- Vulnerability/
- USN-3443-2
USN-3443-2: Linux kernel (HWE) vulnerabilities
First published: Tue Oct 10 2017(Updated: )
USN-3443-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that on the PowerPC architecture, the kernel did not properly sanitize the signal stack when handling sigreturn(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-1000255) Andrey Konovalov discovered that a divide-by-zero error existed in the TCP stack implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14106)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-4.10.0-37-generic | <4.10.0-37.41~16.04.1 | 4.10.0-37.41~16.04.1 |
| Ubuntu gir1.2-packagekitglib-1.0 | =16.04 | |
| All of | ||
| ubuntu/linux-image-4.10.0-37-generic-lpae | <4.10.0-37.41~16.04.1 | 4.10.0-37.41~16.04.1 |
| Ubuntu gir1.2-packagekitglib-1.0 | =16.04 | |
| All of | ||
| ubuntu/linux-image-4.10.0-37-lowlatency | <4.10.0-37.41~16.04.1 | 4.10.0-37.41~16.04.1 |
| Ubuntu gir1.2-packagekitglib-1.0 | =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2017-1000255
- https://ubuntu.com/security/CVE-2017-14106
- https://ubuntu.com/security/notices/USN-3487-1
- https://ubuntu.com/security/notices/USN-3443-1
- https://ubuntu.com/security/notices/USN-3443-3
- https://ubuntu.com/security/notices/USN-3444-2
- https://ubuntu.com/security/notices/USN-3444-1
- https://ubuntu.com/security/notices/USN-3445-1
- https://ubuntu.com/security/notices/USN-3445-2
- https://launchpad.net/ubuntu/+source/linux-hwe/4.10.0-37.41~16.04.1
- https://ubuntu.com/security/notices/USN-3443-2 (Advisory)
Frequently Asked Questions
What does USN-3443-2 fix?
USN-3443-2 provides corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS.
What is the affected software for USN-3443-2?
The affected software for USN-3443-2 is Ubuntu 16.04 LTS with the following kernel versions: linux-image-4.10.0-37-generic, linux-image-4.10.0-37-generic-lpae, and linux-image-4.10.0-37-lowlatency.
What is the severity of the vulnerabilities fixed in USN-3443-2?
The severity of the vulnerabilities fixed in USN-3443-2 is not specified in the provided information. Please refer to the references for more details.
How do I fix the vulnerabilities addressed in USN-3443-2?
To fix the vulnerabilities addressed in USN-3443-2, update the Linux kernel to version 4.10.0-37.41~16.04.1 or later.
Where can I find more information about the vulnerabilities in USN-3443-2?
More information about the vulnerabilities fixed in USN-3443-2 can be found in the references provided: [CVE-2017-1000255](https://ubuntu.com/security/CVE-2017-1000255) and [CVE-2017-14106](https://ubuntu.com/security/CVE-2017-14106), as well as the [USN-3487-1 notice](https://ubuntu.com/security/notices/USN-3487-1).
- agent/type
- agent/severity
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/title
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu gir1.2-packagekitglib-1.0
- version/ubuntu gir1.2-packagekitglib-1.0/16.04