9242

Package Information:
  https://launchpad.net/ubuntu/+source/linux/4.4.0-81.104



--BMmm3jsNKDfMqH5EutSqNncDa5xdlkISo--

    

- 漏洞信息 (F143039)

Ubuntu Security Notice USN-3327-1 (PacketStormID:F143039)
2017-06-20 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,arbitrary,kernel,local
linux,ubuntu
CVE-2017-1000363,CVE-2017-1000364,CVE-2017-5577,CVE-2017-7374,CVE-2017-8890,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
[点击下载]

Ubuntu Security Notice 3327-1 - It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Various other issues were also addressed.

===========================================================================
Ubuntu Security Notice USN-3327-1
June 19, 2017

linux-meta-raspi2, linux-raspi2 vulnerabilities
===========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.10

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-raspi2: Linux kernel for Raspberry Pi 2

Details:

It was discovered that a use-after-free flaw existed in the filesystem
encryption subsystem in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash). (CVE-2017-7374)

It was discovered that the stack guard page for processes in the Linux
kernel was not sufficiently large enough to prevent overlapping with the
heap. An attacker could leverage this with another vulnerability to execute
arbitrary code and gain administrative privileges (CVE-2017-1000364)

Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)

Ingo Molnar discovered that the VideoCore DRM driver in the Linux kernel
did not return an error after detecting certain overflows. A local attacker
could exploit this issue to cause a denial of service (OOPS).
(CVE-2017-5577)

A double free bug was discovered in the IPv4 stack of the Linux kernel. An
attacker could use this to cause a denial of service (system crash).
(CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel's IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel's IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)

It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)

It was discovered that the IPv6 stack was doing over write consistency
check after the data was actually overwritten. A local attacker could
exploit this flaw to cause a denial of service (system crash).
(CVE-2017-9242)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.10:
  linux-image-4.8.0-1040-raspi2   4.8.0-1040.44
  linux-image-raspi2              4.8.0.1040.44

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://www.ubuntu.com/usn/usn-3327-1
  CVE-2017-1000363, CVE-2017-1000364, CVE-2017-5577, CVE-2017-7374,
  CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076,
  CVE-2017-9077, CVE-2017-9242

Package Information:
  https://launchpad.net/ubuntu/+source/linux-raspi2/4.8.0-1040.44



--35ENTMXaNfQKRWxpBSAJtjF30r1qnUUsB--

    

- 漏洞信息 (F143038)

Ubuntu Security Notice USN-3326-1 (PacketStormID:F143038)
2017-06-20 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,arbitrary,kernel,local
linux,ubuntu
CVE-2017-1000363,CVE-2017-1000364,CVE-2017-5577,CVE-2017-7374,CVE-2017-8890,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
[点击下载]

Ubuntu Security Notice 3326-1 - It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Various other issues were also addressed.

===========================================================================
Ubuntu Security Notice USN-3326-1
June 19, 2017

linux, linux-meta vulnerabilities
===========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.10

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel

Details:

It was discovered that a use-after-free flaw existed in the filesystem
encryption subsystem in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash). (CVE-2017-7374)

It was discovered that the stack guard page for processes in the Linux
kernel was not sufficiently large enough to prevent overlapping with the
heap. An attacker could leverage this with another vulnerability to execute
arbitrary code and gain administrative privileges (CVE-2017-1000364)

Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)

Ingo Molnar discovered that the VideoCore DRM driver in the Linux kernel
did not return an error after detecting certain overflows. A local attacker
could exploit this issue to cause a denial of service (OOPS).
(CVE-2017-5577)

A double free bug was discovered in the IPv4 stack of the Linux kernel. An
attacker could use this to cause a denial of service (system crash).
(CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel's IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel's IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)

It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)

It was discovered that the IPv6 stack was doing over write consistency
check after the data was actually overwritten. A local attacker could
exploit this flaw to cause a denial of service (system crash).
(CVE-2017-9242)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.10:
  linux-image-4.8.0-56-generic    4.8.0-56.61
  linux-image-4.8.0-56-generic-lpae  4.8.0-56.61
  linux-image-4.8.0-56-lowlatency  4.8.0-56.61
  linux-image-4.8.0-56-powerpc-e500mc  4.8.0-56.61
  linux-image-4.8.0-56-powerpc-smp  4.8.0-56.61
  linux-image-4.8.0-56-powerpc64-emb  4.8.0-56.61
  linux-image-generic             4.8.0.56.69
  linux-image-generic-lpae        4.8.0.56.69
  linux-image-lowlatency          4.8.0.56.69
  linux-image-powerpc-e500mc      4.8.0.56.69
  linux-image-powerpc-smp         4.8.0.56.69
  linux-image-powerpc64-emb       4.8.0.56.69
  linux-image-powerpc64-smp       4.8.0.56.69
  linux-image-virtual             4.8.0.56.69

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://www.ubuntu.com/usn/usn-3326-1
  CVE-2017-1000363, CVE-2017-1000364, CVE-2017-5577, CVE-2017-7374,
  CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076,
  CVE-2017-9077, CVE-2017-9242

Package Information:
  https://launchpad.net/ubuntu/+source/linux/4.8.0-56.61



--H8rshXB3ob0C3oPcwpAxCCuDVmtd5tUtO--

    

- 漏洞信息 (F143037)

Ubuntu Security Notice USN-3324-1 (PacketStormID:F143037)
2017-06-20 00:00:00
Ubuntu  security.ubuntu.com
advisory,arbitrary,kernel,local
linux,ubuntu
CVE-2017-1000363,CVE-2017-1000364,CVE-2017-8890,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9150,CVE-2017-9242
[点击下载]

Ubuntu Security Notice 3324-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.

