CVE-2018-1092
CVSS7.1
发布时间 :2018-04-01 23:29:00
修订时间 :2018-06-15 21:29:04
NMP    

[原文]The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image.


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS分值: 7.1 [严重(HIGH)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-476 [空指针解引用]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1092
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1092
(官方数据源) NVD

- 其它链接及资源

http://openwall.com/lists/oss-security/2018/03/29/1
(VENDOR_ADVISORY)  MISC  http://openwall.com/lists/oss-security/2018/03/29/1
https://bugzilla.kernel.org/show_bug.cgi?id=199179
(UNKNOWN)  MISC  https://bugzilla.kernel.org/show_bug.cgi?id=199179
https://bugzilla.kernel.org/show_bug.cgi?id=199275
(UNKNOWN)  MISC  https://bugzilla.kernel.org/show_bug.cgi?id=199275
https://bugzilla.redhat.com/show_bug.cgi?id=1560777
(VENDOR_ADVISORY)  MISC  https://bugzilla.redhat.com/show_bug.cgi?id=1560777
https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44
(PATCH)  MISC  https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
(UNKNOWN)  MLIST  [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update
https://usn.ubuntu.com/3676-1/
(UNKNOWN)  UBUNTU  USN-3676-1
https://usn.ubuntu.com/3676-2/
(UNKNOWN)  UBUNTU  USN-3676-2
https://usn.ubuntu.com/3677-1/
(UNKNOWN)  UBUNTU  USN-3677-1
https://usn.ubuntu.com/3677-2/
(UNKNOWN)  UBUNTU  USN-3677-2
https://usn.ubuntu.com/3678-1/
(UNKNOWN)  UBUNTU  USN-3678-1
https://usn.ubuntu.com/3678-2/
(UNKNOWN)  UBUNTU  USN-3678-2
https://usn.ubuntu.com/3678-3/
(UNKNOWN)  UBUNTU  USN-3678-3
https://usn.ubuntu.com/3678-4/
(UNKNOWN)  UBUNTU  USN-3678-4
https://www.debian.org/security/2018/dsa-4187
(UNKNOWN)  DEBIAN  DSA-4187
https://www.debian.org/security/2018/dsa-4188
(UNKNOWN)  DEBIAN  DSA-4188

- 漏洞信息 (F147454)

Debian Security Advisory 4188-1 (PacketStormID:F147454)
2018-05-03 00:00:00
Debian  debian.org
advisory,denial of service,kernel,vulnerability
linux,debian
CVE-2017-17975,CVE-2017-18193,CVE-2017-18216,CVE-2017-18218,CVE-2017-18222,CVE-2017-18224,CVE-2017-18241,CVE-2017-18257,CVE-2017-5715,CVE-2017-5753,CVE-2018-1000199,CVE-2018-10323,CVE-2018-1065,CVE-2018-1066,CVE-2018-1068,CVE-2018-1092,CVE-2018-1093,CVE-2018-1108,CVE-2018-5803,CVE-2018-7480,CVE-2018-7566,CVE-2018-7740,CVE-2018-7757,CVE-2018-7995,CVE-2018-8087,CVE-2018-8781,CVE-2018-8822
[点击下载]

Debian Linux Security Advisory 4188-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4188-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 01, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : linux
CVE ID         : CVE-2017-5715 CVE-2017-5753 CVE-2017-17975 CVE-2017-18193
                 CVE-2017-18216 CVE-2017-18218 CVE-2017-18222 CVE-2017-18224
                 CVE-2017-18241 CVE-2017-18257 CVE-2018-1065 CVE-2018-1066
                 CVE-2018-1068 CVE-2018-1092 CVE-2018-1093 CVE-2018-1108
                 CVE-2018-5803 CVE-2018-7480 CVE-2018-7566 CVE-2018-7740
                 CVE-2018-7757 CVE-2018-7995 CVE-2018-8087 CVE-2018-8781
                 CVE-2018-8822 CVE-2018-10323 CVE-2018-1000199

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2017-5715

    Multiple researchers have discovered a vulnerability in various
    processors supporting speculative execution, enabling an attacker
    controlling an unprivileged process to read memory from arbitrary
    addresses, including from the kernel and all other processes
    running on the system.

    This specific attack has been named Spectre variant 2 (branch
    target injection) and is mitigated for the x86 architecture (amd64
    and i386) by using the "retpoline" compiler feature which allows
    indirect branches to be isolated from speculative execution.

CVE-2017-5753

    Multiple researchers have discovered a vulnerability in various
    processors supporting speculative execution, enabling an attacker
    controlling an unprivileged process to read memory from arbitrary
    addresses, including from the kernel and all other processes
    running on the system.

    This specific attack has been named Spectre variant 1
    (bounds-check bypass) and is mitigated by identifying vulnerable
    code sections (array bounds checking followed by array access) and
    replacing the array access with the speculation-safe
    array_index_nospec() function.

    More use sites will be added over time.

CVE-2017-17975

    Tuba Yavuz reported a use-after-free flaw in the USBTV007
    audio-video grabber driver. A local user could use this for denial
    of service by triggering failure of audio registration.

CVE-2017-18193

    Yunlei He reported that the f2fs implementation does not properly
    handle extent trees, allowing a local user to cause a denial of
    service via an application with multiple threads.

CVE-2017-18216

    Alex Chen reported that the OCFS2 filesystem failed to hold a
    necessary lock during nodemanager sysfs file operations,
    potentially leading to a null pointer dereference.  A local user
    could use this for denial of service.

CVE-2017-18218

    Jun He reported a user-after-free flaw in the Hisilicon HNS ethernet
    driver. A local user could use this for denial of service.

CVE-2017-18222

    It was reported that the Hisilicon Network Subsystem (HNS) driver
    implementation does not properly handle ethtool private flags. A
    local user could use this for denial of service or possibly have
    other impact.

CVE-2017-18224

    Alex Chen reported that the OCFS2 filesystem omits the use of a
    semaphore and consequently has a race condition for access to the
    extent tree during read operations in DIRECT mode. A local user
    could use this for denial of service.

CVE-2017-18241

    Yunlei He reported that the f2fs implementation does not properly
    initialise its state if the "noflush_merge" mount option is used.
    A local user with access to a filesystem mounted with this option
    could use this to cause a denial of service.

