Canonical Outs New Linux Kernel Live Patch for Ubuntu 18.04 LTS and...

Canonical Outs New Linux Kernel Live Patch for Ubuntu 18.04 LTS and 16.04 LTS

1748
0

Coming hot on the heels of the latest Linux kernel security update released by Canonical on Tuesday, the new Linux kernel live patch security update fixes a total of five security vulnerabilities, which are documented as CVE-2018-11506, CVE-2018-11412, CVE-2018-13406, CVE-2018-13405, and CVE-2018-12233.
These include a stack-based buffer overflow (CVE-2018-11506) discovered by Piotr Gabriel Kosinski and Daniel Shapira in Linux kernel’s CDROM driver implementation, which could allow a local attacker to either execute arbitrary code or cause crash the system via a denial of service.
Discovered by Jann Horn, the kernel live patch also addresses a security vulnerability (CVE-2018-11412) in Linux kernel’s EXT4 file system implementation, which could allow an attacker to execute arbitrary code or crash the system via a denial of service by creating and mounting a malicious EXT4 image.
Also fixed are an integer overflow (CVE-2018-13406) discovered by Silvio Cesare in Linux kernel’s generic VESA frame buffer driver, as well as a buffer overflow (CVE-2018-12233) discovered by Shankara Pailoor in the JFS file system implementation, both allowing local attackers to either crash the system or execute arbitrary code.
The last security vulnerability (CVE-2018-13405) fixed in this latest Ubuntu Linux kernel live patch may allow a local attacker to gain elevated privileges due to Linux kernel’s failure to handle setgid file creation when the operation is performed by a non-member of the group.

Source: https://news.softpedia.com/news/canonical-outs-new-linux-kernel-live-patch-for-ubuntu-18-04-lts-and-16-04-lts-522643.shtml
Submitted by: Arnfried Walbrecht

NO COMMENTS

Comments are closed.