===========================================================================
Ubuntu Security Notice USN-3324-1
June 19, 2017

linux, linux-meta vulnerabilities
===========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.04

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel

Details:

It was discovered that the stack guard page for processes in the Linux
kernel was not sufficiently large enough to prevent overlapping with the
heap. An attacker could leverage this with another vulnerability to execute
arbitrary code and gain administrative privileges (CVE-2017-1000364)

Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)

A double free bug was discovered in the IPv4 stack of the Linux kernel. An
attacker could use this to cause a denial of service (system crash).
(CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel's IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel's IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)

It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)

Jann Horn discovered that bpf in Linux kernel does not restrict the output
of the print_bpf_insn function. A local attacker could use this to obtain
sensitive address information. (CVE-2017-9150)

It was discovered that the IPv6 stack was doing over write consistency
check after the data was actually overwritten. A local attacker could
exploit this flaw to cause a denial of service (system crash).
(CVE-2017-9242)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  linux-image-4.10.0-24-generic   4.10.0-24.28
  linux-image-4.10.0-24-generic-lpae  4.10.0-24.28
  linux-image-4.10.0-24-lowlatency  4.10.0-24.28
  linux-image-generic             4.10.0.24.26
  linux-image-generic-lpae        4.10.0.24.26
  linux-image-lowlatency          4.10.0.24.26
  linux-image-powerpc-e500mc      4.10.0.24.26
  linux-image-powerpc-smp         4.10.0.24.26
  linux-image-powerpc64-emb       4.10.0.24.26
  linux-image-powerpc64-smp       4.10.0.24.26
  linux-image-virtual             4.10.0.24.26

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://www.ubuntu.com/usn/usn-3324-1
  CVE-2017-1000363, CVE-2017-1000364, CVE-2017-8890, CVE-2017-9074,
  CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9150,
  CVE-2017-9242

Package Information:
  https://launchpad.net/ubuntu/+source/linux/4.10.0-24.28



--uxdfCHn0UlHdSKIHgf1VnRMRvITuokKES--

    

- 漏洞信息 (F143031)

Ubuntu Security Notice USN-3325-1 (PacketStormID:F143031)
2017-06-20 00:00:00
Ubuntu  security.ubuntu.com
advisory,arbitrary,kernel,local
linux,ubuntu
CVE-2017-1000363,CVE-2017-1000364,CVE-2017-8890,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9150,CVE-2017-9242
[点击下载]

Ubuntu Security Notice 3325-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.

===========================================================================
Ubuntu Security Notice USN-3325-1
June 19, 2017

linux-meta-raspi2, linux-raspi2 vulnerabilities
===========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.04

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-raspi2: Linux kernel for Raspberry Pi 2

Details:

It was discovered that the stack guard page for processes in the Linux
kernel was not sufficiently large enough to prevent overlapping with the
heap. An attacker could leverage this with another vulnerability to execute
arbitrary code and gain administrative privileges (CVE-2017-1000364)

Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)

A double free bug was discovered in the IPv4 stack of the Linux kernel. An
attacker could use this to cause a denial of service (system crash).
(CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel's IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel's IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)

It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)

Jann Horn discovered that bpf in Linux kernel does not restrict the output
of the print_bpf_insn function. A local attacker could use this to obtain
sensitive address information. (CVE-2017-9150)

It was discovered that the IPv6 stack was doing over write consistency
check after the data was actually overwritten. A local attacker could
exploit this flaw to cause a denial of service (system crash).
(CVE-2017-9242)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  linux-image-4.10.0-1008-raspi2  4.10.0-1008.11
  linux-image-raspi2              4.10.0.1008.10

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://www.ubuntu.com/usn/usn-3325-1
  CVE-2017-1000363, CVE-2017-1000364, CVE-2017-8890, CVE-2017-9074,
  CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9150,
  CVE-2017-9242

Package Information:
  https://launchpad.net/ubuntu/+source/linux-raspi2/4.10.0-1008.11



--Wlvo72PwjX7PVmskl6mUekOPTx8eofOp5--

    

- 漏洞信息 (F143023)

Ubuntu Security Notice USN-3333-1 (PacketStormID:F143023)
2017-06-20 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,arbitrary,kernel,local
linux,ubuntu
CVE-2017-1000363,CVE-2017-1000364,CVE-2017-5577,CVE-2017-7374,CVE-2017-8890,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
[点击下载]

Ubuntu Security Notice 3333-1 - It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Various other issues were also addressed.

===========================================================================
Ubuntu Security Notice USN-3333-1
June 20, 2017

linux-hwe, linux-meta-hwe vulnerabilities
===========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-hwe: Linux hardware enablement (HWE) kernel

Details:

It was discovered that a use-after-free flaw existed in the filesystem
encryption subsystem in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash). (CVE-2017-7374)

It was discovered that the stack guard page for processes in the Linux
kernel was not sufficiently large enough to prevent overlapping with the
heap. An attacker could leverage this with another vulnerability to execute
arbitrary code and gain administrative privileges (CVE-2017-1000364)

Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)

Ingo Molnar discovered that the VideoCore DRM driver in the Linux kernel
did not return an error after detecting certain overflows. A local attacker
could exploit this issue to cause a denial of service (OOPS).
(CVE-2017-5577)

A double free bug was discovered in the IPv4 stack of the Linux kernel. An
attacker could use this to cause a denial of service (system crash).
(CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel's IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel's IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)

It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)

It was discovered that the IPv6 stack was doing over write consistency
check after the data was actually overwritten. A local attacker could
exploit this flaw to cause a denial of service (system crash).
(CVE-2017-9242)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  linux-image-4.8.0-56-generic    4.8.0-56.61~16.04.1
  linux-image-4.8.0-56-generic-lpae  4.8.0-56.61~16.04.1
  linux-image-4.8.0-56-lowlatency  4.8.0-56.61~16.04.1
  linux-image-4.8.0-56-powerpc-e500mc  4.8.0-56.61~16.04.1
  linux-image-4.8.0-56-powerpc-smp  4.8.0-56.61~16.04.1
  linux-image-4.8.0-56-powerpc64-emb  4.8.0-56.61~16.04.1
  linux-image-generic-hwe-16.04   4.8.0.56.27
  linux-image-generic-lpae-hwe-16.04  4.8.0.56.27
  linux-image-lowlatency-hwe-16.04  4.8.0.56.27
  linux-image-virtual-hwe-16.04   4.8.0.56.27

