Ubuntu alert USN-3581-3 (linux-raspi2)
| From: | Steve Beattie <steve.beattie@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-3581-3] Linux kernel (Raspberry Pi 2) vulnerabilities | |
| Date: | Thu, 22 Feb 2018 23:06:14 -0800 | |
| Message-ID: | <20180223070614.GI30488@nxnw.org> |
========================================================================== Ubuntu Security Notice USN-3581-3 February 23, 2018 linux-raspi2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.10 Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-raspi2: Linux kernel for Raspberry Pi 2 Details: Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-17712) ChunYu Wang discovered that a use-after-free vulnerability existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code, (CVE-2017-15115) Mohamed Ghannam discovered a use-after-free vulnerability in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-8824) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: linux-image-4.13.0-1014-raspi2 4.13.0-1014.15 linux-image-raspi2 4.13.0.1014.12 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/usn/usn-3581-3 https://usn.ubuntu.com/usn/usn-3581-1 CVE-2017-15115, CVE-2017-17712, CVE-2017-8824 Package Information: https://launchpad.net/ubuntu/+source/linux-raspi2/4.13.0-... -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...