==========================================================================
Ubuntu Security Notice USN-4255-1
January 28, 2020
linux, linux-aws, linux-oem vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-oem: Linux kernel for OEM processors
Details:
It was discovered that the Linux kernel did not properly clear data
structures on context switches for certain Intel graphics processors. A
local attacker could use this to expose sensitive information.
(CVE-2019-14615)
It was discovered that a race condition can lead to a use-after-free while
destroying GEM contexts in the i915 driver for the Linux kernel. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-7053)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
linux-image-4.15.0-1058-aws 4.15.0-1058.60
linux-image-4.15.0-1067-oem 4.15.0-1067.77
linux-image-4.15.0-76-generic 4.15.0-76.86
linux-image-4.15.0-76-generic-lpae 4.15.0-76.86
linux-image-4.15.0-76-lowlatency 4.15.0-76.86
linux-image-aws 4.15.0.1058.59
linux-image-aws-lts-18.04 4.15.0.1058.59
linux-image-generic 4.15.0.76.78
linux-image-generic-lpae 4.15.0.76.78
linux-image-lowlatency 4.15.0.76.78
linux-image-oem 4.15.0.1067.71
linux-image-powerpc-e500mc 4.15.0.76.78
linux-image-powerpc-smp 4.15.0.76.78
linux-image-powerpc64-emb 4.15.0.76.78
linux-image-powerpc64-smp 4.15.0.76.78
linux-image-virtual 4.15.0.76.78
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4255-1
CVE-2019-14615, CVE-2020-7053
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.15.0-76.86
https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1058.60
https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1067.77
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl4vsE8ACgkQLwmejQBe
gfRXvw//cxDlKj1Msd7EgB5xZvV2Lm+MB5kfo+DTdhfQEPRaeKrQcY7U69YrXh18
3c5zFx/fPww/sTza+9JzquCBgF8jM8q1P9BvrhX25AKKF7k9SXf7SGgVCcn/dYbq
hlkGTTDs0jzlDlUJSph3s8MqYVcdBYuApqchuTSOFl8TFaNmdsrO0j/F7gfrdYHW
B0q4H4gh9/PtRpkF0MEs1SuDsCyaFRHimkLEs+sRnKnF3TS6PwJ8Qf8KGNvRTY9m
LXaSuAKjJ9h1YvpLD7GW71+wZaSO7A46qshQwkT/vMqizlf4Yim9/vjpHGqsjlN5
HGlyX3Zr7sz47fPcsz3wTh4CeMmKTL9F4fkeamEL920VBWZVknb+QRv1WnITiW2p
nZvMoOPlJXD621MurVJx4rr/r2jOd3dLrw8aax3eHLe+IqfycR/cq3frhTu/eevt
PD8mb34QKizT2tWVzpw8NdEULMo+FQgcZZoQbLH1lmqrWGOOvxJL5oi4rrc8ACpr
M6zh8RC5xzFZ4JBcthOQDhXsLYeIz1huo4Ik+LfQR+oTD26RN9hfP8ICsermFOe0
XwHhs1l2Zt9fBakCf9h48SRKNyODxKTzlK+KoDlOlYOA66RvyIy1GfmJ4w8U6wYq
ZUaII8w6ephgq10q7Q3cB/OowaqEzB1n3bqwYcbUOiVmfaiEDn8=
=eq2u
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-4254-1
January 28, 2020
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon
vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-kvm: Linux kernel for cloud environments
– linux-raspi2: Linux kernel for Raspberry Pi 2
– linux-snapdragon: Linux kernel for Snapdragon processors
Details:
It was discovered that the Linux kernel did not properly clear data
structures on context switches for certain Intel graphics processors. A
local attacker could use this to expose sensitive information.
(CVE-2019-14615)
It was discovered that a race condition existed in the Virtual Video Test
Driver in the Linux kernel. An attacker with write access to /dev/video0 on
a system with the vivid module loaded could possibly use this to gain
administrative privileges. (CVE-2019-18683)
It was discovered that the btrfs file system in the Linux kernel did not
properly validate metadata, leading to a NULL pointer dereference. An
attacker could use this to specially craft a file system image that, when
mounted, could cause a denial of service (system crash). (CVE-2019-18885)
It was discovered that multiple memory leaks existed in the Marvell WiFi-Ex
Driver for the Linux kernel. A local attacker could possibly use this to
cause a denial of service (kernel memory exhaustion). (CVE-2019-19057)
It was discovered that the crypto subsystem in the Linux kernel did not
properly deallocate memory in certain error conditions. A local attacker
could use this to cause a denial of service (kernel memory exhaustion).