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://www.ubuntu.com/usn/usn-3333-1
  CVE-2017-1000363, CVE-2017-1000364, CVE-2017-5577, CVE-2017-7374,
  CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076,
  CVE-2017-9077, CVE-2017-9242

Package Information:
  https://launchpad.net/ubuntu/+source/linux-hwe/4.8.0-56.61~16.04.1



--nh39tMsHA1pQkDUDfW34R4wlx8a6UBIs6--

    

- 漏洞信息 (F143022)

Ubuntu Security Notice USN-3330-1 (PacketStormID:F143022)
2017-06-20 00:00:00
Ubuntu  security.ubuntu.com
advisory,arbitrary,kernel,local
linux,ubuntu
CVE-2017-1000363,CVE-2017-1000364,CVE-2017-7487,CVE-2017-8890,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
[点击下载]

Ubuntu Security Notice 3330-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.

===========================================================================
Ubuntu Security Notice USN-3330-1
June 19, 2017

linux-meta-snapdragon, linux-snapdragon vulnerabilities
===========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-snapdragon: Linux kernel for Snapdragon processors

Details:

It was discovered that the stack guard page for processes in the Linux
kernel was not sufficiently large enough to prevent overlapping with the
heap. An attacker could leverage this with another vulnerability to execute
arbitrary code and gain administrative privileges (CVE-2017-1000364)

Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)

A reference count bug was discovered in the Linux kernel ipx protocol
stack. A local attacker could exploit this flaw to cause a denial of
service or possibly other unspecified problems. (CVE-2017-7487)

A double free bug was discovered in the IPv4 stack of the Linux kernel. An
attacker could use this to cause a denial of service (system crash).
(CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel's IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel's IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)

It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)

It was discovered that the IPv6 stack was doing over write consistency
check after the data was actually overwritten. A local attacker could
exploit this flaw to cause a denial of service (system crash).
(CVE-2017-9242)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  linux-image-4.4.0-1061-snapdragon  4.4.0-1061.66
  linux-image-snapdragon          4.4.0.1061.54

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://www.ubuntu.com/usn/usn-3330-1
  CVE-2017-1000363, CVE-2017-1000364, CVE-2017-7487, CVE-2017-8890,
  CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077,
  CVE-2017-9242

Package Information:
  https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1061.66



--4WC7IElobF4O0eNi1lHenfloFe0hTJCfb--

    

- 漏洞信息 (F143021)

Ubuntu Security Notice USN-3331-1 (PacketStormID:F143021)
2017-06-20 00:00:00
Ubuntu  security.ubuntu.com
advisory,arbitrary,kernel,local
linux,ubuntu
CVE-2017-1000363,CVE-2017-1000364,CVE-2017-7487,CVE-2017-8890,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
[点击下载]

Ubuntu Security Notice 3331-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.

===========================================================================
Ubuntu Security Notice USN-3331-1
June 19, 2017

linux-aws, linux-meta-aws vulnerabilities
===========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems

Details:

It was discovered that the stack guard page for processes in the Linux
kernel was not sufficiently large enough to prevent overlapping with the
heap. An attacker could leverage this with another vulnerability to execute
arbitrary code and gain administrative privileges (CVE-2017-1000364)

Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)

A reference count bug was discovered in the Linux kernel ipx protocol
stack. A local attacker could exploit this flaw to cause a denial of
service or possibly other unspecified problems. (CVE-2017-7487)

A double free bug was discovered in the IPv4 stack of the Linux kernel. An
attacker could use this to cause a denial of service (system crash).
(CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel's IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel's IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)

It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)

It was discovered that the IPv6 stack was doing over write consistency
check after the data was actually overwritten. A local attacker could
exploit this flaw to cause a denial of service (system crash).
(CVE-2017-9242)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  linux-image-4.4.0-1020-aws      4.4.0-1020.29

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://www.ubuntu.com/usn/usn-3331-1
  CVE-2017-1000363, CVE-2017-1000364, CVE-2017-7487, CVE-2017-8890,
  CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077,
  CVE-2017-9242

Package Information:
  https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1020.29



--hLpspx1tRKGh5B9sp3jk3Xa86nflGxAVa--

    

- 漏洞信息 (F143020)

Ubuntu Security Notice USN-3332-1 (PacketStormID:F143020)
2017-06-20 00:00:00
Ubuntu  security.ubuntu.com
advisory,arbitrary,kernel,local
linux,ubuntu
CVE-2017-1000363,CVE-2017-1000364,CVE-2017-7487,CVE-2017-8890,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
[点击下载]

Ubuntu Security Notice 3332-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.

===========================================================================
Ubuntu Security Notice USN-3332-1
June 20, 2017

linux-meta-raspi2, linux-raspi2 vulnerabilities
===========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-raspi2: Linux kernel for Raspberry Pi 2

Details:

It was discovered that the stack guard page for processes in the Linux
kernel was not sufficiently large enough to prevent overlapping with the
heap. An attacker could leverage this with another vulnerability to execute
arbitrary code and gain administrative privileges (CVE-2017-1000364)

Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)

A reference count bug was discovered in the Linux kernel ipx protocol
stack. A local attacker could exploit this flaw to cause a denial of
service or possibly other unspecified problems. (CVE-2017-7487)

A double free bug was discovered in the IPv4 stack of the Linux kernel. An
attacker could use this to cause a denial of service (system crash).
(CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel's IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel's IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)

It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)

