Executive Summary

Summary
Title Linux kernel vulnerabilities
Informations
NameUSN-3880-1First vendor Publication2019-02-04
VendorUbuntuLast vendor Modification2019-02-04
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score7.2Attack RangeLocal
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description: - linux: Linux kernel

Details:

It was discovered that the CIFS client implementation in the Linux kernel did not properly handle setup negotiation during session recovery, leading to a NULL pointer exception. An attacker could use this to create a malicious CIFS server that caused a denial of service (client system crash). (CVE-2018-1066)

Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972)

Jann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. (CVE-2018-18281)

It was discovered that the socket implementation in the Linux kernel contained a type confusion error that could lead to memory corruption. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-9568)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS:
linux-image-3.13.0-165-generic 3.13.0-165.215
linux-image-3.13.0-165-generic-lpae 3.13.0-165.215
linux-image-3.13.0-165-lowlatency 3.13.0-165.215
linux-image-3.13.0-165-powerpc-e500 3.13.0-165.215
linux-image-3.13.0-165-powerpc-e500mc 3.13.0-165.215
linux-image-3.13.0-165-powerpc-smp 3.13.0-165.215
linux-image-3.13.0-165-powerpc64-emb 3.13.0-165.215
linux-image-3.13.0-165-powerpc64-smp 3.13.0-165.215
linux-image-generic 3.13.0.165.175
linux-image-generic-lpae 3.13.0.165.175
linux-image-lowlatency 3.13.0.165.175
linux-image-powerpc-e500 3.13.0.165.175
linux-image-powerpc-e500mc 3.13.0.165.175
linux-image-powerpc-smp 3.13.0.165.175
linux-image-powerpc64-emb 3.13.0.165.175
linux-image-powerpc64-smp 3.13.0.165.175

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References:
https://usn.ubuntu.com/usn/usn-3880-1
CVE-2018-1066, CVE-2018-17972, CVE-2018-18281, CVE-2018-9568

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-165.215

Original Source

Url : http://www.ubuntu.com/usn/USN-3880-1

CWE : Common Weakness Enumeration

%idName
25 %CWE-704Incorrect Type Conversion or Cast
25 %CWE-476NULL Pointer Dereference
25 %CWE-284Access Control (Authorization) Issues
25 %CWE-20Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Os3
Os1
Os2976

Nessus® Vulnerability Scanner

DateDescription
2019-01-11Name : The remote Virtuozzo host is missing a security update.
File : Virtuozzo_VZA-2018-086.nasl - Type : ACT_GATHER_INFO
2019-01-11Name : The remote Virtuozzo host is missing a security update.
File : Virtuozzo_VZA-2018-088.nasl - Type : ACT_GATHER_INFO
2019-01-03Name : The remote Fedora host is missing one or more security updates.
File : fedora_2018-ec3bf1b228.nasl - Type : ACT_GATHER_INFO
2019-01-03Name : The remote Fedora host is missing one or more security updates.
File : fedora_2018-9f4381d8c4.nasl - Type : ACT_GATHER_INFO
2018-11-09Name : The remote Amazon Linux 2 host is missing a security update.
File : al2_ALAS-2018-1100.nasl - Type : ACT_GATHER_INFO
2018-11-08Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1100.nasl - Type : ACT_GATHER_INFO
2018-10-17Name : The remote Fedora host is missing one or more security updates.
File : fedora_2018-2ee3411cb8.nasl - Type : ACT_GATHER_INFO
2018-09-18Name : The remote EulerOS Virtualization host is missing multiple security updates.
File : EulerOS_SA-2018-1260.nasl - Type : ACT_GATHER_INFO
2018-07-16Name : The remote Debian host is missing a security update.
File : debian_DLA-1422.nasl - Type : ACT_GATHER_INFO
2018-05-02Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2018-1085.nasl - Type : ACT_GATHER_INFO
2018-05-02Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4187.nasl - Type : ACT_GATHER_INFO
2018-05-02Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4188.nasl - Type : ACT_GATHER_INFO
2018-04-20Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-993.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2019-02-05 05:21:28
  • Multiple Updates
2019-02-05 05:18:49
  • First insertion