| Errata ID | 498 |
|---|---|
| Date | 2018-01-31 |
| Source package | univention-kernel-image |
| Fixed in version | 10.0.0-11A~4.2.0.201801181659 |
| Description | This update of the Linux kernel to version 4.9.78 addresses the following issues: * Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (CVE-2017-5715) * kvm: stack-based out-of-bounds read via vmcall instruction (CVE-2017-17741) * Stack information leak in the EFS element (CVE-2017-1000410) This is a major update for the Linux kernel as Linux kernel version 4.1 is no longer maintained and does no longer get any security updates! Backporting the patches for 'Meltdown' and 'Spectre' is considered too risky. The Linux kernel provides a stable ABI so user programs should not notice the upgrade in general. Low-level programs like 'udev' have been updated to support both old and new Linux kernels, see also Errata 490-494. On the other hand kernel internal details have changed, which might break external kernel modules. |
| Additional notes | This is the third of three parts. |
| CVE ID | CVE-2017-5715 CVE-2017-17741 CVE-2017-1000410 |
| UCS Bug number | #46188 |
