ESB-2018.1945 - [Ubuntu] kernel: Multiple vulnerabilities 2018-07-05

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.1945
        linux vulnerability on amd64 patched in Ubuntu LTS versions
                                5 July 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           kernel
Publisher:         Ubuntu
Operating System:  Ubuntu
Platform:          amd64
Impact/Access:     Access Privileged Data -- Existing Account            
                   Denial of Service      -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-7755 CVE-2018-3665 CVE-2018-1093
                   CVE-2018-1092  

Reference:         ESB-2018.1917
                   ESB-2018.1916
                   ESB-2018.1738.2
                   ESB-2018.1335

Original Bulletin: 
   https://lists.ubuntu.com/archives/ubuntu-security-announce/2018-July/004476.html

- --------------------------BEGIN INCLUDED TEXT--------------------

==========================================================================
Kernel Live Patch Security Notice 0040-1
July 03, 2018

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu:

| Series           | Base kernel  | Arch     | flavors          |
|------------------+--------------+----------+------------------|
| Ubuntu 14.04 LTS | 4.4.0        | amd64    | generic          |
| Ubuntu 14.04 LTS | 4.4.0        | amd64    | lowlatency       |
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | generic          |
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | lowlatency       |
| Ubuntu 18.04 LTS | 4.15.0       | amd64    | generic          |
| Ubuntu 18.04 LTS | 4.15.0       | amd64    | lowlatency       |

Summary:

Several security issues were fixed in the kernel.

Software Description:
- - linux: Linux kernel

Details:

Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly handle corrupted meta data in some situations. An
attacker could use this to specially craft an ext4 file system that caused
a denial of service (system crash) when mounted. (CVE-2018-1093)

Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly handle corrupted meta data in some situations. An
attacker could use this to specially craft an ext4 file system that caused
a denial of service (system crash) when mounted. (CVE-2018-1092)

It was discovered that an information leak vulnerability existed in the
floppy driver in the Linux kernel. A local attacker could use this to
expose sensitive information (kernel memory). (CVE-2018-7755)

Julian Stecklina and Thomas Prescher discovered that FPU register states
(such as MMX, SSE, and AVX registers) which are lazy restored are
potentially vulnerable to a side channel attack. A local attacker could use
this to expose sensitive information. (CVE-2018-3665)

Update instructions:

The problem can be corrected by updating your livepatches to the following
versions:

| Kernel                   | Version  | flavors                  |
|--------------------------+----------+--------------------------|
| 4.4.0-124.148            | 40.6     | lowlatency, generic      |
| 4.4.0-124.148~14.04.1    | 40.6     | generic, lowlatency      |
| 4.4.0-127.153            | 40.6     | lowlatency, generic      |
| 4.4.0-127.153~14.04.1    | 40.6     | lowlatency, generic      |
| 4.4.0-128.154            | 40.6     | generic, lowlatency      |
| 4.4.0-128.154~14.04.1    | 40.6     | generic, lowlatency      |
| 4.15.0-20.21             | 40.7     | generic, lowlatency      |
| 4.15.0-22.24             | 40.7     | lowlatency, generic      |
| 4.15.0-23.25             | 40.7     | lowlatency, generic      |

References:
  CVE-2018-1093, CVE-2018-1092, CVE-2018-7755, CVE-2018-3665

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWz1erWaOgq3Tt24GAQgP8g//eIKLY9etyC37yVbGaQe9hfR5mcslm5oc
DLgCUJL6vu4AgMA3XF45FJahWecLOyFLDdsXL0uY7nB8qtGIe9Bfp754l2Oo0xcW
OsTJgtEST0bT9Ohu8ZVwj9+UPrW7eIK23sUw2p7oPxD07NyKqCtNI/v7JHHvET1S
MPqCYZ2zwGBV3uVMbNixjWEIhGGCPeiW0ILoU0tGEtI+sbjV+TJO3izyuijFYJ4T
rqMFJ/dklRFyD1oGEPFn9e5QY60jk1Kysbjot1rgcByS/9qPZsDUtvebyTvAREBB
E3ei99Ly2b9xWreMnmMfMxy5emHoCWzeALh4tWmMpa/8fbIhLVBWq6T422DmlJ2P
m9B5EGGFQJUkpYk66We0wT2T6iDo0xoV6KEPT8Ymy6fXXPZSvbPUBJ/QbJCTyVC9
qhApJji49O6RFH0Rt1iUGNt0moUhXprVVA2Hjm0w976tySd+4c1oRP7a4jhIfSVD
eUrFeLmDkBAx1IaLPbBD5FV7t9s8BqfhYp2oNXl5zxd91ibZr9YH72lTa8HNZjeL
hwn5E9s+LNF8kuz6jzae0/I3V9ELGT/vH0JvGiDhgvEp94KOuysYFq+ZfH9F3X0v
pv9crI+RFIDhuAGg9RdhIdT5Ds6URdfvoTLAqMe3UAkf2AdiKFjRJ2sJ+1gvDo7V
sQApgcpg/vk=
=Ukc+
-----END PGP SIGNATURE-----

« Back to bulletins