Security vulnerability: update kernel packages on Ubuntu slaves (USN-2800-1 and related)
Bug #1514759 reported by
Adam Heczko
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Mirantis OpenStack |
Invalid
|
High
|
MOS Linux | ||
| 5.1.x |
Won't Fix
|
High
|
MOS Maintenance | ||
| 6.0.x |
Won't Fix
|
High
|
MOS Maintenance | ||
| 6.1.x |
Won't Fix
|
High
|
MOS Maintenance | ||
| 7.0.x |
Invalid
|
High
|
MOS Maintenance | ||
| 8.0.x |
Invalid
|
High
|
MOS Linux | ||
Bug Description
Problem description:
Ubuntu updated Linux 3.13 kernel packages for 14.04 and 12.04 LTS editions to mitigate DOS vulnerability in KVM.
Ben Serebrin discovered that the KVM hypervisor implementation in the Linux
kernel did not properly catch Alignment Check exceptions. An attacker in a
guest virtual machine could use this to cause a denial of service (system
crash) in the host OS.
Solution proposal:
Recompile and publish updated Linux kernel packages.
Upstream bug reports:
Ubuntu 14.04: http://
Ubuntu 12.04 HWE: http://
CVE References
Revision history for this message
| Aleksander Mogylchenko (amogylchenko) wrote | #1 |
Revision history for this message
| Vitaly Sedelnik (vsedelnik) wrote | #2 |
Revision history for this message
| Vitaly Sedelnik (vsedelnik) wrote | #3 |
Revision history for this message
| Alexey Stupnikov (astupnikov) wrote | #4 |
Revision history for this message
| Alexey Stupnikov (astupnikov) wrote | #5 |
To post a comment you must log in.
All updates will be consumed from Ubuntu.