Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting our team. We will be in touch shortly.Close

  1. Blog
  2. Article

Canonical
on 21 December 2016


The following kernel security vulnerabilities were addressed through live patches on Ubuntu – to ensure you have the fixes, either install at ubuntu.com/livepatch or update to newest kernel and reboot.

Linux kernel vulnerability

7th December 2016 (LSN-0014-1)

Details:

  • A race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges.
  • A race condition in the Adaptec AAC RAID controller driver in the Linux kernel when handling ioctl()s. A local attacker could use this to cause a denial of service (system crash). A use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

Learn more

Linux kernel vulnerability

30th November 2016 (LSN-0013-1)

Details:

  • The keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service (system crash).
  • A use-after-free vulnerability during error processing in the recvmmsg(2) implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
  • The driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service (system crash) or possibly gain privileges.
  • A stack-based buffer overflow in the Broadcom IEEE802.11n FullMAC driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain privileges.

Learn more

Linux kernel vulnerability

20th October 2016 (LSN-0012-1)

Details:

  • An unbounded recursion in the VLAN and TEB Generic Receive Offload (GRO) processing implementations in the Linux kernel. A remote attacker could use this to cause a stack corruption, leading to a denial of service (system crash).
  • It was discovered that a race condition existed in the memory manager of the Linux kernel when handling copy-on-write breakage of private read-only memory mappings. A local attacker could use this to gain administrative privileges.

Learn more

Related posts


Canonical
19 September 2023

라이브패치(Livepatch)에 새로운 13개월 슬라이딩 지원 기간이 있습니다. 여러분에게 어떤 의미가 있을까요?

Security Security

라이브패치는 시스템을 즉시 재부팅할 필요 없고 런타임에 중요하고 높은 보안 커널 공통 보안 취약성 및 노출(CVE)을 수정하는 유용한 툴입니다. 그러나 정기적인 유지 관리 기간 및 재부팅을 대체하는 용도로 사용해서는 안 됩니다. 좋은 기업 정책에는 시스템이 안정적이고 안전하게 유지되도록 라이브패치와 정기적인 재부팅이 모두 포함되어야 합니다. 그 이유는 펌웨어 또는 장치 드라이버 업데이트와 같은 일부 시스템 CVE는 ...


Felipe Vanni
12 March 2024

Canonical’s showcase at HPE Tech Jam 2024

AI Article

Canonical, a leading advocate for open-source technology, is excited to announce its participation in the HPE Tech Jam 2024, set to take place in Atlanta and Vienna. This prestigious event will convene presales consultants and enterprise architects to delve into groundbreaking strategies powered by HPE’s edge-to-cloud workload solutions a ...


Aaron Whitehouse
24 November 2023

Ubuntu Explained: How to ensure security and stability in cloud instances—part 3

Cloud and server Article

Applying updates across a fleet of multiple Ubuntu instances is a balance of security and service uptime. We explore best practices to maximise stability. ...