CVE-2017-18257

    It was reported that the f2fs implementation is prone to an infinite
    loop caused by an integer overflow in the __get_data_block()
    function. A local user can use this for denial of service via
    crafted use of the open and fallocate system calls with an
    FS_IOC_FIEMAP ioctl.

CVE-2018-1065

    The syzkaller tool found a NULL pointer dereference flaw in the
    netfilter subsystem when handling certain malformed iptables
    rulesets. A local user with the CAP_NET_RAW or CAP_NET_ADMIN
    capability (in any user namespace) could use this to cause a denial
    of service. Debian disables unprivileged user namespaces by default.

CVE-2018-1066

    Dan Aloni reported to Red Hat that the CIFS client implementation
    would dereference a null pointer if the server sent an invalid
    response during NTLMSSP setup negotiation.  This could be used
    by a malicious server for denial of service.

CVE-2018-1068

    The syzkaller tool found that the 32-bit compatibility layer of
    ebtables did not sufficiently validate offset values. On a 64-bit
    kernel, a local user with the CAP_NET_ADMIN capability (in any user
    namespace) could use this to overwrite kernel memory, possibly
    leading to privilege escalation. Debian disables unprivileged user
    namespaces by default.

CVE-2018-1092

    Wen Xu reported that a crafted ext4 filesystem image would
    trigger a null dereference when mounted.  A local user able
    to mount arbitrary filesystems could use this for denial of
    service.

CVE-2018-1093

    Wen Xu reported that a crafted ext4 filesystem image could trigger
    an out-of-bounds read in the ext4_valid_block_bitmap() function. A
    local user able to mount arbitrary filesystems could use this for
    denial of service.

CVE-2018-1108

    Jann Horn reported that crng_ready() does not properly handle the
    crng_init variable states and the RNG could be treated as
    cryptographically safe too early after system boot.

CVE-2018-5803

    Alexey Kodanev reported that the SCTP protocol did not range-check
    the length of chunks to be created.  A local or remote user could
    use this to cause a denial of service.

CVE-2018-7480

    Hou Tao discovered a double-free flaw in the blkcg_init_queue()
    function in block/blk-cgroup.c. A local user could use this to cause
    a denial of service or have other impact.

CVE-2018-7566

    Fan LongFei reported a race condition in the ALSA (sound)
    sequencer core, between write and ioctl operations.  This could
    lead to an out-of-bounds access or use-after-free.  A local user
    with access to a sequencer device could use this for denial of
    service or possibly for privilege escalation.

CVE-2018-7740

    Nic Losby reported that the hugetlbfs filesystem's mmap operation
    did not properly range-check the file offset.  A local user with
    access to files on a hugetlbfs filesystem could use this to cause
    a denial of service.

CVE-2018-7757

    Jason Yan reported a memory leak in the SAS (Serial-Attached
    SCSI) subsystem.  A local user on a system with SAS devices
    could use this to cause a denial of service.

CVE-2018-7995

    Seunghun Han reported a race condition in the x86 MCE
    (Machine Check Exception) driver.  This is unlikely to have
    any security impact.

CVE-2018-8087

    A memory leak flaw was found in the hwsim_new_radio_nl() function in
    the simulated radio testing tool driver for mac80211, allowing a
    local user to cause a denial of service.

CVE-2018-8781

    Eyal Itkin reported that the udl (DisplayLink) driver's mmap
    operation did not properly range-check the file offset.  A local
    user with access to a udl framebuffer device could exploit this to
    overwrite kernel memory, leading to privilege escalation.

CVE-2018-8822

    Dr Silvio Cesare of InfoSect reported that the ncpfs client
    implementation did not validate reply lengths from the server.  An
    ncpfs server could use this to cause a denial of service or
    remote code execution in the client.

CVE-2018-10323

    Wen Xu reported a NULL pointer dereference flaw in the
    xfs_bmapi_write() function triggered when mounting and operating a
    crafted xfs filesystem image. A local user able to mount arbitrary
    filesystems could use this for denial of service.

CVE-2018-1000199

    Andy Lutomirski discovered that the ptrace subsystem did not
    sufficiently validate hardware breakpoint settings.  Local users
    can use this to cause a denial of service, or possibly for
    privilege escalation, on x86 (amd64 and i386) and possibly other
    architectures.

For the stable distribution (stretch), these problems have been fixed in
version 4.9.88-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlron7dfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Se0xAAmR31jrqeEkJhgh7qvKplrko9N27l7FCCrrqsR0cBjKtIpwBkIdm6UxP2
8HBxqK5oy3sUP/ViHBtTUqFlRbLq4fC2DsuJGGqtBk46yML4QOEV2CXA1gyhfSzG
ux5Z5nNkLDbzD7jPazbTwMusbQrDItojj6K5aoDVoRjjOpRHRViHv81kRU3KJytX
62f/vnEjxX0xkSOqLKXcUNDczLjcP2VxuKFb3si6w7YyCXq6XYhvoDch92QLJZfD
qtDUCKs1sEgWLzhktcYyhck3NGujSfLZuSLGnZowqGqaAvx/lq0sTOliKuPpnG+I
HztPR0iYQCuzsDgHbLlwGyuUnf446VRG+u/AP69qk0HqyWwCXqsTJ0rwMX04fXtR
7dR8Y1jbbXaH0+ai9V6c3zdz4UKH5rZOkpIIYSjCxVHUpE2cU4lFXYiWL/qJRBGV
150TtSgyAPBBBJa6cWgApXrHgriGEkZNscH2nmJfg2OBnDwnLJ4CvwNfij7daR8n
RlGOlvgKYCI1Ob54kKqvvxQhDrhTiBhti8T64wd2MzsrKLIRdlyTpSrsqK8VIJyg
ux1Y01sgA3JqS2XKL52ZTgCJhGkoX68+/se73P+jeRBP/tbNcXB2t2cE6gxIkiTX
eZEUmnS5IeoEcr7cYKm3M9GZvBBrVeTaFra3vSgeGDUr0XL2Yu4=
=uZGQ
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F147451)

