USN-3378-1

Details

Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2017-7533)

It was discovered that the Linux kernel did not properly restrict RLIMIT_STACK size. A local attacker could use this in conjunction with another vulnerability to possibly execute arbitrary code. (CVE-2017-1000365)

李强 discovered that the Virtio GPU driver in the Linux kernel did not properly free memory in some situations. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-10810)

石磊 discovered that the RxRPC Kerberos 5 ticket handling code in the Linux kernel did not properly verify metadata. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7482)

Affected Packages

Ubuntu:16.04:LTSlinux

Fixed in:

4.4.0-89.112

Ubuntu:16.04:LTSlinux-aws

Fixed in:

4.4.0-1028.37

Ubuntu:16.04:LTSlinux-gke

Fixed in:

4.4.0-1024.24

Ubuntu:16.04:LTSlinux-raspi2

Fixed in:

4.4.0-1067.75

Ubuntu:16.04:LTSlinux-snapdragon

Fixed in:

4.4.0-1069.74

References

REPORThttps://ubuntu.com/security/CVE-2017-1000365 REPORThttps://ubuntu.com/security/CVE-2017-10810 REPORThttps://ubuntu.com/security/CVE-2017-7482 REPORThttps://ubuntu.com/security/CVE-2017-7533 ADVISORYhttps://ubuntu.com/security/notices/USN-3378-1

USN-3378-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline