Ubuntu new kernel update released to mitigate Specter Variant 2 Vulnerability
Canonical released all new Kernel updates that support Ubuntu Linux on Wednesday to solve multiple security issues, it also provides compiler-based Retpoline kernel relief for Specter Variant 2 in the architecture of amd64 and i386.
For Ubuntu 17.10 (Artful release dvark), Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 14.04 LTS (Trusty Tahr) and Ubuntu 12.04 ESM (extended security maintenance), a new Linux kernel Security Update is released, the Specter Variant 2 vulnerability in the architecture of amd64 and i386 has been mitigated by the compiler-based retpoline kernel.
Canonical fixed the Spectre Variant 2 Security Vulnerability last month on July 22, January 22, but only limited to 64-bit Ubuntu installation. This update can obviously alleviate 32-bit installation problems. Spectre is an annoying hardware error in the microprocessor that uses branch prediction and speculative execution. It may allow unauthorized memory read through bypass attacks.
In addition, the new kernel update addresses the challenge (CVE-2017-17712) in the implementation of the original IPv4 socket in the Linux kernel and the release of the DCCP protocol after the Vulnerability (CVE-2017-8824 ), attackers can execute arbitrary code or cause denial-of-service attacks. Both of these security defects were discovered by Mohamed Ghannam.
In addition, the new kernel patched the free-of-use Vulnerability (CVE-2017-15115) found by ChunYu Wang in the SCTP Protocol Implementation of the Linux kernel ), this vulnerability may allow local attackers to crash the system code by DOS or performing any operation. These security issues affect Ubuntu 17.10, Ubuntu 16.04 LTS, and Ubuntu 14.04 LTS.
In Ubuntu 16.04 LTS, the latest Canonical kernel update addresses two other security issues: defects in the mbcache feature of the Linux kernel in EXT2 and EXT4 file systems (CVE-2015-8952 ), the xattr block cache with poor processing of such defects allows local attackers to cause denial of service. This problem was discovered by Laurent Guerby.
Vitaly Mayatskikh found a second security vulnerability (CVE-2017-12190) in the Linux kernel's SCSI subsystem that does not properly track reference counts when merging buffers, as a result, local attackers cause denial of service (memory depletion ). These two problems were also transplanted to the Xenial HWE kernel for Ubuntu 14.04 LTS installation.
We urge all users to install and update it to linux-image 4.13.0.36.38 on Ubuntu 17.10, linux-image 4.4.0-16.04 on Ubuntu 116.140, linux-image 4.small-36.40 ~ with Artful HWE kernel for Ubuntu 16.04.3 LTS ~ 16.04.1: linux-image 4.4.0-116.140 ~ 14.04.1 on Ubuntu 14.04.5 LTS with Xenial HWE kernel, and linux-image 3.2.0.133.148 on Ubuntu 12.04 ESM.
How to check whether your Linux PC is affected by Meltdown and Spectre security defects
Meltdown and Spectre are two serious hardware errors, and billions of devices are at risk of attacks.
Https://www.bkjia.com/topicnews.aspx? Tid = 2
This article permanently updates link: https://www.bkjia.com/Linux/2018-02/151042.htm