Ubuntu Kernel Team - Weekly Newsletter, 2017-05-31

Joseph Salisbury joseph.salisbury at canonical.com
Fri Jun 2 14:48:23 UTC 2017

Some additional highlight have been added to the Newsletter.  I'm also
adding the Newsletter inline:

== Tues May 31, 2017 ==

=== Introduction ===
This newsletter is to provide a status update from the Ubuntu Kernel
Team.  There will also be highlights provided for any interesting
subjects the team may be working on.

If you would like to reach the kernel team.  You can find us at the
#ubuntu-kernel channel on FreeNode.  Alternatively you can mail the
Ubuntu Kernel Team mailing list at: kernel-team at lists.ubuntu.com

=== Highlights ===

 * Prepared 4.10.17 and 4.4.69 upstream stable for zesty/xenial
 * Latest FWTS release:
 * Blog about fwts frontend - The easy to use text based fwts user interface
 * bcc snap version 0.3.0-20170530-1905-aa4543f has been released.
 * Finished 4.11 configuration review
 * Update artful/4.11 to 4.11.3
 * Update unstable/4.12 to 4.12-rc3

 * The following kernels were promoted to -proposed for testing:

  * Zesty 4.10.0-22.24
  * Xenial 4.4.0-79.100
  * Yakkety 4.8.0-54.57

  * linux-lts-trusty 3.13.0-119.166~precise1
  * linux-lts-xenial 4.4.0-79.100~14.04.1
  * linux-hwe 4.8.0-54.57~16.04.1
  * linux-hwe-edge 4.10.0-22.24~16.04.1
  * linux-raspi2 4.10.0-1006.8
  * linux-raspi2 4.8.0-1038.41
  * linux-raspi2 4.4.0-1055.62
  * linux-snapdragon 4.4.0-1058.62

 * The following CVEs are in the Livepatch pipeline:

  * CVE-2016-8405 - An information disclosure vulnerability in kernel
components including the ION subsystem, Binder, USB driver and
networking subsystem could enable a local malicious application to
access data outside of its permission levels. This issue is rated as
Moderate because it first requires compromising a privileged process.

  * CVE-2016-8632 - The tipc_msg_build function in net/tipc/msg.c in the
Linux kernel through 4.8.11 does not validate the relationship between
the minimum fragment length and the maximum packet size, which allows
local users to gain privileges or cause a denial of service (heap-based
buffer overflow) by leveraging the CAP_NET_ADMIN capability.

  * CVE-2016-9604 - Keyrings whose name begin with a '.' are special
internal keyrings and so userspace isn't allowed to create keyrings by
this name to prevent shadowing. However, the patch that added the guard
didn't fix KEYCTL_JOIN_SESSION_KEYRING. Not only can that create
dot-named keyrings, it can also subscribe to them as a session keyring
if they grant SEARCH permission to the user.

              *This, for example, allows a root process to set
.builtin_trusted_keys as its session keyring, at which point it has full
access because now the possessor permissions are added. This permits
root to add extra public keys, thereby bypassing module verification.

  * CVE-2017-2584 - arch/x86/kvm/emulate.c in the Linux kernel through
4.9.3 allows local users to obtain sensitive information from kernel
memory or cause a denial of service (use-after-free) via a crafted
application that leverages instruction emulation for fxrstor, fxsave,
sgdt, and sidt.

  * CVE-2017-6353 - net/sctp/socket.c in the Linux kernel through 4.10.1
does not properly restrict association peel-off operations during
certain wait states, which allows local users to cause a denial of
service (invalid unlock and double free) via a multithreaded
application. NOTE: this vulnerability exists because of an incorrect fix
for CVE-2017-5986.

  * CVE-2017-7472 - The KEYS subsystem in the Linux kernel before
4.10.13 allows local users to cause a denial of service (memory
consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING
keyctl_set_reqkey_keyring calls.

=== Devel Kernel Announcements ===
We're working on getting 4.11 in the archive. It is available in the
c-k-t ppa for testing.

=== Stable Kernel Announcements ===

Current cycle: 12-May through 03-Jun
         12-May   Last day for kernel commits for this cycle
15-May - 20-May   Kernel prep week.
21-May - 02-Jun   Bug verification & Regression testing..
         05-Jun   Release to -updates.

Kernel Versions
         precise  3.2.0-126.169
          trusty  3.13.0-119.166
           vivid  3.19.0-84.92
          xenial  4.4.0-78.99
         yakkety  4.8.0-53.56

linux-lts-trusty  3.13.0-117.164~precise1
 linux-lts-vivid  3.19.0-80.88~14.04.1
linux-lts-xenial  4.4.0-78.99~14.04.1

Next cycle: 02-Jun through 24-Jun
         02-Jun   Last day for kernel commits for this cycle
05-Jun - 10-Jun   Kernel prep week.
11-Jun - 23-Jun   Bug verification & Regression testing..
         26-Jun   Release to -updates.

=== Status: CVE's ===
 The current CVE status can be reviewed at the following link:

More information about the kernel-team mailing list