USN 3020-1 Linux kernel (Vivid HWE) vulnerabilities


Severity

Low - High

Vendor

Canonical Ubuntu

Versions Affected
  • Canonical Ubuntu 14.04 LTS
Description

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997) Severity: High

Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4482) Severity: Medium

Kangjie Lu discovered an information leak in the timer handling implementation in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578) Severity: Low

Kangjie Lu discovered an information leak in the X.25 Call Request handling in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4580) Severity: Low

It was discovered that an information leak exists in the Rock Ridge implementation in the Linux kernel. A local attacker who is able to mount a malicious iso9660 file system image could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2016-4913) Severity: Low

Baozeng Ding discovered that the Transparent Inter-process Communication (TIPC) implementation in the Linux kernel did not verify socket existence before use in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4951) Severity: Low

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2016-4998) Severity: Medium

Affected Pivotal Products and Versions

Severity is low unless otherwise noted.

  • Cloud Foundry BOSH stemcells 3146.x versions prior to 3146.17 AND other versions prior to 3232.12 are vulnerable
  • Pivotal Elastic Runtime 1.6.x versions prior to 1.6.31 AND 1.7.x versions prior to 1.7.9
  • Pivotal Ops Manager 1.6.x versions prior to 1.6.18 AND 1.7.x versions prior to 1.7.9
  • Pivotal MySQL 1.6.x versions prior to 1.6.13 AND 1.7.x versions prior to 1.7.10 AND edge release versions prior to 1.8.0-edge.8
  • Pivotal RabbitMQ 1.5.x versions prior to 1.5.13 AND 1.6.x versions prior to 1.6.3
  • Pivotal Redis 1.4.x versions prior to 1.4.28 AND 1.5.x versions prior to 1.5.16
  • Pivotal Push Notification Service 1.5.x versions prior to 1.5.3
  • PCF Metrics 1.0.x versions prior to 1.0.9
  • PCF Metrics: Log Search 1.x versions prior to 1.0.0
  • PCF Metrics: JMX Bridge 1.7.x versions prior to 1.7.3
  • Pivotal Single Sign On 1.x versions prior to 1.13 AND 1.1.x versions prior to 1.1.1
Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry team has released patched BOSH stemcells 3146.17 and 3232.12 with an upgraded Linux kernel that resolves the aforementioned issues. We recommend that Operators upgrade BOSH stemcell 3146.x versions to 3146.17 OR other versions to 3232.12
  • Upgrade Pivotal Elastic Runtime 1.6.x versions to 1.6.31 or later OR 1.7.x versions to 1.7.9 or later
  • Upgrade Pivotal Ops Manager 1.6.x versions to 1.6.18 or later OR 1.7.x versions to 1.7.9 or later
  • Upgrade Pivotal MySQL to 1.6.13 or later 1.6.x versions OR 1.7.x versions to 1.7.10 or later OR edge versions 1.8.0-edge.8 or later
  • Upgrade Pivotal RabbitMQ 1.5.x versions to 1.5.13 or later OR 1.6.x versions to 1.6.3 or later
  • Upgrade Pivotal Redis 1.4.x versions to 1.4.28 or later OR 1.5.x versions to 1.5.16 or later
  • Upgrade Pivotal Push Notification Service 1.3.x versions to 1.5.3
  • Upgrade PCF Metrics 1.0.x versions to 1.0.9 or later
  • Upgrade PCF Metrics: Log Search 1.x versions to 1.0.0 or later
  • Upgrade PCF Metrics: JMX Bridge 1.7.x versions to 1.7.3 or later
  • Upgrade Pivotal Single Sign On 1.x versions to 1.15 or later OR 1.1.x versions to 1.1.1 or later

Special Note for 1.7.x Ops Manager Deployments

The 1.7.x release line of Ops Manager includes a new feature that allows tile stemcells to “float”, which will allow Operators to update their Ops Manager deployment once rather than installing all new Services product releases. If you upgrade one Service tile in Ops Manager 1.7.x with the newly released stemcell, all tiles will automatically upgrade. For more information about the floating stemcell feature, refer to this document.

Credit

Jesse Hertz, Tim Newsham, Baozeng Ding and Kangjie Lu

References