[QSA-0524181] Linux kernel vulnerabilities
Qlustar Security Advisory 0524181
May 24th, 2018Summary:
The system could crash or be made to run programs as an administrator.
Package(s) : linux-image-ql-generic,
qlustar-module-core-xenial-amd64-10.0.0
Qlustar releases : 10.0
Affected versions: All versions prior to this update
Vulnerability : privilege escalation/denial of service
Problem type : local
Qlustar-specific : no
CVE Id(s) : CVE-2018-3639
A number of vulnerabilities and bugs have been discovered in the 4.9.x Linux kernel series since the last Qlustar release based on 4.9.98. They may lead to a denial of service or privilege escalation. In particular, this update includes mitigation against Spectre v4. But note, for full protection against Spectre v4 on affected Intel CPUs, you'll also require a BIOS or microcode update from your hardware vendor or Intel. Please check the following web pages that contain details of the fixes in each release after 4.9.98 up to the current Qlustar kernel 4.9.102:
Linux kernel 4.9.102
Linux kernel 4.9.101
Linux kernel 4.9.100
Linux kernel 4.9.99
Update instructions:
The problem can be corrected by updating your system to the following or more recent package versions (follow the Qlustar Update Instructions):
linux-image-ql-generic 4.9.102-ql-generic-10.0-18
qlustar-module-core-trusty-amd64-10.0.0 10.0.0.2-b484f1139