Debian Security Advisory 4187-1 (PacketStormID:F147451)
2018-05-03 00:00:00
Debian  debian.org
advisory,denial of service,kernel,vulnerability
linux,debian
CVE-2015-9016,CVE-2017-0861,CVE-2017-13166,CVE-2017-13220,CVE-2017-16526,CVE-2017-16911,CVE-2017-16912,CVE-2017-16913,CVE-2017-16914,CVE-2017-18017,CVE-2017-18203,CVE-2017-18216,CVE-2017-18232,CVE-2017-18241,CVE-2017-5715,CVE-2017-5753,CVE-2018-1000004,CVE-2018-1000199,CVE-2018-1066,CVE-2018-1068,CVE-2018-1092,CVE-2018-5332,CVE-2018-5333,CVE-2018-5750,CVE-2018-5803,CVE-2018-6927,CVE-2018-7492
[点击下载]

Debian Linux Security Advisory 4187-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4187-1                   security@debian.org
https://www.debian.org/security/                            Ben Hutchings
May 01, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : linux
CVE ID         : CVE-2015-9016 CVE-2017-0861 CVE-2017-5715 CVE-2017-5753
                 CVE-2017-13166 CVE-2017-13220 CVE-2017-16526 CVE-2017-16911
                 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18017
                 CVE-2017-18203 CVE-2017-18216 CVE-2017-18232 CVE-2017-18241
                 CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-5332
                 CVE-2018-5333 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927
                 CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757
                 CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 CVE-2018-1000004
                 CVE-2018-1000199

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2015-9016

    Ming Lei reported a race condition in the multiqueue block layer
    (blk-mq).  On a system with a driver using blk-mq (mtip32xx,
    null_blk, or virtio_blk), a local user might be able to use this
    for denial of service or possibly for privilege escalation.

CVE-2017-0861

    Robb Glasser reported a potential use-after-free in the ALSA (sound)
    PCM core.  We believe this was not possible in practice.

CVE-2017-5715

    Multiple researchers have discovered a vulnerability in various
    processors supporting speculative execution, enabling an attacker
    controlling an unprivileged process to read memory from arbitrary
    addresses, including from the kernel and all other processes
    running on the system.

    This specific attack has been named Spectre variant 2 (branch
    target injection) and is mitigated for the x86 architecture (amd64
    and i386) by using the "retpoline" compiler feature which allows
    indirect branches to be isolated from speculative execution.

CVE-2017-5753

    Multiple researchers have discovered a vulnerability in various
    processors supporting speculative execution, enabling an attacker
    controlling an unprivileged process to read memory from arbitrary
    addresses, including from the kernel and all other processes
    running on the system.

    This specific attack has been named Spectre variant 1
    (bounds-check bypass) and is mitigated by identifying vulnerable
    code sections (array bounds checking followed by array access) and
    replacing the array access with the speculation-safe
    array_index_nospec() function.

    More use sites will be added over time.

CVE-2017-13166

    A bug in the 32-bit compatibility layer of the v4l2 ioctl handling
    code has been found. Memory protections ensuring user-provided
    buffers always point to userland memory were disabled, allowing
    destination addresses to be in kernel space. On a 64-bit kernel a
    local user with access to a suitable video device can exploit this
    to overwrite kernel memory, leading to privilege escalation.

CVE-2017-13220

    Al Viro reported that the Bluetooth HIDP implementation could
    dereference a pointer before performing the necessary type check.
    A local user could use this to cause a denial of service.

CVE-2017-16526

    Andrey Konovalov reported that the UWB subsystem may dereference
    an invalid pointer in an error case.  A local user might be able
    to use this for denial of service.

CVE-2017-16911

    Secunia Research reported that the USB/IP vhci_hcd driver exposed
    kernel heap addresses to local users.  This information could aid the
    exploitation of other vulnerabilities.

CVE-2017-16912

    Secunia Research reported that the USB/IP stub driver failed to
    perform a range check on a received packet header field, leading
    to an out-of-bounds read.  A remote user able to connect to the
    USB/IP server could use this for denial of service.

CVE-2017-16913

    Secunia Research reported that the USB/IP stub driver failed to
    perform a range check on a received packet header field, leading
    to excessive memory allocation.  A remote user able to connect to
    the USB/IP server could use this for denial of service.

CVE-2017-16914

    Secunia Research reported that the USB/IP stub driver failed to
    check for an invalid combination of fields in a received packet,
    leading to a null pointer dereference.  A remote user able to
    connect to the USB/IP server could use this for denial of service.

CVE-2017-18017

    Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module
    failed to validate TCP header lengths, potentially leading to a
    use-after-free.  If this module is loaded, it could be used by a
    remote attacker for denial of service or possibly for code
    execution.

CVE-2017-18203

    Hou Tao reported that there was a race condition in creation and
    deletion of device-mapper (DM) devices.  A local user could
    potentially use this for denial of service.

CVE-2017-18216

    Alex Chen reported that the OCFS2 filesystem failed to hold a
    necessary lock during nodemanager sysfs file operations,
    potentially leading to a null pointer dereference.  A local user
    could use this for denial of service.

CVE-2017-18232

    Jason Yan reported a race condition in the SAS (Serial-Attached
    SCSI) subsystem, between probing and destroying a port.  This
    could lead to a deadlock.  A physically present attacker could
    use this to cause a denial of service.

CVE-2017-18241

    Yunlei He reported that the f2fs implementation does not properly
    initialise its state if the "noflush_merge" mount option is used.
    A local user with access to a filesystem mounted with this option
    could use this to cause a denial of service.

CVE-2018-1066

    Dan Aloni reported to Red Hat that the CIFS client implementation
    would dereference a null pointer if the server sent an invalid
    response during NTLMSSP setup negotiation.  This could be used
    by a malicious server for denial of service.

CVE-2018-1068

    The syzkaller tool found that the 32-bit compatibility layer of
    ebtables did not sufficiently validate offset values. On a 64-bit
    kernel, a local user with the CAP_NET_ADMIN capability (in any user
    namespace) could use this to overwrite kernel memory, possibly
    leading to privilege escalation. Debian disables unprivileged user
    namespaces by default.

CVE-2018-1092

    Wen Xu reported that a crafted ext4 filesystem image would
    trigger a null dereference when mounted.  A local user able
    to mount arbitrary filesystems could use this for denial of
    service.

CVE-2018-5332

    Mohamed Ghannam reported that the RDS protocol did not
    sufficiently validate RDMA requests, leading to an out-of-bounds
    write.  A local attacker on a system with the rds module loaded
    could use this for denial of service or possibly for privilege
    escalation.

