You are here
Home > Preporuke > Sigurnosni nedostaci jezgre operacijskog sustava

Sigurnosni nedostaci jezgre operacijskog sustava

==========================================================================
Ubuntu Security Notice USN-4255-1
January 28, 2020

linux, linux-aws, linux-oem vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-oem: Linux kernel for OEM processors

Details:

It was discovered that the Linux kernel did not properly clear data
structures on context switches for certain Intel graphics processors. A
local attacker could use this to expose sensitive information.
(CVE-2019-14615)

It was discovered that a race condition can lead to a use-after-free while
destroying GEM contexts in the i915 driver for the Linux kernel. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-7053)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
linux-image-4.15.0-1058-aws 4.15.0-1058.60
linux-image-4.15.0-1067-oem 4.15.0-1067.77
linux-image-4.15.0-76-generic 4.15.0-76.86
linux-image-4.15.0-76-generic-lpae 4.15.0-76.86
linux-image-4.15.0-76-lowlatency 4.15.0-76.86
linux-image-aws 4.15.0.1058.59
linux-image-aws-lts-18.04 4.15.0.1058.59
linux-image-generic 4.15.0.76.78
linux-image-generic-lpae 4.15.0.76.78
linux-image-lowlatency 4.15.0.76.78
linux-image-oem 4.15.0.1067.71
linux-image-powerpc-e500mc 4.15.0.76.78
linux-image-powerpc-smp 4.15.0.76.78
linux-image-powerpc64-emb 4.15.0.76.78
linux-image-powerpc64-smp 4.15.0.76.78
linux-image-virtual 4.15.0.76.78

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4255-1
CVE-2019-14615, CVE-2020-7053

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.15.0-76.86
https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1058.60
https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1067.77

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl4vsE8ACgkQLwmejQBe
gfRXvw//cxDlKj1Msd7EgB5xZvV2Lm+MB5kfo+DTdhfQEPRaeKrQcY7U69YrXh18
3c5zFx/fPww/sTza+9JzquCBgF8jM8q1P9BvrhX25AKKF7k9SXf7SGgVCcn/dYbq
hlkGTTDs0jzlDlUJSph3s8MqYVcdBYuApqchuTSOFl8TFaNmdsrO0j/F7gfrdYHW
B0q4H4gh9/PtRpkF0MEs1SuDsCyaFRHimkLEs+sRnKnF3TS6PwJ8Qf8KGNvRTY9m
LXaSuAKjJ9h1YvpLD7GW71+wZaSO7A46qshQwkT/vMqizlf4Yim9/vjpHGqsjlN5
HGlyX3Zr7sz47fPcsz3wTh4CeMmKTL9F4fkeamEL920VBWZVknb+QRv1WnITiW2p
nZvMoOPlJXD621MurVJx4rr/r2jOd3dLrw8aax3eHLe+IqfycR/cq3frhTu/eevt
PD8mb34QKizT2tWVzpw8NdEULMo+FQgcZZoQbLH1lmqrWGOOvxJL5oi4rrc8ACpr
M6zh8RC5xzFZ4JBcthOQDhXsLYeIz1huo4Ik+LfQR+oTD26RN9hfP8ICsermFOe0
XwHhs1l2Zt9fBakCf9h48SRKNyODxKTzlK+KoDlOlYOA66RvyIy1GfmJ4w8U6wYq
ZUaII8w6ephgq10q7Q3cB/OowaqEzB1n3bqwYcbUOiVmfaiEDn8=
=eq2u
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4254-1
January 28, 2020

linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon
vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-kvm: Linux kernel for cloud environments
– linux-raspi2: Linux kernel for Raspberry Pi 2
– linux-snapdragon: Linux kernel for Snapdragon processors

Details:

It was discovered that the Linux kernel did not properly clear data
structures on context switches for certain Intel graphics processors. A
local attacker could use this to expose sensitive information.
(CVE-2019-14615)

It was discovered that a race condition existed in the Virtual Video Test
Driver in the Linux kernel. An attacker with write access to /dev/video0 on
a system with the vivid module loaded could possibly use this to gain
administrative privileges. (CVE-2019-18683)

