You are here
Home > Preporuke > Sigurnosni nedostaci jezgre operacijskog sustava

Sigurnosni nedostaci jezgre operacijskog sustava

==========================================================================
Ubuntu Security Notice USN-4210-1
December 03, 2019

linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gke-4.15, linux-hwe,
linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon
vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-gke-4.15: Linux kernel for Google Container Engine (GKE) systems
– linux-kvm: Linux kernel for cloud environments
– linux-oem: Linux kernel for OEM processors
– linux-oracle: Linux kernel for Oracle Cloud systems
– linux-raspi2: Linux kernel for Raspberry Pi 2
– linux-snapdragon: Linux kernel for Snapdragon processors
– linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
– linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
– linux-hwe: Linux hardware enablement (HWE) kernel

Details:

It was discovered that a buffer overflow existed in the 802.11 Wi-Fi
configuration interface for the Linux kernel when handling beacon settings.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2019-16746)

Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel
did not properly validate SSID lengths. A physically proximate attacker
could use this to cause a denial of service (system crash).
(CVE-2019-17133)

It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel
did not properly deallocate memory in certain error conditions. A local
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2019-19060)

It was discovered that the Intel OPA Gen1 Infiniband Driver for the Linux
kernel did not properly deallocate memory in certain error conditions. A
local attacker could use this to cause a denial of service (memory
exhaustion). (CVE-2019-19065)

It was discovered that the Cascoda CA8210 SPI 802.15.4 wireless controller
driver for the Linux kernel did not properly deallocate memory in certain
error conditions. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2019-19075)

Nicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux
kernel performed DMA from a kernel stack. A local attacker could use this
to cause a denial of service (system crash). (CVE-2019-17075)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
linux-image-4.15.0-1030-oracle 4.15.0-1030.33
linux-image-4.15.0-1049-gke 4.15.0-1049.52
linux-image-4.15.0-1051-kvm 4.15.0-1051.51
linux-image-4.15.0-1052-raspi2 4.15.0-1052.56
linux-image-4.15.0-1056-aws 4.15.0-1056.58
linux-image-4.15.0-1065-oem 4.15.0-1065.75
linux-image-4.15.0-1069-snapdragon 4.15.0-1069.76
linux-image-4.15.0-72-generic 4.15.0-72.81
linux-image-4.15.0-72-generic-lpae 4.15.0-72.81
linux-image-4.15.0-72-lowlatency 4.15.0-72.81
linux-image-aws 4.15.0.1056.57
linux-image-aws-lts-18.04 4.15.0.1056.57
linux-image-generic 4.15.0.72.74
linux-image-generic-lpae 4.15.0.72.74
linux-image-gke 4.15.0.1049.52
linux-image-gke-4.15 4.15.0.1049.52
linux-image-kvm 4.15.0.1051.51
linux-image-lowlatency 4.15.0.72.74
linux-image-oem 4.15.0.1065.69
linux-image-oracle 4.15.0.1030.35
linux-image-oracle-lts-18.04 4.15.0.1030.35
linux-image-powerpc-e500mc 4.15.0.72.74
linux-image-powerpc-smp 4.15.0.72.74
linux-image-powerpc64-emb 4.15.0.72.74
linux-image-powerpc64-smp 4.15.0.72.74
linux-image-raspi2 4.15.0.1052.50
linux-image-snapdragon 4.15.0.1069.72
linux-image-virtual 4.15.0.72.74