It was discovered that the IPv6 stack was doing over write consistency
check after the data was actually overwritten. A local attacker could
exploit this flaw to cause a denial of service (system crash).
(CVE-2017-9242)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  linux-image-4.4.0-1059-raspi2   4.4.0-1059.67
  linux-image-raspi2              4.4.0.1059.60

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://www.ubuntu.com/usn/usn-3332-1
  CVE-2017-1000363, CVE-2017-1000364, CVE-2017-7487, CVE-2017-8890,
  CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077,
  CVE-2017-9242

Package Information:
  https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1059.67



--LORdQJbC8aM7w5IXddThCiS38Ntdm44w0--

    

- 漏洞信息 (F143018)

Ubuntu Security Notice USN-3335-1 (PacketStormID:F143018)
2017-06-20 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,arbitrary,kernel,local
linux,ubuntu
CVE-2014-9940,CVE-2017-0605,CVE-2017-1000363,CVE-2017-1000364,CVE-2017-7294,CVE-2017-8890,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
[点击下载]

Ubuntu Security Notice 3335-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges It was discovered that a use-after-free vulnerability in the core voltage regulator driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

===========================================================================
Ubuntu Security Notice USN-3335-1
June 20, 2017

linux, linux-meta vulnerabilities
===========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel

Details:

It was discovered that the stack guard page for processes in the Linux
kernel was not sufficiently large enough to prevent overlapping with the
heap. An attacker could leverage this with another vulnerability to execute
arbitrary code and gain administrative privileges (CVE-2017-1000364)

It was discovered that a use-after-free vulnerability in the core voltage
regulator driver of the Linux kernel. A local attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2014-9940)

It was discovered that a buffer overflow existed in the trace subsystem in
the Linux kernel. A privileged local attacker could use this to execute
arbitrary code. (CVE-2017-0605)

Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)

Li Qiang discovered that an integer overflow vulnerability existed in the
Direct Rendering Manager (DRM) driver for VMWare devices in the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2017-7294)

A double free bug was discovered in the IPv4 stack of the Linux kernel. An
attacker could use this to cause a denial of service (system crash).
(CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel's IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel's IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)

It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)

It was discovered that the IPv6 stack was doing over write consistency
check after the data was actually overwritten. A local attacker could
exploit this flaw to cause a denial of service (system crash).
(CVE-2017-9242)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  linux-image-3.13.0-121-generic  3.13.0-121.170
  linux-image-3.13.0-121-generic-lpae  3.13.0-121.170
  linux-image-3.13.0-121-lowlatency  3.13.0-121.170
  linux-image-3.13.0-121-powerpc-e500  3.13.0-121.170
  linux-image-3.13.0-121-powerpc-e500mc  3.13.0-121.170
  linux-image-3.13.0-121-powerpc-smp  3.13.0-121.170
  linux-image-3.13.0-121-powerpc64-emb  3.13.0-121.170
  linux-image-3.13.0-121-powerpc64-smp  3.13.0-121.170
  linux-image-generic             3.13.0.121.131
  linux-image-generic-lpae        3.13.0.121.131
  linux-image-generic-lpae-lts-saucy  3.13.0.121.131
  linux-image-generic-lpae-lts-trusty  3.13.0.121.131
  linux-image-generic-lts-quantal  3.13.0.121.131
  linux-image-generic-lts-raring  3.13.0.121.131
  linux-image-generic-lts-saucy   3.13.0.121.131
  linux-image-generic-lts-trusty  3.13.0.121.131
  linux-image-generic-pae         3.13.0.121.131
  linux-image-highbank            3.13.0.121.131
  linux-image-lowlatency          3.13.0.121.131
  linux-image-lowlatency-pae      3.13.0.121.131
  linux-image-omap                3.13.0.121.131
  linux-image-powerpc-e500        3.13.0.121.131
  linux-image-powerpc-e500mc      3.13.0.121.131
  linux-image-powerpc-smp         3.13.0.121.131
  linux-image-powerpc64-emb       3.13.0.121.131
  linux-image-powerpc64-smp       3.13.0.121.131
  linux-image-virtual             3.13.0.121.131

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://www.ubuntu.com/usn/usn-3335-1
  CVE-2014-9940, CVE-2017-0605, CVE-2017-1000363, CVE-2017-1000364,
  CVE-2017-7294, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075,
  CVE-2017-9076, CVE-2017-9077, CVE-2017-9242

Package Information:
  https://launchpad.net/ubuntu/+source/linux/3.13.0-121.170



--mNpnjNEW4AT1QDUWhhCBQmge94bh181p8--

    

- 漏洞信息 (F143017)

Ubuntu Security Notice USN-3334-1 (PacketStormID:F143017)
2017-06-20 00:00:00
Ubuntu  security.ubuntu.com
advisory,arbitrary,kernel,local
linux,ubuntu
CVE-2017-1000363,CVE-2017-1000364,CVE-2017-7487,CVE-2017-8890,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
[点击下载]

Ubuntu Security Notice 3334-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.

===========================================================================
Ubuntu Security Notice USN-3334-1
June 20, 2017

linux-lts-xenial, linux-meta-lts-xenial vulnerabilities
===========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

It was discovered that the stack guard page for processes in the Linux
kernel was not sufficiently large enough to prevent overlapping with the
heap. An attacker could leverage this with another vulnerability to execute
arbitrary code and gain administrative privileges (CVE-2017-1000364)

Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)

A reference count bug was discovered in the Linux kernel ipx protocol
stack. A local attacker could exploit this flaw to cause a denial of
service or possibly other unspecified problems. (CVE-2017-7487)

A double free bug was discovered in the IPv4 stack of the Linux kernel. An
attacker could use this to cause a denial of service (system crash).
(CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel's IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel's IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)

It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)

