USN-3445-2: Linux kernel (Trusty HWE) vulnerabilities
First published: Wed Oct 11 2017(Updated: )
USN-3445-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Eyal Itkin discovered that the IP over IEEE 1394 (FireWire) implementation in the Linux kernel contained a buffer overflow when handling fragmented packets. A remote attacker could use this to possibly execute arbitrary code with administrative privileges. (CVE-2016-8633) Andrey Konovalov discovered that a divide-by-zero error existed in the TCP stack implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14106)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-3.13.0-133-generic-lpae | <3.13.0-133.182~precise1 | 3.13.0-133.182~precise1 |
| Ubuntu gir1.2-packagekitglib-1.0 | =12.04 | |
| All of | ||
| ubuntu/linux-image-3.13.0-133-generic | <3.13.0-133.182~precise1 | 3.13.0-133.182~precise1 |
| Ubuntu gir1.2-packagekitglib-1.0 | =12.04 | |
| All of | ||
| ubuntu/linux-image-generic-lpae-lts-trusty | <3.13.0.133.123 | 3.13.0.133.123 |
| Ubuntu gir1.2-packagekitglib-1.0 | =12.04 | |
| All of | ||
| ubuntu/linux-image-generic-lts-trusty | <3.13.0.133.123 | 3.13.0.133.123 |
| Ubuntu gir1.2-packagekitglib-1.0 | =12.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2016-8633
- https://ubuntu.com/security/CVE-2017-14106
- https://ubuntu.com/security/notices/USN-3162-2
- https://ubuntu.com/security/notices/USN-3162-1
- https://ubuntu.com/security/notices/USN-3161-4
- https://ubuntu.com/security/notices/USN-3161-1
- https://ubuntu.com/security/notices/USN-3161-3
- https://ubuntu.com/security/notices/USN-3161-2
- https://ubuntu.com/security/notices/USN-3445-1
- https://ubuntu.com/security/notices/USN-3443-2
- https://ubuntu.com/security/notices/USN-3443-3
- https://ubuntu.com/security/notices/USN-3444-2
- https://ubuntu.com/security/notices/USN-3444-1
- https://ubuntu.com/security/notices/USN-3443-1
- https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-133.182~precise1
- https://ubuntu.com/security/notices/USN-3445-2 (Advisory)
Frequently Asked Questions
What is the vulnerability ID for this advisory?
USN-3445-2
What is the severity level of this vulnerability?
The severity level of this vulnerability is not specified in the advisory.
How does this vulnerability affect Ubuntu 12.04 LTS?
This vulnerability affects Ubuntu 12.04 LTS through the Linux kernel versions listed in the advisory.
What is the remedy for this vulnerability?
The recommended remedy for this vulnerability is to update to the specified version of the Linux kernel.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability in the advisory linked in the description.
- agent/severity
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/title
- agent/weakness
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu gir1.2-packagekitglib-1.0
- version/ubuntu gir1.2-packagekitglib-1.0/12.04