CVE-2018-5333

    Mohamed Ghannam reported that the RDS protocol did not properly
    handle an error case, leading to a null pointer dereference.  A
    local attacker on a system with the rds module loaded could
    possibly use this for denial of service.

CVE-2018-5750

    Wang Qize reported that the ACPI sbshc driver logged a kernel heap
    address.  This information could aid the exploitation of other
    vulnerabilities.

CVE-2018-5803

    Alexey Kodanev reported that the SCTP protocol did not range-check
    the length of chunks to be created.  A local or remote user could
    use this to cause a denial of service.

CVE-2018-6927

    Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did
    not check for negative parameter values, which might lead to a
    denial of service or other security impact.

CVE-2018-7492

    The syzkaller tool found that the RDS protocol was lacking a null
    pointer check.  A local attacker on a system with the rds module
    loaded could use this for denial of service.

CVE-2018-7566

    Fan LongFei reported a race condition in the ALSA (sound)
    sequencer core, between write and ioctl operations.  This could
    lead to an out-of-bounds access or use-after-free.  A local user
    with access to a sequencer device could use this for denial of
    service or possibly for privilege escalation.

CVE-2018-7740

    Nic Losby reported that the hugetlbfs filesystem's mmap operation
    did not properly range-check the file offset.  A local user with
    access to files on a hugetlbfs filesystem could use this to cause
    a denial of service.

CVE-2018-7757

    Jason Yan reported a memory leak in the SAS (Serial-Attached
    SCSI) subsystem.  A local user on a system with SAS devices
    could use this to cause a denial of service.

CVE-2018-7995

    Seunghun Han reported a race condition in the x86 MCE
    (Machine Check Exception) driver.  This is unlikely to have
    any security impact.

CVE-2018-8781

    Eyal Itkin reported that the udl (DisplayLink) driver's mmap
    operation did not properly range-check the file offset.  A local
    user with access to a udl framebuffer device could exploit this to
    overwrite kernel memory, leading to privilege escalation.

CVE-2018-8822

    Dr Silvio Cesare of InfoSect reported that the ncpfs client
    implementation did not validate reply lengths from the server.  An
    ncpfs server could use this to cause a denial of service or
    remote code execution in the client.

CVE-2018-1000004

    Luo Quan reported a race condition in the ALSA (sound) sequencer
    core, between multiple ioctl operations.  This could lead to a
    deadlock or use-after-free.  A local user with access to a
    sequencer device could use this for denial of service or possibly
    for privilege escalation.

CVE-2018-1000199

    Andy Lutomirski discovered that the ptrace subsystem did not
    sufficiently validate hardware breakpoint settings.  Local users
    can use this to cause a denial of service, or possibly for
    privilege escalation, on x86 (amd64 and i386) and possibly other
    architectures.

For the oldstable distribution (jessie), these problems have been fixed
in version 3.16.56-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlron61fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Rtqw//Xf/L4bP65wU9M59Ef6xBt+Eph+yxeMsioGhu80ODdMemlmHzASMtfZjY
AXxyt9l8lbHn8MmwDA4aLhhwHYXwvKATdpHSy1SILrRfb4s9P9uV1vsHaIeZ649E
hDyNon9hP2tPso6BwqiYHZZy9Xxtd+T8vTBeBZwUKOLBkBRvV/gyNSUdJWp6L8WH
aF4D1hHl9ZotDkyIvkubbx77aqbJ88I4R0n69x7L9udFbuXa+U7hV6dJdnpzyl/7
OukJfEtnkaUgWu0MdOfFss6iH5OQISn/y/ricRi29oKQiEp3YwnT5J9pFwSQeJJS
H8ABVt251UoS0J+of3QWw0muOT/6UAF8SNpPKMJXC7Euq8pTmYVPSIeUYf4eqn65
UHZSCKXaszItq+uzVNYdkj504BJ4cG1lFxZtlrFWwKE8p7QOETN0GKvTRdu/SvDd
Hl2nb4HouLpBYS518Th2/MGgzhXXAuO12MH3smenptZbqxKn9Z0XSTJYzFupgJk/
kKF2xkDFBE4toTLVE+6XdUKwYk4vkeDZyOGOwRYThSkKAzrUh5zThgal4HnknD2A
5ye4XLhjgSIT47/nmor6lhxd7WGXGkV33GF0azYlHr/sclfzxcU2Ev3NUBWQ8M3s
CxfIO0FNCzO0WIUf40md7MlIAnDBIRGyYgNIIe7AnSRKKPykEx8=
=wNQS
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F147805)

Slackware Security Advisory - Slackware 14.2 kernel Updates (PacketStormID:F147805)
2018-05-22 00:00:00
Slackware Security Team  slackware.com
advisory,kernel
linux,slackware
CVE-2018-1000004,CVE-2018-1092
[点击下载]

Slackware Security Advisory - New kernel packages are available for Slackware 14.2 to fix a regression in the getsockopt() function and to fix two denial-of-service security issues.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  Slackware 14.2 kernel (SSA:2018-142-01)

New kernel packages are available for Slackware 14.2 to fix a regression in the
getsockopt() function and to fix two denial-of-service security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4.132/*:  Upgraded.
  This kernel upgrade is being provided primarily to fix a regression in the
  getsockopt() function, but it also contains fixes for two denial-of-service
  security issues.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000004
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1092
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.132/kernel-firmware-20180518_2a9b2cf-noarch-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.132/kernel-generic-4.4.132-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.132/kernel-generic-smp-4.4.132_smp-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.132/kernel-headers-4.4.132_smp-x86-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.132/kernel-huge-4.4.132-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.132/kernel-huge-smp-4.4.132_smp-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.132/kernel-modules-4.4.132-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.132/kernel-modules-smp-4.4.132_smp-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.132/kernel-source-4.4.132_smp-noarch-1.txz

Updated packages for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.132/kernel-firmware-20180518_2a9b2cf-noarch-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.132/kernel-generic-4.4.132-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.132/kernel-headers-4.4.132-x86-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.132/kernel-huge-4.4.132-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.132/kernel-modules-4.4.132-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.132/kernel-source-4.4.132-noarch-1.txz