It was discovered that the IPv6 stack was doing over write consistency
check after the data was actually overwritten. A local attacker could
exploit this flaw to cause a denial of service (system crash).
(CVE-2017-9242)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  linux-image-4.4.0-81-generic    4.4.0-81.104~14.04.1
  linux-image-4.4.0-81-generic-lpae  4.4.0-81.104~14.04.1
  linux-image-4.4.0-81-lowlatency  4.4.0-81.104~14.04.1
  linux-image-4.4.0-81-powerpc-e500mc  4.4.0-81.104~14.04.1
  linux-image-4.4.0-81-powerpc-smp  4.4.0-81.104~14.04.1
  linux-image-4.4.0-81-powerpc64-emb  4.4.0-81.104~14.04.1
  linux-image-4.4.0-81-powerpc64-smp  4.4.0-81.104~14.04.1
  linux-image-generic-lpae-lts-xenial  4.4.0.81.66
  linux-image-generic-lts-xenial  4.4.0.81.66
  linux-image-lowlatency-lts-xenial  4.4.0.81.66
  linux-image-powerpc-e500mc-lts-xenial  4.4.0.81.66
  linux-image-powerpc-smp-lts-xenial  4.4.0.81.66
  linux-image-powerpc64-emb-lts-xenial  4.4.0.81.66
  linux-image-powerpc64-smp-lts-xenial  4.4.0.81.66
  linux-image-virtual-lts-xenial  4.4.0.81.66

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://www.ubuntu.com/usn/usn-3334-1
  CVE-2017-1000363, CVE-2017-1000364, CVE-2017-7487, CVE-2017-8890,
  CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077,
  CVE-2017-9242

Package Information:
  https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-81.104~14.04.1



--KXulEfEDvwwjAU2jT098GrWP6Wo0cVLTd--

    

- 漏洞信息 (F143188)

Ubuntu Security Notice USN-3345-1 (PacketStormID:F143188)
2017-06-29 00:00:00
Ubuntu  security.ubuntu.com
advisory,java,arbitrary,kernel,local
linux,ubuntu
CVE-2017-1000363,CVE-2017-8890,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9150,CVE-2017-9242
[点击下载]

Ubuntu Security Notice 3345-1 - USN 3324-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3345-1
June 29, 2017

linux, linux-raspi2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.04

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-raspi2: Linux kernel for Raspberry Pi 2

Details:

USN 3324-1 fixed a vulnerability in the Linux kernel. However, that
fix introduced regressions for some Java applications. This update
addresses the issue. We apologize for the inconvenience.

Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)

It was discovered that a double-free vulnerability existed in the IPv4
stack of the Linux kernel. An attacker could use this to cause a denial of
service (system crash). (CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel's IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel's IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)

It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)

Jann Horn discovered that bpf in Linux kernel does not restrict the output
of the print_bpf_insn function. A local attacker could use this to obtain
sensitive address information. (CVE-2017-9150)

It was discovered that the IPv6 stack in the Linux kernel was performing
its over write consistency check after the data was actually overwritten. A
local attacker could exploit this flaw to cause a denial of service (system
crash). (CVE-2017-9242)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  linux-image-4.10.0-1010-raspi2  4.10.0-1010.13
  linux-image-4.10.0-26-generic   4.10.0-26.30
  linux-image-4.10.0-26-generic-lpae  4.10.0-26.30
  linux-image-4.10.0-26-lowlatency  4.10.0-26.30
  linux-image-generic             4.10.0.26.28
  linux-image-generic-lpae        4.10.0.26.28
  linux-image-lowlatency          4.10.0.26.28
  linux-image-raspi2              4.10.0.1010.12

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://www.ubuntu.com/usn/usn-3345-1
  https://www.ubuntu.com/usn/usn-3324-1
  https://launchpad.net/bugs/1699772
  CVE-2017-1000363, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075,
  CVE-2017-9076, CVE-2017-9077, CVE-2017-9150, CVE-2017-9242

Package Information:
  https://launchpad.net/ubuntu/+source/linux/4.10.0-26.30
  https://launchpad.net/ubuntu/+source/linux-raspi2/4.10.0-1010.13


    

- 漏洞信息 (F143187)

Ubuntu Security Notice USN-3344-2 (PacketStormID:F143187)
2017-06-29 00:00:00
Ubuntu  security.ubuntu.com
advisory,java,kernel,vulnerability
linux,ubuntu
CVE-2017-1000363,CVE-2017-7487,CVE-2017-8890,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
[点击下载]

Ubuntu Security Notice 3344-2 - USN-3344-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. USN 3334-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3344-2
June 29, 2017

linux-lts-xenial vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

USN-3344-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.

USN 3334-1 fixed a vulnerability in the Linux kernel. However, that
fix introduced regressions for some Java applications. This update
addresses the issue. We apologize for the inconvenience.

Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)

A reference count bug was discovered in the Linux kernel ipx protocol
stack. A local attacker could exploit this flaw to cause a denial of
service or possibly other unspecified problems. (CVE-2017-7487)

It was discovered that a double-free vulnerability existed in the IPv4
stack of the Linux kernel. An attacker could use this to cause a denial of
service (system crash). (CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel's IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel's IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)

It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)

It was discovered that the IPv6 stack in the Linux kernel was performing
its over write consistency check after the data was actually overwritten. A
local attacker could exploit this flaw to cause a denial of service (system
crash). (CVE-2017-9242)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  linux-image-4.4.0-83-generic    4.4.0-83.106~14.04.1
  linux-image-4.4.0-83-generic-lpae  4.4.0-83.106~14.04.1
  linux-image-4.4.0-83-lowlatency  4.4.0-83.106~14.04.1
  linux-image-4.4.0-83-powerpc-e500mc  4.4.0-83.106~14.04.1
  linux-image-4.4.0-83-powerpc-smp  4.4.0-83.106~14.04.1
  linux-image-4.4.0-83-powerpc64-emb  4.4.0-83.106~14.04.1
  linux-image-4.4.0-83-powerpc64-smp  4.4.0-83.106~14.04.1
  linux-image-generic-lpae-lts-xenial  4.4.0.83.68
  linux-image-generic-lts-xenial  4.4.0.83.68
  linux-image-lowlatency-lts-xenial  4.4.0.83.68
  linux-image-powerpc-e500mc-lts-xenial  4.4.0.83.68
  linux-image-powerpc-smp-lts-xenial  4.4.0.83.68
  linux-image-powerpc64-emb-lts-xenial  4.4.0.83.68
  linux-image-powerpc64-smp-lts-xenial  4.4.0.83.68

