USN-3220-2: Linux kernel (Xenial HWE) vulnerability

Severity

High

Vendor

Canonical Ubuntu

Versions Affected

Ubuntu 14.04 LTS

Description

Alexander Popov discovered that the N_HDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges.

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

The Cloud Foundry team recommends upgrading to the following BOSH stemcells:

Upgrade 3151.x versions to 3151.12
Upgrade 3233.x versions to 3233.15
Upgrade 3263.x versions to 3263.21
Upgrade 3312.x versions to 3312.21
Upgrade 3363.x versions to 3363.10

References

https://www.ubuntu.com/usn/usn-3220-2/
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2636.html

USN-3220-2: Linux kernel (Xenial HWE) vulnerability

USN-3220-2: Linux kernel (Xenial HWE) vulnerability

Severity

Vendor

Versions Affected

Description

Mitigation

References

You Might Also Like

USN-4431-1: FFmpeg vulnerabilities

USN-4316-1: GD Graphics Library vulnerabilities

USN-3346-1: bind9 vulnerabilities

Sign up for the Cloud Foundry Newsletter today!

Sign up for the
Cloud Foundry Newsletter today!