[LSN-0034-1] Linux kernel vulnerability
benjamin.romer at canonical.com
benjamin.romer at canonical.com
Tue Jan 9 23:36:23 UTC 2018
==========================================================================
Kernel Live Patch Security Notice LSN-0034-1
January 9, 2018
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu:
| Series | Base kernel | Arch | flavors |
|------------------+--------------+----------+------------------|
| Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic |
| Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency |
| Ubuntu 14.04 LTS | 4.4.0 | amd64 | generic |
| Ubuntu 14.04 LTS | 4.4.0 | amd64 | lowlatency |
Summary:
On January 9, fixes for CVE-2017-5754 were released into the Ubuntu Xenial
kernel version 4.4.0-108.131. This CVE, also known as "Meltdown," is a security
vulnerability caused by flaws in the design of speculative execution
hardware in the computer's CPU.
Details on the vulnerability and our response can be found here:
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
Due to the high complexity of the fixes, we are unable to livepatch this
CVE. Please plan to reboot into kernel version 4.4.0-108.131 or newer as soon
as possible.
Software Description:
- linux: Linux kernel
Update instructions:
The problem can be corrected by installing an updated kernel with these
fixes and rebooting.
References:
CVE-2017-5754
More information about the ubuntu-security-announce
mailing list