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://www.ubuntu.com/usn/usn-3344-2
  https://www.ubuntu.com/usn/usn-3344-1
  https://www.ubuntu.com/usn/usn-3334-1
  https://launchpad.net/bugs/1699772
  CVE-2017-1000363, CVE-2017-7487, CVE-2017-8890, CVE-2017-9074,
  CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242

Package Information:
  https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-83.106~14.04.1


    

- 漏洞信息 (F143186)

Ubuntu Security Notice USN-3344-1 (PacketStormID:F143186)
2017-06-29 00:00:00
Ubuntu  security.ubuntu.com
advisory,java,arbitrary,kernel,local
linux,ubuntu
CVE-2017-1000363,CVE-2017-7487,CVE-2017-8890,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
[点击下载]

Ubuntu Security Notice 3344-1 - USN 3328-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3344-1
June 29, 2017

linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gke: Linux kernel for Google Container Engine (GKE) systems
- linux-raspi2: Linux kernel for Raspberry Pi 2
- linux-snapdragon: Linux kernel for Snapdragon processors

Details:

USN 3328-1 fixed a vulnerability in the Linux kernel. However, that
fix introduced regressions for some Java applications. This update
addresses the issue. We apologize for the inconvenience.

Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)

A reference count bug was discovered in the Linux kernel ipx protocol
stack. A local attacker could exploit this flaw to cause a denial of
service or possibly other unspecified problems. (CVE-2017-7487)

It was discovered that a double-free vulnerability existed in the IPv4
stack of the Linux kernel. An attacker could use this to cause a denial of
service (system crash). (CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel's IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel's IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)

It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)

It was discovered that the IPv6 stack in the Linux kernel was performing
its over write consistency check after the data was actually overwritten. A
local attacker could exploit this flaw to cause a denial of service (system
crash). (CVE-2017-9242)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  linux-image-4.4.0-1018-gke      4.4.0-1018.18
  linux-image-4.4.0-1022-aws      4.4.0-1022.31
  linux-image-4.4.0-1061-raspi2   4.4.0-1061.69
  linux-image-4.4.0-1063-snapdragon  4.4.0-1063.68
  linux-image-4.4.0-83-generic    4.4.0-83.106
  linux-image-4.4.0-83-generic-lpae  4.4.0-83.106
  linux-image-4.4.0-83-lowlatency  4.4.0-83.106
  linux-image-4.4.0-83-powerpc-e500mc  4.4.0-83.106
  linux-image-4.4.0-83-powerpc-smp  4.4.0-83.106
  linux-image-4.4.0-83-powerpc64-emb  4.4.0-83.106
  linux-image-4.4.0-83-powerpc64-smp  4.4.0-83.106
  linux-image-aws                 4.4.0.1022.25
  linux-image-generic             4.4.0.83.89
  linux-image-generic-lpae        4.4.0.83.89
  linux-image-gke                 4.4.0.1018.20
  linux-image-lowlatency          4.4.0.83.89
  linux-image-powerpc-e500mc      4.4.0.83.89
  linux-image-powerpc-smp         4.4.0.83.89
  linux-image-powerpc64-emb       4.4.0.83.89
  linux-image-powerpc64-smp       4.4.0.83.89
  linux-image-raspi2              4.4.0.1061.62
  linux-image-snapdragon          4.4.0.1063.56

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://www.ubuntu.com/usn/usn-3344-1
  https://www.ubuntu.com/usn/usn-3328-1
  https://launchpad.net/bugs/1699772
  CVE-2017-1000363, CVE-2017-7487, CVE-2017-8890, CVE-2017-9074,
  CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242

Package Information:
  https://launchpad.net/ubuntu/+source/linux/4.4.0-83.106
  https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1022.31
  https://launchpad.net/ubuntu/+source/linux-gke/4.4.0-1018.18
  https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1061.69
  https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1063.68


    

- 漏洞信息 (F143185)

Ubuntu Security Notice USN-3342-1 (PacketStormID:F143185)
2017-06-29 00:00:00
Ubuntu  security.ubuntu.com
advisory,java,denial of service,arbitrary,kernel,local
linux,ubuntu
CVE-2017-1000363,CVE-2017-5577,CVE-2017-7294,CVE-2017-7374,CVE-2017-8890,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
[点击下载]

Ubuntu Security Notice 3342-1 - USN 3326-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3342-1
June 29, 2017

linux, linux-raspi2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.10

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-raspi2: Linux kernel for Raspberry Pi 2

Details:

USN 3326-1 fixed a vulnerability in the Linux kernel. However, that
fix introduced regressions for some Java applications. This update
addresses the issue. We apologize for the inconvenience.

