Canonical
on 21 December 2016
Canonical Livepatch Service update – December 2016
The following kernel security vulnerabilities were addressed through live patches on Ubuntu – to ensure you have the fixes, either install at ubuntu.com/livepatch or update to newest kernel and reboot.
Linux kernel vulnerability
7th December 2016 (LSN-0014-1)
Details:
- A race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges.
- A race condition in the Adaptec AAC RAID controller driver in the Linux kernel when handling ioctl()s. A local attacker could use this to cause a denial of service (system crash). A use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Linux kernel vulnerability
30th November 2016 (LSN-0013-1)
Details:
- The keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service (system crash).
- A use-after-free vulnerability during error processing in the recvmmsg(2) implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
- The driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service (system crash) or possibly gain privileges.
- A stack-based buffer overflow in the Broadcom IEEE802.11n FullMAC driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain privileges.
Linux kernel vulnerability
20th October 2016 (LSN-0012-1)
Details:
- An unbounded recursion in the VLAN and TEB Generic Receive Offload (GRO) processing implementations in the Linux kernel. A remote attacker could use this to cause a stack corruption, leading to a denial of service (system crash).
- It was discovered that a race condition existed in the memory manager of the Linux kernel when handling copy-on-write breakage of private read-only memory mappings. A local attacker could use this to gain administrative privileges.
