Tues May 31, 2017
This newsletter is to provide a status update from the Ubuntu Kernel Team. There will also be highlights provided for any interesting subjects the team may be working on.
- Prepared 4.10.17 and 4.4.69 upstream stable for zesty/xenial
- Latest FWTS release:
- Blog about fwts frontend - The easy to use text based fwts user interface
- bcc snap version 0.3.0-20170530-1905-aa4543f has been released.
- Finished 4.11 configuration review
- Update artful/4.11 to 4.11.3
- Update unstable/4.12 to 4.12-rc3
- The following kernels were promoted to -proposed for testing:
- Zesty 4.10.0-22.24
- Xenial 4.4.0-79.100
- Yakkety 4.8.0-54.57
- linux-lts-trusty 3.13.0-119.166~precise1
- linux-lts-xenial 4.4.0-79.100~14.04.1
- linux-hwe 4.8.0-54.57~16.04.1
- linux-hwe-edge 4.10.0-22.24~16.04.1
- linux-raspi2 4.10.0-1006.8
- linux-raspi2 4.8.0-1038.41
- linux-raspi2 4.4.0-1055.62
- linux-snapdragon 4.4.0-1058.62
- The following CVEs are in the Livepatch pipeline:
- CVE-2016-8405 - An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process.
- CVE-2016-8632 - The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability.
- CVE-2016-9604 - Keyrings whose name begin with a '.' are special internal keyrings and so userspace isn't allowed to create keyrings by this name to prevent shadowing. However, the patch that added the guard didn't fix KEYCTL_JOIN_SESSION_KEYRING. Not only can that create dot-named keyrings, it can also subscribe to them as a session keyring if they grant SEARCH permission to the user.
- This, for example, allows a root process to set .builtin_trusted_keys as its session keyring, at which point it has full access because now the possessor permissions are added. This permits root to add extra public keys, thereby bypassing module verification.
- CVE-2017-2584 - arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.
- CVE-2017-6353 - net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986.
- CVE-2017-7472 - The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.
Devel Kernel Announcements
We're working on getting 4.11 in the archive. It is available in the c-k-t ppa for testing.
Stable Kernel Announcements
Current cycle: 12-May through 03-Jun ==================================================================== 12-May Last day for kernel commits for this cycle 15-May - 20-May Kernel prep week. 21-May - 02-Jun Bug verification & Regression testing.. 05-Jun Release to -updates. Kernel Versions ==================================================================== precise 3.2.0-126.169 trusty 3.13.0-119.166 vivid 3.19.0-84.92 xenial 4.4.0-78.99 yakkety 4.8.0-53.56 linux-lts-trusty 3.13.0-117.164~precise1 linux-lts-vivid 3.19.0-80.88~14.04.1 linux-lts-xenial 4.4.0-78.99~14.04.1 Next cycle: 02-Jun through 24-Jun ==================================================================== 02-Jun Last day for kernel commits for this cycle 05-Jun - 10-Jun Kernel prep week. 11-Jun - 23-Jun Bug verification & Regression testing.. 26-Jun Release to -updates.
- The current CVE status can be reviewed at the following link: