SB2017080709 - Ubuntu update for Linux kernel (Trusty HWE)

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2016-8405)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists in kernel components including the ION subsystem, Binder, USB driver and networking subsystem due to improper information control. A local attacker can gain access to data outside of its permission levels.

2) Security restrictions bypass (CVE-ID: CVE-2017-7482)

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The weakness exists due to the failure to take the argument and environment strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size) into account when imposing a size restriction. A local attacker can bypass security limitation and perform unauthorized actions.

Successful exploitation of the vulnerability results in access to the system.

3) Off-by-one error (CVE-ID: CVE-2017-2618)

The vulnerability allows a local user to cause denial of service.

The vulnerability exists due to off-by-one error in setprocattr. A local process with the process:setfscreate permission can cause a kernel panic.

Successful exploitation of this vulnerability may lead to denial of service conditions.

4) Privilege escalation (CVE-ID: CVE-2017-7482)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to buffer overflow. A local attacker can load a specially crafted Kerberos 5 ticket into a RxRPC key, trigger memory corruption and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References

• http://www.ubuntu.com/usn/usn-3381-2/