Ubuntu 16.04 LTS:
linux-image-4.15.0-1030-oracle 4.15.0-1030.33~16.04.1
linux-image-4.15.0-1050-gcp 4.15.0-1050.53
linux-image-4.15.0-1056-aws 4.15.0-1056.58~16.04.1
linux-image-4.15.0-72-generic 4.15.0-72.81~16.04.1
linux-image-4.15.0-72-generic-lpae 4.15.0-72.81~16.04.1
linux-image-4.15.0-72-lowlatency 4.15.0-72.81~16.04.1
linux-image-aws-hwe 4.15.0.1056.56
linux-image-gcp 4.15.0.1050.64
linux-image-generic-hwe-16.04 4.15.0.72.92
linux-image-generic-lpae-hwe-16.04 4.15.0.72.92
linux-image-gke 4.15.0.1050.64
linux-image-lowlatency-hwe-16.04 4.15.0.72.92
linux-image-oem 4.15.0.72.92
linux-image-oracle 4.15.0.1030.23
linux-image-virtual-hwe-16.04 4.15.0.72.92

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4210-1
CVE-2019-16746, CVE-2019-17075, CVE-2019-17133, CVE-2019-19060,
CVE-2019-19065, CVE-2019-19075

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.15.0-72.81
https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1056.58
https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1049.52
https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1051.51
https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1065.75
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1030.33
https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1052.56
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1069.76
https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1056.58~16.04.1
https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1050.53
https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-72.81~16.04.1
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1030.33~16.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl3l0s0ACgkQLwmejQBe
gfSQaw/+N8t7x0ZZmjf8Bc2mqSjaCSi2r2bIKIOFd8OW9AYNzI2dLwoodPzQs9Bu
3Fmll36WnMRH2z0K8sT62bdvaScafp3UKe+AB+xr/c6mjYZ4A4vHMSaNOtN/O2Mk
iDZRLQX6Ye6OVB0EHIuxKoR0Y7njcl5KDVRR9hRJ42iQQDTBYkSHzSlAUnqWSksG
2mG0vLAAHx5IzY9/jLz3C+hafg47KxbpiJPEZmYiogZblh8td1RNkwVaSPce+hcp
JqMtzTtPiF7CMs+WtiVmJL7vHEFq8LccTEzgYLhkEbaeSl8gdZuqaC05Z/xYBNe/
E/Qt1dwPETNbDNcXTa5pHESV36BbsdNe5BLRR0B688NUBZDWMu/+Pr7lnKlLutmK
AE75YQIJ3sT6kTbKt/StIH0GGOpSDuZ2JshePgh6L7YtoylKj0T1i4fGFAQsa5Hx
SpkpJzVGvoAhwcubBIokPBmMrWg+gN09ObuLoQ43hPjQ9XlL/KY0fpK+857zZCYY
Yuf6sbv3zuuVuKIySCZOjc2I/A1amFMoAq3kRjcFF9Pye1wQUjYyDuY67XgGQwIe
+LGh0ICQaQ9ZslyqRb+91VZYNHAzswegEFBUZM+o0VOdgDvmRhmlPu+4VPB+PeER
HKwKPGkj5TDvCuN194i49JuD6yJgqGRNcPjffp7C1k1fkDKYHT0=
=qN6x
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4211-2
December 03, 2019

linux-lts-xenial, linux-aws vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

USN-4211-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 ESM.

Zhipeng Xie discovered that an infinite loop could be triggered in the CFS
Linux kernel process scheduler. A local attacker could possibly use this to
cause a denial of service. (CVE-2018-20784)

Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel
did not properly validate SSID lengths. A physically proximate attacker
could use this to cause a denial of service (system crash).
(CVE-2019-17133)

Nicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux
kernel performed DMA from a kernel stack. A local attacker could use this
to cause a denial of service (system crash). (CVE-2019-17075)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
linux-image-4.4.0-1059-aws 4.4.0-1059.63
linux-image-4.4.0-170-generic 4.4.0-170.199~14.04.1
linux-image-4.4.0-170-generic-lpae 4.4.0-170.199~14.04.1
linux-image-4.4.0-170-lowlatency 4.4.0-170.199~14.04.1
linux-image-4.4.0-170-powerpc-e500mc 4.4.0-170.199~14.04.1
linux-image-4.4.0-170-powerpc-smp 4.4.0-170.199~14.04.1
linux-image-4.4.0-170-powerpc64-emb 4.4.0-170.199~14.04.1
linux-image-4.4.0-170-powerpc64-smp 4.4.0-170.199~14.04.1
linux-image-aws 4.4.0.1059.60
linux-image-generic-lpae-lts-xenial 4.4.0.170.149
linux-image-generic-lts-xenial 4.4.0.170.149
linux-image-lowlatency-lts-xenial 4.4.0.170.149
linux-image-powerpc-e500mc-lts-xenial 4.4.0.170.149
linux-image-powerpc-smp-lts-xenial 4.4.0.170.149
linux-image-powerpc64-emb-lts-xenial 4.4.0.170.149
linux-image-powerpc64-smp-lts-xenial 4.4.0.170.149
linux-image-virtual-lts-xenial 4.4.0.170.149

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4211-2
https://usn.ubuntu.com/4211-1
CVE-2018-20784, CVE-2019-17075, CVE-2019-17133

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl3l0uwACgkQLwmejQBe
gfSb3A/+K4ZGq23xtkgOJGq0Mc8xcijabjWv9mmQom/BOsMfhQ838AqLmu0E0nsb
qwF6VfWejFI94LM+0ZC+cj5fOVdQoue/O1glDTLD4+eHuLoNVPjn6d/23XtzSJtD
SvoNulyyhKWllQwnpkhaAwsNC9equlOeiKtwpGx3zDSQEMtHSDBWgqtMQ4aGE+4s
vCapHPZiHmx3z87QH03/7+0/5nreIjJkUl6/f4KqHJmPSMnn4D8Uo1ij8XSkiorP
tEN3Hh7GU546BqhokBR2BnHB3+QYSZqzcAx1GhcDXA4LrFHwE11MAIJ5rUu0I5l6
6sk02UG58mbUQr0+VUFM5PZbABmSpdIV8erFM8XkE1H9oXCsPsEGRyMghMyAGG0m
+vmFinmGuToJWZgC0QjIR1Vx/adDZX2e8OCJrNToG85C5UOsJWC3wof9+a0ekN7/
23tYpJz1nKZi/0Zg5usFk5qfSEu4aWBP6JE37LWhh3lwVWPnRA3/uye4FyMImU7S
W9gxSglBmL16IW1F6xtPf/XcyJz0NjiRL1PPCdMfB6m4MGODFLxvq5ZjrYy0h04h
daKzefd6VQ0YRDzC/qDd0rNmJx54tzLMHcTIJGos5KdpZGKR6UG7yW0YWuV28XWL
OVNiQ1Fx7VIzT03UTJTvgWYtz7nmup78Erri6SYcxxks7tY0wi0=
=Mopd
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4211-1
December 03, 2019

linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon
vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-kvm: Linux kernel for cloud environments
– linux-raspi2: Linux kernel for Raspberry Pi 2
– linux-snapdragon: Linux kernel for Snapdragon processors

Details:

Zhipeng Xie discovered that an infinite loop could be triggered in the CFS
Linux kernel process scheduler. A local attacker could possibly use this to
cause a denial of service. (CVE-2018-20784)

Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel
did not properly validate SSID lengths. A physically proximate attacker
could use this to cause a denial of service (system crash).
(CVE-2019-17133)

Nicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux
kernel performed DMA from a kernel stack. A local attacker could use this
to cause a denial of service (system crash). (CVE-2019-17075)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.4.0-1063-kvm 4.4.0-1063.70
linux-image-4.4.0-1099-aws 4.4.0-1099.110
linux-image-4.4.0-1126-raspi2 4.4.0-1126.135
linux-image-4.4.0-1130-snapdragon 4.4.0-1130.138
linux-image-4.4.0-170-generic 4.4.0-170.199
linux-image-4.4.0-170-generic-lpae 4.4.0-170.199
linux-image-4.4.0-170-lowlatency 4.4.0-170.199
linux-image-4.4.0-170-powerpc-e500mc 4.4.0-170.199
linux-image-4.4.0-170-powerpc-smp 4.4.0-170.199
linux-image-4.4.0-170-powerpc64-emb 4.4.0-170.199
linux-image-4.4.0-170-powerpc64-smp 4.4.0-170.199
linux-image-aws 4.4.0.1099.103
linux-image-generic 4.4.0.170.178
linux-image-generic-lpae 4.4.0.170.178
linux-image-kvm 4.4.0.1063.63
linux-image-lowlatency 4.4.0.170.178
linux-image-powerpc-e500mc 4.4.0.170.178
linux-image-powerpc-smp 4.4.0.170.178
linux-image-powerpc64-emb 4.4.0.170.178
linux-image-powerpc64-smp 4.4.0.170.178
linux-image-raspi2 4.4.0.1126.126
linux-image-snapdragon 4.4.0.1130.122
linux-image-virtual 4.4.0.170.178

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4211-1
CVE-2018-20784, CVE-2019-17075, CVE-2019-17133

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-170.199
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1099.110
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1063.70
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1126.135
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1130.138

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl3l0tcACgkQLwmejQBe
gfQmWxAAhILg2kkJR8FfdP5lMlY3pc4RIWdxD6R7YfFp2rYW2kbvEb2Z1DyP17ij
jQN4i5kkfxiPgO9fkwTXqY8daSaLhZmkUX6n6qG+3FHyne7uoUQlL5vgwhjkUFKs
DabN+L/TwWv0MlFYtaA5pG7Ho3Q8oaa8MT7tb3a3qoDGgJ0g7DkaR8lbwkC9XOyd
pkHiSYvxPGnYPR2+E0FUcfzT0xLs6J5iQAul5fV/l2t/nGQwCe4euUgJYyatL0lq
tdmTSaFU7Jn6SnZlVybcmGA/sqwHHDDkapx9pk54l/14fwbkFHZE1K+YzxkCU7+c
9+Nn7MyKPDbHCjSl0cpbiIfZAl4USQqhxeZuXsfDhPg8X8QSPjilG4UgapekGX4p
oZh3Oa2704WdB8+2xMHrxJf4EhR/A3GIKU2riUQ4/tk9HHpr6lmwLyjRzDfydI3w
qCdys5o/dZeyeCpwJsgBtDSItPzIMi5hPU2j54OIPJAiD5CcO+p1rcBsGawgtob9
poRqMwmJFCoqs6iGnVoVHN0lCaU3LNc2uhjPCthseTnLPE3gHNJ6e049XeWaxhbA
+3febgZIXqAO5Z5OxddvjzpC1b7LaZp92Dz6O5xI4R8IOKNAEl3ChqDpm2INcMoJ
VP+8Mk7VvPU8qWSYWnMEFDP3i8gN9kwiNso+PEQnNJ8UGFG1fog=
=ZYPG
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4209-1
December 02, 2019

linux, linux-aws, linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-hwe,
linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2
vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
– linux-kvm: Linux kernel for cloud environments
– linux-oracle: Linux kernel for Oracle Cloud systems
– linux-raspi2: Linux kernel for Raspberry Pi 2
– linux-aws-5.0: Linux kernel for Amazon Web Services (AWS) systems
– linux-gke-5.0: Linux kernel for Google Container Engine (GKE) systems
– linux-hwe: Linux hardware enablement (HWE) kernel
– linux-oem-osp1: Linux kernel for OEM processors
– linux-oracle-5.0: Linux kernel for Oracle Cloud systems

Details:

Jann Horn discovered that the OverlayFS and ShiftFS Drivers in the Linux
kernel did not properly handle reference counting during memory mapping
operations when used in conjunction with AUFS. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-15794)

It was discovered that a buffer overflow existed in the 802.11 Wi-Fi
configuration interface for the Linux kernel when handling beacon settings.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2019-16746)

