USN-2949-1 Linux kernel (Vivid HWE) vulnerabilities


Severity

Low/Medium

Vendor

Canonical Ubuntu

Versions Affected
  • Canonical Ubuntu 14.04 LTS
Description

Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2015-8812)

Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux Extended Verification Module (EVM). An attacker could use this to affect system integrity. (CVE-2016-2085)

David Herrmann discovered that the Linux kernel incorrectly accounted file descriptors to the original opener for in-flight file descriptors sent over a unix domain socket. A local attacker could use this to cause a denial of service (resource exhaustion). (CVE-2016-2550)

It was discovered that the Linux kernel did not enforce limits on the amount of data allocated to buffer pipes. A local attacker could use this to cause a denial of service (resource exhaustion). (CVE-2016-2847)

Affected Pivotal Products and Versions

Severity is low/medium unless otherwise noted.

  • Cloud Foundry BOSH stemcells 3146.x versions prior to 3146.11 AND other versions prior to 3215.4 are vulnerable
  • Pivotal Redis 1.4.x versions prior to 1.4.23 AND 1.5.x versions prior to 1.5.12
  • Pivotal RabbitMQ 1.4.x versions prior to 1.4.11 AND 1.5.x versions prior to 1.5.9
  • Pivotal Push Notification Service 1.4.x versions prior to 1.4.7
  • Pivotal Ops Metrics 1.6.x versions prior to 1.6.11 AND 1.7.x versions prior to 1.7.1
  • Pivotal Single Sign-On 1.0.x versions prior to 1.0.11 AND 1.1.x versions prior to 1.1.1
  • Pivotal Spring Cloud Services .x versions prior to .1 AND 1.0.x versions prior to 1.0.9
  • Pivotal MySQL 1.6.x versions prior to 1.6.10 AND 1.7.x versions prior to 1.7.7 AND edge release versions prior to 1.8.0-edge0.5
  • Pivotal Ops Manager 1.5.x versions prior to 1.5.18 AND 1.6.x versions prior to 1.6.13 AND 1.7.x versions prior to 1.7.1
  • Pivotal Elastic Runtime 1.5.x versions prior to 1.5.20 AND 1.6.x versions prior to 1.6.23 AND 1.7.x versions prior to 1.7.1
Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project recommends that Cloud Foundry upgrade BOSH stemcell 3146.x versions to 3146.11 OR other versions to 3232.2
  • Upgrade Pivotal Redis 1.4.x versions to 1.4.23 or later OR 1.5.x versions to 1.5.12 or later
  • Upgrade Pivotal RabbitMQ 1.4.x versions to 1.4.11 or later OR 1.5.x versions to 1.5.9 or later
  • Upgrade Pivotal Push Notification Service 1.4.x versions to 1.4.7 or later
  • Upgrade Pivotal Ops Metrics 1.6.x versions to 1.6.11 or later OR 1.7.x versions to 1.7.1 or later
  • Upgrade Pivotal Single Sign-On 1.0.x versions to 1.0.11 or later OR 1.1.x versions to 1.1.1 or later
  • Upgrade Pivotal Spring Cloud Services .x versions to .1 or later OR 1.0.x versions to 1.0.9 or later
  • Upgrade Pivotal MySQL to 1.6.10 or later 1.6.x versions OR 1.7.x versions to 1.7.7 or later OR edge versions 1.8.0-edge.5 or later
  • Upgrade Pivotal Ops Manager 1.5.x versions to 1.5.18 or later OR 1.6.x versions to 1.6.13 or later OR 1.7.x versions to 1.7.1 or later
  • Upgrade Pivotal Elastic Runtime 1.5.x versions to 1.5.20 or later OR 1.6.x versions to 1.6.23 or later OR 1.7.x versions to 1.7.1 or later
Credit

Venkatesh Pottem, Xiaofei Rex Guo, David Herrmann

References