It was discovered that a use-after-free flaw existed in the filesystem
encryption subsystem in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash). (CVE-2017-7374)

Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)

Ingo Molnar discovered that the VideoCore DRM driver in the Linux kernel
did not return an error after detecting certain overflows. A local attacker
could exploit this issue to cause a denial of service (OOPS).
(CVE-2017-5577)

Li Qiang discovered that an integer overflow vulnerability existed in the
Direct Rendering Manager (DRM) driver for VMWare devices in the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2017-7294)

It was discovered that a double-free vulnerability existed in the IPv4
stack of the Linux kernel. An attacker could use this to cause a denial of
service (system crash). (CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel's IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel's IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)

It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)

It was discovered that the IPv6 stack in the Linux kernel was performing
its over write consistency check after the data was actually overwritten. A
local attacker could exploit this flaw to cause a denial of service (system
crash). (CVE-2017-9242)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.10:
  linux-image-4.8.0-1042-raspi2   4.8.0-1042.46
  linux-image-4.8.0-58-generic    4.8.0-58.63
  linux-image-4.8.0-58-generic-lpae  4.8.0-58.63
  linux-image-4.8.0-58-lowlatency  4.8.0-58.63
  linux-image-4.8.0-58-powerpc-e500mc  4.8.0-58.63
  linux-image-4.8.0-58-powerpc-smp  4.8.0-58.63
  linux-image-4.8.0-58-powerpc64-emb  4.8.0-58.63
  linux-image-generic             4.8.0.58.71
  linux-image-generic-lpae        4.8.0.58.71
  linux-image-lowlatency          4.8.0.58.71
  linux-image-powerpc-e500mc      4.8.0.58.71
  linux-image-powerpc-smp         4.8.0.58.71
  linux-image-powerpc64-emb       4.8.0.58.71
  linux-image-powerpc64-smp       4.8.0.58.71
  linux-image-raspi2              4.8.0.1042.46
  linux-image-virtual             4.8.0.58.71

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://www.ubuntu.com/usn/usn-3342-1
  https://www.ubuntu.com/usn/usn-3326-1
  https://launchpad.net/bugs/1699772
  CVE-2017-1000363, CVE-2017-5577, CVE-2017-7294, CVE-2017-7374,
  CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076,
  CVE-2017-9077, CVE-2017-9242

Package Information:
  https://launchpad.net/ubuntu/+source/linux/4.8.0-58.63
  https://launchpad.net/ubuntu/+source/linux-raspi2/4.8.0-1042.46


--xs+9IvWevLaxKUtW

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJZVLSUAAoJEC8Jno0AXoH0xyAP/0Gv3+6gEIQtQxw4DXT2Lx/W
9vQXHpHid7dvC1cSErTLgSKl9oGmQGdVsN4oGqaqLKJCIDnCEZ55fhdAfvHgdKWl
F0nkrE0Sn2VUYEcPOxJamoDhyQj2w/jqOvWGllVdVQfe5/pmPJHh4LvfvdrZqrir
NEld3x1slrp1nn914Pu8Yiknv1dAiXV5TuL9iNQEZfD0N0AfKfhizyPZzpQfJV1w
BKbAY/r6nWaN6RDxX3Rb/j47uk0hJXnlIm4cVWpitZ9rSKr2Ipf5hun6ZVI2Bg5Z
xN0VExEs7YD/9aj/0KVlIOi7noIN/b0Y0XwOg/AyeknhNbAnappybqwjSxz3UNcw
XLmx03M32FHAOvXwQEN9e0KZiSxIetKb0Qohy9xqD6xj4HGfr9G1Yzu6zjVXgzxy
QyEIT0Zsit7s2SpvdePc2WM7+cJTA9qishgL/BQlKIKl6XVuk7F3BuWvThGCQxCC
CpeBio/WmiYVlV/k65a08mfk3OPPGhkXvQj5yoICwdhkBDsjLADUhwPAZR1HLTB4
GSaQHaJIeDQ2oHcLY9cfW+wrdbUATCyFYgZrT2utnAYRYC/o1OT1U51xYwh4R0Dm
u+KUS+qBkUmZ7GnPCRCBjX+95Mrnp+OqCLJEaWcVf8t3F2R3oFx2slseyZFMiZj8
RkTcQGr/s+gmCn8mnrTb
=hKL6
-----END PGP SIGNATURE-----

--xs+9IvWevLaxKUtW--


    

- 漏洞信息 (F143184)

Ubuntu Security Notice USN-3343-1 (PacketStormID:F143184)
2017-06-29 00:00:00
Ubuntu  security.ubuntu.com
advisory,java,denial of service,arbitrary,kernel,local
linux,ubuntu
CVE-2014-9940,CVE-2017-0605,CVE-2017-1000363,CVE-2017-7294,CVE-2017-8890,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
[点击下载]

Ubuntu Security Notice 3343-1 - USN 3335-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. It was discovered that a use-after-free vulnerability in the core voltage regulator driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3343-1
June 29, 2017

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel

Details:

USN 3335-1 fixed a vulnerability in the Linux kernel. However, that
fix introduced regressions for some Java applications. This update
addresses the issue. We apologize for the inconvenience.

It was discovered that a use-after-free vulnerability in the core voltage
regulator driver of the Linux kernel. A local attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2014-9940)

It was discovered that a buffer overflow existed in the trace subsystem in
the Linux kernel. A privileged local attacker could use this to execute
arbitrary code. (CVE-2017-0605)

Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)

Li Qiang discovered that an integer overflow vulnerability existed in the
Direct Rendering Manager (DRM) driver for VMWare devices in the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2017-7294)

It was discovered that a double-free vulnerability existed in the IPv4
stack of the Linux kernel. An attacker could use this to cause a denial of
service (system crash). (CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel's IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel's IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)

It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)

It was discovered that the IPv6 stack in the Linux kernel was performing
its over write consistency check after the data was actually overwritten. A
local attacker could exploit this flaw to cause a denial of service (system
crash). (CVE-2017-9242)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  linux-image-3.13.0-123-generic  3.13.0-123.172
  linux-image-3.13.0-123-generic-lpae  3.13.0-123.172
  linux-image-3.13.0-123-lowlatency  3.13.0-123.172
  linux-image-3.13.0-123-powerpc-e500  3.13.0-123.172
  linux-image-3.13.0-123-powerpc-e500mc  3.13.0-123.172
  linux-image-3.13.0-123-powerpc-smp  3.13.0-123.172
  linux-image-3.13.0-123-powerpc64-emb  3.13.0-123.172
  linux-image-3.13.0-123-powerpc64-smp  3.13.0-123.172
  linux-image-generic             3.13.0.123.133
  linux-image-generic-lpae        3.13.0.123.133
  linux-image-lowlatency          3.13.0.123.133
  linux-image-powerpc-e500        3.13.0.123.133
  linux-image-powerpc-e500mc      3.13.0.123.133
  linux-image-powerpc-smp         3.13.0.123.133
  linux-image-powerpc64-emb       3.13.0.123.133
  linux-image-powerpc64-smp       3.13.0.123.133