It was discovered that there was a memory leak in the Advanced Buffer
Management functionality of the Netronome NFP4000/NFP6000 NIC Driver in the
Linux kernel during certain error scenarios. A local attacker could use
this to cause a denial of service (memory exhaustion). (CVE-2019-19076)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
linux-image-5.0.0-1008-oracle 5.0.0-1008.13
linux-image-5.0.0-1022-aws 5.0.0-1022.25
linux-image-5.0.0-1023-kvm 5.0.0-1023.25
linux-image-5.0.0-1023-raspi2 5.0.0-1023.24
linux-image-5.0.0-1026-gcp 5.0.0-1026.27
linux-image-5.0.0-37-generic 5.0.0-37.40
linux-image-5.0.0-37-generic-lpae 5.0.0-37.40
linux-image-5.0.0-37-lowlatency 5.0.0-37.40
linux-image-aws 5.0.0.1022.24
linux-image-gcp 5.0.0.1026.51
linux-image-generic 5.0.0.37.39
linux-image-generic-lpae 5.0.0.37.39
linux-image-gke 5.0.0.1026.51
linux-image-kvm 5.0.0.1023.24
linux-image-lowlatency 5.0.0.37.39
linux-image-oracle 5.0.0.1008.34
linux-image-raspi2 5.0.0.1023.21
linux-image-virtual 5.0.0.37.39

Ubuntu 18.04 LTS:
linux-image-5.0.0-1008-oracle 5.0.0-1008.13~18.04.1
linux-image-5.0.0-1022-aws 5.0.0-1022.25~18.04.1
linux-image-5.0.0-1026-gcp 5.0.0-1026.27~18.04.1
linux-image-5.0.0-1026-gke 5.0.0-1026.27~18.04.2
linux-image-5.0.0-1030-oem-osp1 5.0.0-1030.34
linux-image-5.0.0-37-generic 5.0.0-37.40~18.04.1
linux-image-5.0.0-37-generic-lpae 5.0.0-37.40~18.04.1
linux-image-5.0.0-37-lowlatency 5.0.0-37.40~18.04.1
linux-image-aws-edge 5.0.0.1022.36
linux-image-gcp 5.0.0.1026.30
linux-image-generic-hwe-18.04 5.0.0.37.95
linux-image-generic-lpae-hwe-18.04 5.0.0.37.95
linux-image-gke-5.0 5.0.0.1026.15
linux-image-lowlatency-hwe-18.04 5.0.0.37.95
linux-image-oem-osp1 5.0.0.1030.34
linux-image-oracle-edge 5.0.0.1008.7
linux-image-snapdragon-hwe-18.04 5.0.0.37.95
linux-image-virtual-hwe-18.04 5.0.0.37.95

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4209-1
CVE-2019-15794, CVE-2019-16746, CVE-2019-19076

Package Information:
https://launchpad.net/ubuntu/+source/linux/5.0.0-37.40
https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1022.25
https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1026.27
https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1023.25
https://launchpad.net/ubuntu/+source/linux-oracle/5.0.0-1008.13
https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1023.24
https://launchpad.net/ubuntu/+source/linux-aws-5.0/5.0.0-1022.25~18.04.1
https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1026.27~18.04.1
https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1026.27~18.04.2
https://launchpad.net/ubuntu/+source/linux-hwe/5.0.0-37.40~18.04.1
https://launchpad.net/ubuntu/+source/linux-oem-osp1/5.0.0-1030.34
https://launchpad.net/ubuntu/+source/linux-oracle-5.0/5.0.0-1008.13~18.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl3l0sMACgkQLwmejQBe
gfQvJg/9H/h6j+4eWtncB4Pb1sWNs+DcXWL9eELMvNXm/uEN1fLC9Cc193cnoult
CpVPfWq6ZqMGr1/BJL1yXaGAwgZlWewpT45x2En1Zl3ZaCuEi/9nOgJsFZ7W27W1
xY/mPz+VI+v6yB8lUFBtbkpwRnf3QeQqM3ay6MlJyIzo62Z16lhP08WPW1RggEYN
JZXsvoXjSm/7N/+ZRVINAKLv69DTJuOqzlB+jvKEf+OSqcu9VxdPCvMo+g4mwPr3
XVVVtIFjNt0LreFqtKKRcNpDHrVogM5po6sEwbaKm5ctaxyTXvQovY2CJ/v+HqkS
sIQDMVWoXeQuAMIpX1begBg1mcNSvElfs99U/Bdqq/AWiE1XcuKjpKy4Um3IPM8Q
ohu6Ro1WaStKlYVxlCdKd8rruZX33jYgJMkw7ncoYNbH6oRtnls5LOuj3yYlX47D
zHGPZOBP8tL/q89CCG3L51LYlBzWKLV5WSiccNOa/PVuYyiN3MA/p+zAmwGI3uSE
6EYzWUyVEdjwv1dqCDmXFL5aiCelluY8XAv+p/uuS+k+L32oFoKlReRxxjHDUmKD
feJad+qv8T23tyGwcMV8ELIFUMkZ6LR9olnIWQOsIvCP/3yGKjHCRMHhEI9QEUPt
TaIkHZnnXly4rYQefXrU1azKrEsdVjdurAuV4ENy3e/ttT4OseE=
=apQg
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4208-1
December 02, 2019

linux, linux-aws, linux-gcp, linux-gcp-5.3, linux-kvm, linux-oracle
vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.10
– Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
– linux-kvm: Linux kernel for cloud environments
– linux-oracle: Linux kernel for Oracle Cloud systems
– linux-gcp-5.3: Linux kernel for Google Cloud Platform (GCP) systems

Details:

Jann Horn discovered that the OverlayFS and ShiftFS Drivers in the Linux
kernel did not properly handle reference counting during memory mapping
operations when used in conjunction with AUFS. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-15794)

Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel
did not properly validate SSID lengths. A physically proximate attacker
could use this to cause a denial of service (system crash).
(CVE-2019-17133)

It was discovered that the ARM Komeda display driver for the Linux kernel
did not properly deallocate memory in certain error conditions. A local
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2019-18810)

It was discovered that the VirtualBox guest driver implementation in the
Linux kernel did not properly deallocate memory in certain error
conditions. A local attacker could use this to cause a denial of service
(memory exhaustion). (CVE-2019-19048)

It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel
did not properly deallocate memory in certain error conditions. A local
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2019-19060, CVE-2019-19061)

It was discovered that the Intel OPA Gen1 Infiniband Driver for the Linux
kernel did not properly deallocate memory in certain error conditions. A
local attacker could use this to cause a denial of service (memory
exhaustion). (CVE-2019-19065)

It was discovered that the AMD Audio CoProcessor Driver for the Linux
kernel did not properly deallocate memory in certain error conditions. A
local attacker with the ability to load modules could use this to cause a
denial of service (memory exhaustion). (CVE-2019-19067)

It was discovered in the Qualcomm FastRPC Driver for the Linux kernel did
not properly deallocate memory in certain error conditions. A local
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2019-19069)

It was discovered that the Cascoda CA8210 SPI 802.15.4 wireless controller
driver for the Linux kernel did not properly deallocate memory in certain
error conditions. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2019-19075)

It was discovered that the AMD Display Engine Driver in the Linux kernel
did not properly deallocate memory in certain error conditions. A local
attack could use this to cause a denial of service (memory exhaustion).
(CVE-2019-19083)

Nicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux
kernel performed DMA from a kernel stack. A local attacker could use this
to cause a denial of service (system crash). (CVE-2019-17075)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
linux-image-5.3.0-1007-oracle 5.3.0-1007.8
linux-image-5.3.0-1008-aws 5.3.0-1008.9
linux-image-5.3.0-1008-kvm 5.3.0-1008.9
linux-image-5.3.0-1009-gcp 5.3.0-1009.10
linux-image-5.3.0-24-generic 5.3.0-24.26
linux-image-5.3.0-24-generic-lpae 5.3.0-24.26
linux-image-5.3.0-24-lowlatency 5.3.0-24.26
linux-image-5.3.0-24-snapdragon 5.3.0-24.26
linux-image-aws 5.3.0.1008.10
linux-image-gcp 5.3.0.1009.10
linux-image-generic 5.3.0.24.28
linux-image-generic-lpae 5.3.0.24.28
linux-image-gke 5.3.0.1009.10
linux-image-kvm 5.3.0.1008.10
linux-image-lowlatency 5.3.0.24.28
linux-image-oracle 5.3.0.1007.8
linux-image-snapdragon 5.3.0.24.28
linux-image-virtual 5.3.0.24.28

Ubuntu 18.04 LTS:
linux-image-5.3.0-1009-gcp 5.3.0-1009.10~18.04.1
linux-image-gcp-edge 5.3.0.1009.9

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4208-1
CVE-2019-15794, CVE-2019-17075, CVE-2019-17133, CVE-2019-18810,
CVE-2019-19048, CVE-2019-19060, CVE-2019-19061, CVE-2019-19065,
CVE-2019-19067, CVE-2019-19069, CVE-2019-19075, CVE-2019-19083

Package Information:
https://launchpad.net/ubuntu/+source/linux/5.3.0-24.26
https://launchpad.net/ubuntu/+source/linux-aws/5.3.0-1008.9
https://launchpad.net/ubuntu/+source/linux-gcp/5.3.0-1009.10
https://launchpad.net/ubuntu/+source/linux-kvm/5.3.0-1008.9
https://launchpad.net/ubuntu/+source/linux-oracle/5.3.0-1007.8
https://launchpad.net/ubuntu/+source/linux-gcp-5.3/5.3.0-1009.10~18.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl3l0rcACgkQLwmejQBe
gfRJOQ/+PLvi/8aFx7Iqvw2CahgwcONsGiNxCIXSi1Cpsoog426O6RW3JNXM4qHh
2lk0I62Io7TrxPSaqwRov5ofhW8Arg/QsZ417GgDhshaoMRBN3GrmyNVyCWrMmXl
6u+ndWQmw21+brA393ZrlRKv1mEkDa2YO6pJ4NHci+9tJab0jGk8wQEqa77uF4ns
nOtjXwlRh4dY337850+JG4XggM5b88TK4YByUn/Jb9mbg2DZZQDPJHLvnCrkQcoP
9mihYYZoK9Wnv84hPt2Gl5KNmBnPuVQfc1cRJkTzXfQO7ifYh3PDG2b6JdIJip+N
u1t08mygtSHekEwXX09rTKsoCa5WErH4g5xWOKzoktbv13QL7oOF+ZcVOzTM5Ij0
MunBCkTvHf5V60MAbGGIJqdijUV615gCdnBjEL006rCkYSTLKSaqPuS8nT4LifA6
4UmTuvFpGSRfbZbe8OorN5XEbK87WhSV+vtfDGAzBPul8W6NYDdYa+U7tf1tBrj4
UiueST4YgYS+Z2qYupbrSS75nN8ZO2fCEMEB09Js/SDbYthLk7rHpQ835boD5MJQ
YneIurhqhrbNbiQWyd/gzjay0Os10tJ5pcyNQKViNZf/Joey5n6mbT0PKQsmgMJL
NLwDdhGI3zD4Wf/yfP3ELOMu0IW6Jc3aR5+iOXglx/c4Jn3bQ3c=
=ShrC
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa sqlite3

Otkriveni su sigurnosni nedostaci u programskom paketu sqlite3 za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja...

Close