It was discovered that the btrfs file system in the Linux kernel did not
properly validate metadata, leading to a NULL pointer dereference. An
attacker could use this to specially craft a file system image that, when
mounted, could cause a denial of service (system crash). (CVE-2019-18885)

It was discovered that multiple memory leaks existed in the Marvell WiFi-Ex
Driver for the Linux kernel. A local attacker could possibly use this to
cause a denial of service (kernel memory exhaustion). (CVE-2019-19057)

It was discovered that the crypto subsystem in the Linux kernel did not
properly deallocate memory in certain error conditions. A local attacker
could use this to cause a denial of service (kernel memory exhaustion).
(CVE-2019-19062)

It was discovered that the Realtek rtlwifi USB device driver in the Linux
kernel did not properly deallocate memory in certain error conditions. A
local attacker could possibly use this to cause a denial of service (kernel
memory exhaustion). (CVE-2019-19063)

Dan Carpenter discovered that the AppleTalk networking subsystem of the
Linux kernel did not properly handle certain error conditions, leading to a
NULL pointer dereference. A local attacker could use this to cause a denial
of service (system crash). (CVE-2019-19227)

It was discovered that the KVM hypervisor implementation in the Linux
kernel did not properly handle ioctl requests to get emulated CPUID
features. An attacker with access to /dev/kvm could use this to cause a
denial of service (system crash). (CVE-2019-19332)

It was discovered that the B2C2 FlexCop USB device driver in the Linux
kernel did not properly validate device metadata. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2019-15291)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.4.0-1065-kvm 4.4.0-1065.72
linux-image-4.4.0-1101-aws 4.4.0-1101.112
linux-image-4.4.0-1128-raspi2 4.4.0-1128.137
linux-image-4.4.0-1132-snapdragon 4.4.0-1132.140
linux-image-4.4.0-173-generic 4.4.0-173.203
linux-image-4.4.0-173-generic-lpae 4.4.0-173.203
linux-image-4.4.0-173-lowlatency 4.4.0-173.203
linux-image-4.4.0-173-powerpc-e500mc 4.4.0-173.203
linux-image-4.4.0-173-powerpc-smp 4.4.0-173.203
linux-image-4.4.0-173-powerpc64-emb 4.4.0-173.203
linux-image-4.4.0-173-powerpc64-smp 4.4.0-173.203
linux-image-aws 4.4.0.1101.105
linux-image-generic 4.4.0.173.181
linux-image-generic-lpae 4.4.0.173.181
linux-image-kvm 4.4.0.1065.65
linux-image-lowlatency 4.4.0.173.181
linux-image-powerpc-e500mc 4.4.0.173.181
linux-image-powerpc-smp 4.4.0.173.181
linux-image-powerpc64-emb 4.4.0.173.181
linux-image-powerpc64-smp 4.4.0.173.181
linux-image-raspi2 4.4.0.1128.128
linux-image-snapdragon 4.4.0.1132.124
linux-image-virtual 4.4.0.173.181

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4254-1
CVE-2019-14615, CVE-2019-15291, CVE-2019-18683, CVE-2019-18885,
CVE-2019-19057, CVE-2019-19062, CVE-2019-19063, CVE-2019-19227,
CVE-2019-19332

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-173.203
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1101.112
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1065.72
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1128.137
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1132.140