MD5 signatures:
+-------------+

Slackware 14.2 packages:
4ff85b42f4f7587deefcb84ce14c9461  kernel-firmware-20180518_2a9b2cf-noarch-1.txz
566064dfcb36625c610a6b0e55855a41  kernel-generic-4.4.132-i586-1.txz
b92dc964c1756631c46005070047ac60  kernel-generic-smp-4.4.132_smp-i686-1.txz
5895d6a019ff0ce3da4bdb661b722b6b  kernel-headers-4.4.132_smp-x86-1.txz
36a7a69c61c50d76de322c9b3fd23bcd  kernel-huge-4.4.132-i586-1.txz
f53fef4887719b6688b639c96fc5e2af  kernel-huge-smp-4.4.132_smp-i686-1.txz
750d2a9bef5c7541927c9771a5bca8fd  kernel-modules-4.4.132-i586-1.txz
47717aecee869d4328799ede9a58a8b8  kernel-modules-smp-4.4.132_smp-i686-1.txz
61b6014daedfc3959ec3c05811619545  kernel-source-4.4.132_smp-noarch-1.txz

Slackware x86_64 14.2 packages:
4ff85b42f4f7587deefcb84ce14c9461  kernel-firmware-20180518_2a9b2cf-noarch-1.txz
0dfe6a39b86d1a261b4be59c8fe4be6a  kernel-generic-4.4.132-x86_64-1.txz
f0154ba85c2414df180ca5807f489518  kernel-headers-4.4.132-x86-1.txz
c602c39608615e542f7a729f47296c23  kernel-huge-4.4.132-x86_64-1.txz
073d1cef1df2762916478f7008be7adc  kernel-modules-4.4.132-x86_64-1.txz
e32b5fd02a085b1ece9fb7d98c55f396  kernel-source-4.4.132-noarch-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg kernel-*.txz

If you are using an initrd, you'll need to rebuild it.

For a 32-bit SMP machine, use this command (substitute the appropriate
kernel version if you are not running Slackware 14.2):
# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.132-smp | bash

For a 64-bit machine, or a 32-bit uniprocessor machine, use this command
(substitute the appropriate kernel version if you are not running
Slackware 14.2):
# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.132 | bash

Please note that "uniprocessor" has to do with the kernel you are running,
not with the CPU.  Most systems should run the SMP kernel (if they can)
regardless of the number of cores the CPU has.  If you aren't sure which
kernel you are running, run "uname -a".  If you see SMP there, you are
running the SMP kernel and should use the 4.4.132-smp version when running
mkinitrd_command_generator.  Note that this is only for 32-bit -- 64-bit
systems should always use 4.4.132 as the version.

If you are using lilo or elilo to boot the machine, you'll need to ensure
that the machine is properly prepared before rebooting.

If using LILO:
By default, lilo.conf contains an image= line that references a symlink
that always points to the correct kernel.  No editing should be required
unless your machine uses a custom lilo.conf.  If that is the case, be sure
that the image= line references the correct kernel file.  Either way,
you'll need to run "lilo" as root to reinstall the boot loader.

If using elilo:
Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wish
to use, and then run eliloconfig to update the EFI System Partition.


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAlsEi9kACgkQakRjwEAQIjNBSQCdGLwIrbZCbRKIn8vLQUl1wQI3
LgEAmgJBk6WIv9Kpck/+CvFcHunsssTC
=iC5o
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F147927)

Kernel Live Patch Security Notice LSN-0039-1 (PacketStormID:F147927)
2018-05-28 00:00:00
Benjamin M. Romer  
advisory,denial of service,kernel,local,root
linux
CVE-2017-17862,CVE-2018-1000004,CVE-2018-1092,CVE-2018-1093,CVE-2018-8087
[点击下载]

Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. Various other issues were also addressed.

==========================================================================
Kernel Live Patch Security Notice LSN-0039-1
May 25, 2018

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu:

| Series           | Base kernel  | Arch     | flavors          |
|------------------+--------------+----------+------------------|
| Ubuntu 14.04 LTS | 4.4.0        | amd64    | generic          |
| Ubuntu 14.04 LTS | 4.4.0        | amd64    | lowlatency       |
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | generic          |
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | lowlatency       |
| Ubuntu 18.04 LTS | 4.15.0       | amd64    | generic          |
| Ubuntu 18.04 LTS | 4.15.0       | amd64    | lowlatency       |

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF)
implementation in the Linux kernel contained a branch-pruning logic issue
around unreachable code. A local attacker could use this to cause a denial
of service. (CVE-2017-17862)

The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 
4.15.15 mishandles the case of a root directory with a zero i_links_count, 
which allows attackers to cause a denial of service
(ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted
ext4 image. (CVE-2018-1092)

The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux 
kernel through 4.15.15 allows attackers to cause a denial of service
(out-of-bounds read and system crash) via a crafted ext4 image because
balloc.c and ialloc.c do not validate bitmap block numbers. (CVE-2018-1093)

A memory leak in the hwsim_new_radio_nl function in
drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9
allows local users to cause a denial of service (memory consumption) by
triggering an out-of-array error case. (CVE-2018-8087)

Luo Quan and Wei Yang discovered that a race condition existed in the
Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel when
handling ioctl()s. A local attacker could use this to cause a denial of
service (system deadlock). (CVE-2018-1000004)

Update instructions:

The problem can be corrected by updating your livepatches to the following
versions:

| Kernel                    | Version  | flavors                  |
|---------------------------+----------+--------------------------|
| 4.4.0-124.148             | 39.1     | generic, lowlatency      |
| lts-4.4.0-124.148~14.04.1 | 39.1     | generic, lowlatency      |
| 4.15.0-20.21              | 39.3     | generic, lowlatency      |

Additionally, you should install an updated kernel with these fixes and
reboot at your convienience.