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://www.ubuntu.com/usn/usn-3343-1
  https://www.ubuntu.com/usn/usn-3335-1
  https://launchpad.net/bugs/1699772
  CVE-2014-9940, CVE-2017-0605, CVE-2017-1000363, CVE-2017-7294,
  CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076,
  CVE-2017-9077, CVE-2017-9242

Package Information:
  https://launchpad.net/ubuntu/+source/linux/3.13.0-123.172


    

- 漏洞信息 (F143183)

Ubuntu Security Notice USN-3343-2 (PacketStormID:F143183)
2017-06-29 00:00:00
Ubuntu  security.ubuntu.com
advisory,java,kernel,vulnerability
linux,ubuntu
CVE-2014-9940,CVE-2017-0605,CVE-2017-1000363,CVE-2017-7294,CVE-2017-8890,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
[点击下载]

Ubuntu Security Notice 3343-2 - USN 3343-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. USN 3335-2 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3343-2
June 29, 2017

linux-lts-trusty vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise

Details:

USN 3343-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 ESM.

USN 3335-2 fixed a vulnerability in the Linux kernel. However, that
fix introduced regressions for some Java applications. This update
addresses the issue. We apologize for the inconvenience.

It was discovered that a use-after-free vulnerability in the core voltage
regulator driver of the Linux kernel. A local attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2014-9940)

It was discovered that a buffer overflow existed in the trace subsystem in
the Linux kernel. A privileged local attacker could use this to execute
arbitrary code. (CVE-2017-0605)

Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)

Li Qiang discovered that an integer overflow vulnerability existed in the
Direct Rendering Manager (DRM) driver for VMWare devices in the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2017-7294)

It was discovered that a double-free vulnerability existed in the IPv4
stack of the Linux kernel. An attacker could use this to cause a denial of
service (system crash). (CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel's IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel's IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)

It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)

It was discovered that the IPv6 stack in the Linux kernel was performing
its over write consistency check after the data was actually overwritten. A
local attacker could exploit this flaw to cause a denial of service (system
crash). (CVE-2017-9242)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  linux-image-3.13.0-123-generic  3.13.0-123.172~precise1
  linux-image-3.13.0-123-generic-lpae  3.13.0-123.172~precise1
  linux-image-generic-lpae-lts-trusty  3.13.0.123.114
  linux-image-generic-lts-trusty  3.13.0.123.114

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://www.ubuntu.com/usn/usn-3343-2
  https://www.ubuntu.com/usn/usn-3343-1
  https://www.ubuntu.com/usn/usn-3335-2
  https://launchpad.net/bugs/1699772
  CVE-2014-9940, CVE-2017-0605, CVE-2017-1000363, CVE-2017-7294,
  CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076,
  CVE-2017-9077, CVE-2017-9242


    

- 漏洞信息 (F143194)

Ubuntu Security Notice USN-3342-2 (PacketStormID:F143194)
2017-06-30 00:00:00
Ubuntu  security.ubuntu.com
advisory,java,denial of service,kernel,local,vulnerability
linux,ubuntu
CVE-2017-1000363,CVE-2017-5577,CVE-2017-7294,CVE-2017-7374,CVE-2017-8890,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
[点击下载]

Ubuntu Security Notice 3342-2 - USN-3342-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. USN-3333-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3342-2
June 29, 2017

linux-hwe vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-hwe: Linux hardware enablement (HWE) kernel

Details:

USN-3342-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS.

USN-3333-1 fixed a vulnerability in the Linux kernel. However, that
fix introduced regressions for some Java applications. This update
addresses the issue. We apologize for the inconvenience.

It was discovered that a use-after-free flaw existed in the filesystem
encryption subsystem in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash). (CVE-2017-7374)

Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)

Ingo Molnar discovered that the VideoCore DRM driver in the Linux kernel
did not return an error after detecting certain overflows. A local attacker
could exploit this issue to cause a denial of service (OOPS).
(CVE-2017-5577)

Li Qiang discovered that an integer overflow vulnerability existed in the
Direct Rendering Manager (DRM) driver for VMWare devices in the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2017-7294)

It was discovered that a double-free vulnerability existed in the IPv4
stack of the Linux kernel. An attacker could use this to cause a denial of
service (system crash). (CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel's IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel's IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)

It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)

It was discovered that the IPv6 stack in the Linux kernel was performing
its over write consistency check after the data was actually overwritten. A
local attacker could exploit this flaw to cause a denial of service (system
crash). (CVE-2017-9242)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  linux-image-4.8.0-58-generic    4.8.0-58.63~16.04.1
  linux-image-4.8.0-58-generic-lpae  4.8.0-58.63~16.04.1
  linux-image-4.8.0-58-lowlatency  4.8.0-58.63~16.04.1
  linux-image-generic-hwe-16.04   4.8.0.58.29
  linux-image-generic-lpae-hwe-16.04  4.8.0.58.29
  linux-image-lowlatency-hwe-16.04  4.8.0.58.29

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://www.ubuntu.com/usn/usn-3342-2
  https://www.ubuntu.com/usn/usn-3342-1
  https://www.ubuntu.com/usn/usn-3333-1
  https://launchpad.net/bugs/1699772
  CVE-2017-1000363, CVE-2017-5577, CVE-2017-7294, CVE-2017-7374,
  CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076,
  CVE-2017-9077, CVE-2017-9242

Package Information:
  https://launchpad.net/ubuntu/+source/linux-hwe/4.8.0-58.63~16.04.1


    
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站