USN-2849-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-2849-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-2849-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-2849-1
Related
  • CVE-2015-8550
  • CVE-2015-8551
  • CVE-2015-8552
  • CVE-2015-8709
Published
2015-12-19T11:40:13.751100Z
Modified
2015-12-19T11:40:13.751100Z
Summary
linux-lts-utopic vulnerabilities
Details

Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. (CVE-2015-8550)

Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform consistency checks on the device's state. An attacker could exploit this flaw to cause a denial of service (NULL dereference) on the host. (CVE-2015-8551)

Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform consistency checks on the device's state. An attacker could exploit this flaw to cause a denial of service by flooding the logging system with WARN() messages causing the initial domain to exhaust disk space. (CVE-2015-8552)

Jann Horn discovered a ptrace issue with user namespaces in the Linux kernel. The namespace owner could potentially exploit this flaw by ptracing a root owned process entering the user namespace to elevate its privileges and potentially gain access outside of the namespace. (http://bugs.launchpad.net/bugs/1527374, CVE-2015-8709)

References

Affected packages

Ubuntu:14.04:LTS / linux-lts-utopic

Package

Name
linux-lts-utopic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.16.0-57.77~14.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-extra-3.16.0-57-generic": "3.16.0-57.77~14.04.1",
            "linux-image-3.16.0-57-powerpc-e500mc": "3.16.0-57.77~14.04.1",
            "linux-image-3.16.0-57-powerpc64-smp": "3.16.0-57.77~14.04.1",
            "linux-image-3.16.0-57-generic-lpae": "3.16.0-57.77~14.04.1",
            "linux-image-3.16.0-57-lowlatency": "3.16.0-57.77~14.04.1",
            "linux-image-3.16.0-57-powerpc-smp": "3.16.0-57.77~14.04.1",
            "linux-image-3.16.0-57-powerpc64-emb": "3.16.0-57.77~14.04.1",
            "linux-image-3.16.0-57-generic": "3.16.0-57.77~14.04.1"
        }
    ]
}