References:
  CVE-2017-17862, CVE-2018-1092, CVE-2018-1093, CVE-2018-8087, CVE-2018-1000004

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
    

- 漏洞信息 (F148150)

Ubuntu Security Notice USN-3678-2 (PacketStormID:F148150)
2018-06-12 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,kernel,local,memory leak
linux,ubuntu
CVE-2018-10021,CVE-2018-1092,CVE-2018-8087
[点击下载]

Ubuntu Security Notice 3678-2 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3678-2
June 12, 2018

linux-azure vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems

Details:

Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly handle corrupted meta data in some situations. An
attacker could use this to specially craft an ext4 file system that caused
a denial of service (system crash) when mounted. (CVE-2018-1092)

It was discovered that the 802.11 software simulator implementation in the
Linux kernel contained a memory leak when handling certain error
conditions. A local attacker could possibly use this to cause a denial of
service (memory exhaustion). (CVE-2018-8087)

It was discovered that a memory leak existed in the Serial Attached SCSI
(SAS) implementation in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (memory exhaustion).
(CVE-2018-10021)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  linux-image-4.15.0-1013-azure   4.15.0-1013.13~16.04.2
  linux-image-azure               4.15.0.1013.20

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://usn.ubuntu.com/usn/usn-3678-2
  https://usn.ubuntu.com/usn/usn-3678-1
  CVE-2018-10021, CVE-2018-1092, CVE-2018-8087

Package Information:
  https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1013.13~16.04.2

    

- 漏洞信息 (F148149)

Ubuntu Security Notice USN-3678-1 (PacketStormID:F148149)
2018-06-12 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,kernel,local,memory leak
linux,ubuntu
CVE-2018-10021,CVE-2018-1092,CVE-2018-8087
[点击下载]

Ubuntu Security Notice 3678-1 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3678-1
June 12, 2018

linux, linux-aws, linux-gcp, linux-kvm vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments

Details:

Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly handle corrupted meta data in some situations. An
attacker could use this to specially craft an ext4 file system that caused
a denial of service (system crash) when mounted. (CVE-2018-1092)

It was discovered that the 802.11 software simulator implementation in the
Linux kernel contained a memory leak when handling certain error
conditions. A local attacker could possibly use this to cause a denial of
service (memory exhaustion). (CVE-2018-8087)

It was discovered that a memory leak existed in the Serial Attached SCSI
(SAS) implementation in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (memory exhaustion).
(CVE-2018-10021)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  linux-image-4.15.0-1009-gcp     4.15.0-1009.9
  linux-image-4.15.0-1010-aws     4.15.0-1010.10
  linux-image-4.15.0-1011-kvm     4.15.0-1011.11
  linux-image-4.15.0-23-generic   4.15.0-23.25
  linux-image-4.15.0-23-generic-lpae  4.15.0-23.25
  linux-image-4.15.0-23-lowlatency  4.15.0-23.25
  linux-image-4.15.0-23-snapdragon  4.15.0-23.25
  linux-image-aws                 4.15.0.1010.10
  linux-image-gcp                 4.15.0.1009.11
  linux-image-generic             4.15.0.23.25
  linux-image-generic-lpae        4.15.0.23.25
  linux-image-gke                 4.15.0.1009.11
  linux-image-kvm                 4.15.0.1011.11
  linux-image-lowlatency          4.15.0.23.25
  linux-image-snapdragon          4.15.0.23.25

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://usn.ubuntu.com/usn/usn-3678-1
  CVE-2018-10021, CVE-2018-1092, CVE-2018-8087

Package Information:
  https://launchpad.net/ubuntu/+source/linux/4.15.0-23.25
  https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1010.10
  https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1009.9
  https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1011.11

    

- 漏洞信息 (F148148)

Ubuntu Security Notice USN-3677-2 (PacketStormID:F148148)
2018-06-12 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,arbitrary,kernel,local,vulnerability
linux,ubuntu
CVE-2018-1068,CVE-2018-1092,CVE-2018-7492,CVE-2018-8087,CVE-2018-8781
[点击下载]

Ubuntu Security Notice 3677-2 - USN-3677-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3677-2
June 12, 2018

linux-hwe, linux-gcp, linux-oem vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
- linux-oem: Linux kernel for OEM processors

Details:

USN-3677-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS.

It was discovered that the netfilter subsystem of the Linux kernel did not
properly validate ebtables offsets. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-1068)

Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly handle corrupted meta data in some situations. An
attacker could use this to specially craft an ext4 file system that caused
a denial of service (system crash) when mounted. (CVE-2018-1092)

It was discovered that a NULL pointer dereference existed in the RDS
(Reliable Datagram Sockets) protocol implementation in the Linux kernel. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2018-7492)

It was discovered that the 802.11 software simulator implementation in the
Linux kernel contained a memory leak when handling certain error
conditions. A local attacker could possibly use this to cause a denial of
service (memory exhaustion). (CVE-2018-8087)

Eyal Itkin discovered that the USB displaylink video adapter driver in the
Linux kernel did not properly validate mmap offsets sent from userspace. A
local attacker could use this to expose sensitive information (kernel
memory) or possibly execute arbitrary code. (CVE-2018-8781)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  linux-image-4.13.0-1019-gcp     4.13.0-1019.23
  linux-image-4.13.0-1030-oem     4.13.0-1030.33
  linux-image-4.13.0-45-generic   4.13.0-45.50~16.04.1
  linux-image-4.13.0-45-generic-lpae  4.13.0-45.50~16.04.1
  linux-image-4.13.0-45-lowlatency  4.13.0-45.50~16.04.1
  linux-image-gcp                 4.13.0.1019.21
  linux-image-generic-hwe-16.04   4.13.0.45.64
  linux-image-generic-lpae-hwe-16.04  4.13.0.45.64
  linux-image-gke                 4.13.0.1019.21
  linux-image-lowlatency-hwe-16.04  4.13.0.45.64
  linux-image-oem                 4.13.0.1030.35

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://usn.ubuntu.com/usn/usn-3677-2
  https://usn.ubuntu.com/usn/usn-3677-1
  CVE-2018-1068, CVE-2018-1092, CVE-2018-7492, CVE-2018-8087,
  CVE-2018-8781

Package Information:
  https://launchpad.net/ubuntu/+source/linux-gcp/4.13.0-1019.23
  https://launchpad.net/ubuntu/+source/linux-hwe/4.13.0-45.50~16.04.1
  https://launchpad.net/ubuntu/+source/linux-oem/4.13.0-1030.33

    

- 漏洞信息 (F148146)

Ubuntu Security Notice USN-3677-1 (PacketStormID:F148146)
2018-06-12 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,arbitrary,kernel,local
linux,ubuntu
CVE-2018-1068,CVE-2018-1092,CVE-2018-7492,CVE-2018-8087,CVE-2018-8781
[点击下载]

Ubuntu Security Notice 3677-1 - It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3677-1
June 11, 2018

linux, linux-raspi2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.10

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-raspi2: Linux kernel for Raspberry Pi 2

Details:

It was discovered that the netfilter subsystem of the Linux kernel did not
properly validate ebtables offsets. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-1068)

Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly handle corrupted meta data in some situations. An
attacker could use this to specially craft an ext4 file system that caused
a denial of service (system crash) when mounted. (CVE-2018-1092)

It was discovered that a NULL pointer dereference existed in the RDS
(Reliable Datagram Sockets) protocol implementation in the Linux kernel. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2018-7492)

It was discovered that the 802.11 software simulator implementation in the
Linux kernel contained a memory leak when handling certain error
conditions. A local attacker could possibly use this to cause a denial of
service (memory exhaustion). (CVE-2018-8087)

Eyal Itkin discovered that the USB displaylink video adapter driver in the
Linux kernel did not properly validate mmap offsets sent from userspace. A
local attacker could use this to expose sensitive information (kernel
memory) or possibly execute arbitrary code. (CVE-2018-8781)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
  linux-image-4.13.0-1022-raspi2  4.13.0-1022.23
  linux-image-4.13.0-45-generic   4.13.0-45.50
  linux-image-4.13.0-45-generic-lpae  4.13.0-45.50
  linux-image-4.13.0-45-lowlatency  4.13.0-45.50
  linux-image-generic             4.13.0.45.48
  linux-image-generic-lpae        4.13.0.45.48
  linux-image-lowlatency          4.13.0.45.48
  linux-image-raspi2              4.13.0.1022.20

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://usn.ubuntu.com/usn/usn-3677-1
  CVE-2018-1068, CVE-2018-1092, CVE-2018-7492, CVE-2018-8087,
  CVE-2018-8781

Package Information:
  https://launchpad.net/ubuntu/+source/linux/4.13.0-45.50
  https://launchpad.net/ubuntu/+source/linux-raspi2/4.13.0-1022.23

    

- 漏洞信息 (F148145)

Ubuntu Security Notice USN-3676-2 (PacketStormID:F148145)
2018-06-12 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,kernel,vulnerability
linux,ubuntu
CVE-2018-1092,CVE-2018-1093,CVE-2018-10940,CVE-2018-8087
[点击下载]

Ubuntu Security Notice 3676-2 - USN-3676-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3676-2
June 11, 2018

linux-lts-xenial, linux-aws vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

USN-3676-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.

Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly handle corrupted meta data in some situations. An
attacker could use this to specially craft an ext4 file system that caused
a denial of service (system crash) when mounted. (CVE-2018-1092,
CVE-2018-1093)

It was discovered that the cdrom driver in the Linux kernel contained an
incorrect bounds check. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2018-10940)

It was discovered that the 802.11 software simulator implementation in the
Linux kernel contained a memory leak when handling certain error
conditions. A local attacker could possibly use this to cause a denial of
service (memory exhaustion). (CVE-2018-8087)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  linux-image-4.4.0-1023-aws      4.4.0-1023.23
  linux-image-4.4.0-128-generic   4.4.0-128.154~14.04.1
  linux-image-4.4.0-128-generic-lpae  4.4.0-128.154~14.04.1
  linux-image-4.4.0-128-lowlatency  4.4.0-128.154~14.04.1
  linux-image-4.4.0-128-powerpc-e500mc  4.4.0-128.154~14.04.1
  linux-image-4.4.0-128-powerpc-smp  4.4.0-128.154~14.04.1
  linux-image-4.4.0-128-powerpc64-emb  4.4.0-128.154~14.04.1
  linux-image-4.4.0-128-powerpc64-smp  4.4.0-128.154~14.04.1
  linux-image-aws                 4.4.0.1023.23
  linux-image-generic-lpae-lts-xenial  4.4.0.128.108
  linux-image-generic-lts-xenial  4.4.0.128.108
  linux-image-lowlatency-lts-xenial  4.4.0.128.108
  linux-image-powerpc-e500mc-lts-xenial  4.4.0.128.108
  linux-image-powerpc-smp-lts-xenial  4.4.0.128.108
  linux-image-powerpc64-emb-lts-xenial  4.4.0.128.108
  linux-image-powerpc64-smp-lts-xenial  4.4.0.128.108

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://usn.ubuntu.com/usn/usn-3676-2
  https://usn.ubuntu.com/usn/usn-3676-1
  CVE-2018-1092, CVE-2018-1093, CVE-2018-10940, CVE-2018-8087

Package Information:
  https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1023.23
  https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-128.154~14.04.1

    

- 漏洞信息 (F148144)

Ubuntu Security Notice USN-3676-1 (PacketStormID:F148144)
2018-06-12 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,kernel,local
linux,ubuntu
CVE-2018-1092,CVE-2018-1093,CVE-2018-10940,CVE-2018-8087
[点击下载]

Ubuntu Security Notice 3676-1 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3676-1
June 11, 2018

linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-kvm: Linux kernel for cloud environments
- linux-raspi2: Linux kernel for Raspberry Pi 2
- linux-snapdragon: Linux kernel for Snapdragon processors

Details:

Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly handle corrupted meta data in some situations. An
attacker could use this to specially craft an ext4 file system that caused
a denial of service (system crash) when mounted. (CVE-2018-1092,
CVE-2018-1093)

It was discovered that the cdrom driver in the Linux kernel contained an
incorrect bounds check. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2018-10940)

It was discovered that the 802.11 software simulator implementation in the
Linux kernel contained a memory leak when handling certain error
conditions. A local attacker could possibly use this to cause a denial of
service (memory exhaustion). (CVE-2018-8087)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  linux-image-4.4.0-1027-kvm      4.4.0-1027.32
  linux-image-4.4.0-1061-aws      4.4.0-1061.70
  linux-image-4.4.0-1091-raspi2   4.4.0-1091.99
  linux-image-4.4.0-1094-snapdragon  4.4.0-1094.99
  linux-image-4.4.0-128-generic   4.4.0-128.154
  linux-image-4.4.0-128-generic-lpae  4.4.0-128.154
  linux-image-4.4.0-128-lowlatency  4.4.0-128.154
  linux-image-4.4.0-128-powerpc-e500mc  4.4.0-128.154
  linux-image-4.4.0-128-powerpc-smp  4.4.0-128.154
  linux-image-4.4.0-128-powerpc64-emb  4.4.0-128.154
  linux-image-4.4.0-128-powerpc64-smp  4.4.0-128.154
  linux-image-aws                 4.4.0.1061.63
  linux-image-generic             4.4.0.128.134
  linux-image-generic-lpae        4.4.0.128.134
  linux-image-kvm                 4.4.0.1027.26
  linux-image-lowlatency          4.4.0.128.134
  linux-image-powerpc-e500mc      4.4.0.128.134
  linux-image-powerpc-smp         4.4.0.128.134
  linux-image-powerpc64-emb       4.4.0.128.134
  linux-image-powerpc64-smp       4.4.0.128.134
  linux-image-raspi2              4.4.0.1091.91
  linux-image-snapdragon          4.4.0.1094.86