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl4vsNgACgkQLwmejQBe
gfSmdQ//W+8rd+72ReHjDH1LKVUq34XSFrH4bIX0uOSxR4Bbi1NS80csCueCloNO
/034+vdfbNSOIc50VAAkwe9hg3KHVe5EIBq0XVaAIvDUIrD7mKLhUxwi6Zt+YcRC
hfOs5ayPKeOjTzbaMgQLGnqma2x9o0T5FFm5ljhtLy4RqKiO4LVv03iAWpwIwIju
jH3dVKIuxyvQILB3mstio4FrKbAkvDD2X/vTBgZkAMmXf+hyWmXefl40M2S3OD+y
apQCE8f0NI7xuJHfl2GqoJKMb35YU1668lrfP7W8v0k2b805U3ROs/W6ZqyyzSJk
rdcQVUWicazl6z66/LwPCdR3WJNd18TNbOQ8iMy31s7WZdoPvSu6E6KBtJuRyk8n
bTFsKqWoIrJ8jL5r8rUfqyZI3M2ce4xKhXT/IfK5AG+L2QHvESo9EhKR2Swkji/b
G3M1vktLJzjXJSGYqzOi8i0LP7Z3nGIeHJZx7v314SmMOzET4EiGh26dS0JJhnmu
hdOBr1Mc1SvJHSY083TU0+OeMppyAdBbj2Qd6uO4wBBQsY5eFefT1vWwAwhy0vak
LVs+hif9k1LDozUr+CAJANC9Mn6PMWR+G+vmA35dL/MkWBPjrbKXusLIl0UYT2gr
/BpV/m/aDzowvmacAh7b/eVjIvkECEsyhSPH0G2+uGpEY+OuJEE=
=NY1Z
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4253-1
January 28, 2020

linux, linux-aws vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.10

Summary:

The Linux kernel could be made to expose sensitive information.

Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems

Details:

It was discovered that the Linux kernel did not properly clear data
structures on context switches for certain Intel graphics processors. A
local attacker could use this to expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
linux-image-5.3.0-1010-aws 5.3.0-1010.11
linux-image-5.3.0-29-generic 5.3.0-29.31
linux-image-5.3.0-29-generic-lpae 5.3.0-29.31
linux-image-5.3.0-29-lowlatency 5.3.0-29.31
linux-image-5.3.0-29-snapdragon 5.3.0-29.31
linux-image-aws 5.3.0.1010.12
linux-image-generic 5.3.0.29.33
linux-image-generic-lpae 5.3.0.29.33
linux-image-lowlatency 5.3.0.29.33
linux-image-virtual 5.3.0.29.33

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4253-1
CVE-2019-14615

Package Information:
https://launchpad.net/ubuntu/+source/linux/5.3.0-29.31
https://launchpad.net/ubuntu/+source/linux-aws/5.3.0-1010.11

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl4vsB8ACgkQLwmejQBe
gfSQtA//cx1iqvVVZCaVovQYxC95JPADgXeam73ABKLKVaYaJroMJMRzvfOUB4fX
dERqvDIo++nnm6S191C8AiOg+kPguNo6HWjo/hAYpVyTNaJfrQPK83HBY3RSh84y
Niwd9WnXTK5wAw0/tElgMCc7RiaZsx6B0423GAXmCqxyZRGe1VvtswXJGRhJkPuk
IQt4AzvpTJ0uemde0xqcRutiWmMlKJEMhjlQCGU3qvWdHo5CgEv8PkGUVaxKDfug
j8QVeE55hHb+o1hz9XBlpY/o9g8Lmy6CTPWHjr4pAJAVh/f2XkEbQz8ydJdX4TTb
zY7B+ZCOBptdxtnjzT3kQPUGiJN0jTYFAxlzU8bht30sEhS+XNYaSLaooWoRiTd8
xeGpCfgZXIrueCuun6Lgkg9NXY81Z83EKFMd/vYLDn39OnvNkHBFzW4McHGQVajk
+hGQksu9F8fN+ue2Uk3XLF7X8Ok6jiC1oLGukDmRHhxN1hNtXOSlxtXH3LS+hFOM
XGCaShnUP+87BilXAn7jLQC2KhOf5RKYfwcw9tLpgrjs9HlN5aICEH6YxWqyXf7r
THRJFYKmoCLtneXfIEkZyKwVa0fx1MUdQ/DRE6OvvfmVwoYLfn3qW28Wfdppw3mi
87I51pIPLNEjl9G5t0xVgR81eqRYDNflKTiTBP9ly3xAFOnSTVE=
=j5Xs
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libarchive

Otkriven je sigurnosni nedostatak programske biblioteke libarchive za operacijski sustav RHEL. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja. Savjetuje...

Close