USN-3338-2: Linux kernel regression
Publication date
29 June 2017
Overview
Several security issues were fixed in the Linux kernel.
Releases
Packages
- linux - Linux kernel
Details
USN-3338-1 fixed vulnerabilities in the Linux kernel. However, the fix
for CVE-2017-1000364 introduced regressions for some Java applications.
This update addresses the issue. We apologize for the inconvenience.
Original advisory details:
It was discovered that the stack guard page for processes in the Linux
kernel was not sufficiently large enough to prevent overlapping with the
heap. An attacker could leverage this with another vulnerability to execute
arbitrary code and gain administrative privileges (CVE-2017-1000364)
Jesse Hertz and Tim Newsham discovered that the Linux netfilter
implementation did not correctly perform validation when handling 32 bit
compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local
unprivileged attacker could use this to cause a denial of service (system
crash) or execute arbitrary code with...
USN-3338-1 fixed vulnerabilities in the Linux kernel. However, the fix
for CVE-2017-1000364 introduced regressions for some Java applications.
This update addresses the issue. We apologize for the inconvenience.
Original advisory details:
It was discovered that the stack guard page for processes in the Linux
kernel was not sufficiently large enough to prevent overlapping with the
heap. An attacker could leverage this with another vulnerability to execute
arbitrary code and gain administrative privileges (CVE-2017-1000364)
Jesse Hertz and Tim Newsham discovered that the Linux netfilter
implementation did not correctly perform validation when handling 32 bit
compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local
unprivileged attacker could use this to cause a denial of service (system
crash) or execute arbitrary code with administrative privileges.
(CVE-2016-4997)
Update instructions
After a standard system update you need to reboot your computer to make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.
Have additional questions?