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://usn.ubuntu.com/usn/usn-3676-1
  CVE-2018-1092, CVE-2018-1093, CVE-2018-10940, CVE-2018-8087

Package Information:
  https://launchpad.net/ubuntu/+source/linux/4.4.0-128.154
  https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1061.70
  https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1027.32
  https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1091.99
  https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1094.99

    

- 漏洞信息 (F148166)

Ubuntu Security Notice USN-3678-3 (PacketStormID:F148166)
2018-06-12 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,kernel,local,memory leak
linux,ubuntu
CVE-2018-10021,CVE-2018-1092,CVE-2018-8087
[点击下载]

Ubuntu Security Notice 3678-3 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3678-3
June 12, 2018

linux-azure vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems

Details:

Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly handle corrupted meta data in some situations. An
attacker could use this to specially craft an ext4 file system that caused
a denial of service (system crash) when mounted. (CVE-2018-1092)

It was discovered that the 802.11 software simulator implementation in the
Linux kernel contained a memory leak when handling certain error
conditions. A local attacker could possibly use this to cause a denial of
service (memory exhaustion). (CVE-2018-8087)

It was discovered that a memory leak existed in the Serial Attached SCSI
(SAS) implementation in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (memory exhaustion).
(CVE-2018-10021)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  linux-image-4.15.0-1013-azure   4.15.0-1013.13
  linux-image-azure               4.15.0.1013.13

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://usn.ubuntu.com/usn/usn-3678-3
  https://usn.ubuntu.com/usn/usn-3678-1
  CVE-2018-10021, CVE-2018-1092, CVE-2018-8087

Package Information:
  https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1013.13

    

- 漏洞信息 (F148202)

Ubuntu Security Notice USN-3678-4 (PacketStormID:F148202)
2018-06-14 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,kernel,local,memory leak
linux,ubuntu
CVE-2018-10021,CVE-2018-1092,CVE-2018-8087
[点击下载]

Ubuntu Security Notice 3678-4 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3678-4
June 15, 2018

linux-raspi2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-raspi2: Linux kernel for Raspberry Pi 2

Details:

Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly handle corrupted meta data in some situations. An
attacker could use this to specially craft an ext4 file system that caused
a denial of service (system crash) when mounted. (CVE-2018-1092)

It was discovered that the 802.11 software simulator implementation in the
Linux kernel contained a memory leak when handling certain error
conditions. A local attacker could possibly use this to cause a denial of
service (memory exhaustion). (CVE-2018-8087)

It was discovered that a memory leak existed in the Serial Attached SCSI
(SAS) implementation in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (memory exhaustion).
(CVE-2018-10021)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  linux-image-4.15.0-1012-raspi2  4.15.0-1012.13
  linux-image-raspi2              4.15.0.1012.10

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://usn.ubuntu.com/usn/usn-3678-4
  https://usn.ubuntu.com/usn/usn-3678-1
  CVE-2018-10021, CVE-2018-1092, CVE-2018-8087

Package Information:
  https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1012.13

    

- 漏洞信息 (F148420)

Kernel Live Patch Security Notice LSN-0040-1 (PacketStormID:F148420)
2018-07-05 00:00:00
Benjamin M. Romer  
advisory,denial of service,kernel,local
linux
CVE-2018-1092,CVE-2018-1093,CVE-2018-3665,CVE-2018-7755
[点击下载]

Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service (system crash) when mounted. It was discovered that an information leak vulnerability existed in the floppy driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). Various other issues were also addressed.

==========================================================================
Kernel Live Patch Security Notice 0040-1
July 03, 2018

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu:

| Series           | Base kernel  | Arch     | flavors          |
|------------------+--------------+----------+------------------|
| Ubuntu 14.04 LTS | 4.4.0        | amd64    | generic          |
| Ubuntu 14.04 LTS | 4.4.0        | amd64    | lowlatency       |
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | generic          |
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | lowlatency       |
| Ubuntu 18.04 LTS | 4.15.0       | amd64    | generic          |
| Ubuntu 18.04 LTS | 4.15.0       | amd64    | lowlatency       |

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly handle corrupted meta data in some situations. An
attacker could use this to specially craft an ext4 file system that caused
a denial of service (system crash) when mounted. (CVE-2018-1093)

Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly handle corrupted meta data in some situations. An
attacker could use this to specially craft an ext4 file system that caused
a denial of service (system crash) when mounted. (CVE-2018-1092)

It was discovered that an information leak vulnerability existed in the
floppy driver in the Linux kernel. A local attacker could use this to
expose sensitive information (kernel memory). (CVE-2018-7755)

Julian Stecklina and Thomas Prescher discovered that FPU register states
(such as MMX, SSE, and AVX registers) which are lazy restored are
potentially vulnerable to a side channel attack. A local attacker could use
this to expose sensitive information. (CVE-2018-3665)

Update instructions:

The problem can be corrected by updating your livepatches to the following
versions:

| Kernel                   | Version  | flavors                  |
|--------------------------+----------+--------------------------|
| 4.4.0-124.148            | 40.6     | lowlatency, generic      |
| 4.4.0-124.148~14.04.1    | 40.6     | generic, lowlatency      |
| 4.4.0-127.153            | 40.6     | lowlatency, generic      |
| 4.4.0-127.153~14.04.1    | 40.6     | lowlatency, generic      |
| 4.4.0-128.154            | 40.6     | generic, lowlatency      |
| 4.4.0-128.154~14.04.1    | 40.6     | generic, lowlatency      |
| 4.15.0-20.21             | 40.7     | generic, lowlatency      |
| 4.15.0-22.24             | 40.7     | lowlatency, generic      |
| 4.15.0-23.25             | 40.7     | lowlatency, generic      |

References:
  CVE-2018-1093, CVE-2018-1092, CVE-2018-7755, CVE-2018-3665

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
    
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站