(CVE-2019-19062)
It was discovered that the Realtek rtlwifi USB device driver in the Linux
kernel did not properly deallocate memory in certain error conditions. A
local attacker could possibly use this to cause a denial of service (kernel
memory exhaustion). (CVE-2019-19063)
Dan Carpenter discovered that the AppleTalk networking subsystem of the
Linux kernel did not properly handle certain error conditions, leading to a
NULL pointer dereference. A local attacker could use this to cause a denial
of service (system crash). (CVE-2019-19227)
It was discovered that the KVM hypervisor implementation in the Linux
kernel did not properly handle ioctl requests to get emulated CPUID
features. An attacker with access to /dev/kvm could use this to cause a
denial of service (system crash). (CVE-2019-19332)
It was discovered that the B2C2 FlexCop USB device driver in the Linux
kernel did not properly validate device metadata. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2019-15291)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
linux-image-4.4.0-1065-kvm 4.4.0-1065.72
linux-image-4.4.0-1101-aws 4.4.0-1101.112
linux-image-4.4.0-1128-raspi2 4.4.0-1128.137
linux-image-4.4.0-1132-snapdragon 4.4.0-1132.140
linux-image-4.4.0-173-generic 4.4.0-173.203
linux-image-4.4.0-173-generic-lpae 4.4.0-173.203
linux-image-4.4.0-173-lowlatency 4.4.0-173.203
linux-image-4.4.0-173-powerpc-e500mc 4.4.0-173.203
linux-image-4.4.0-173-powerpc-smp 4.4.0-173.203
linux-image-4.4.0-173-powerpc64-emb 4.4.0-173.203
linux-image-4.4.0-173-powerpc64-smp 4.4.0-173.203
linux-image-aws 4.4.0.1101.105
linux-image-generic 4.4.0.173.181
linux-image-generic-lpae 4.4.0.173.181
linux-image-kvm 4.4.0.1065.65
linux-image-lowlatency 4.4.0.173.181
linux-image-powerpc-e500mc 4.4.0.173.181
linux-image-powerpc-smp 4.4.0.173.181
linux-image-powerpc64-emb 4.4.0.173.181
linux-image-powerpc64-smp 4.4.0.173.181
linux-image-raspi2 4.4.0.1128.128
linux-image-snapdragon 4.4.0.1132.124
linux-image-virtual 4.4.0.173.181
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4254-1
CVE-2019-14615, CVE-2019-15291, CVE-2019-18683, CVE-2019-18885,
CVE-2019-19057, CVE-2019-19062, CVE-2019-19063, CVE-2019-19227,
CVE-2019-19332
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-173.203
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1101.112
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1065.72
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1128.137
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1132.140
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl4vsNgACgkQLwmejQBe
gfSmdQ//W+8rd+72ReHjDH1LKVUq34XSFrH4bIX0uOSxR4Bbi1NS80csCueCloNO
/034+vdfbNSOIc50VAAkwe9hg3KHVe5EIBq0XVaAIvDUIrD7mKLhUxwi6Zt+YcRC
hfOs5ayPKeOjTzbaMgQLGnqma2x9o0T5FFm5ljhtLy4RqKiO4LVv03iAWpwIwIju
jH3dVKIuxyvQILB3mstio4FrKbAkvDD2X/vTBgZkAMmXf+hyWmXefl40M2S3OD+y
apQCE8f0NI7xuJHfl2GqoJKMb35YU1668lrfP7W8v0k2b805U3ROs/W6ZqyyzSJk
rdcQVUWicazl6z66/LwPCdR3WJNd18TNbOQ8iMy31s7WZdoPvSu6E6KBtJuRyk8n
bTFsKqWoIrJ8jL5r8rUfqyZI3M2ce4xKhXT/IfK5AG+L2QHvESo9EhKR2Swkji/b
G3M1vktLJzjXJSGYqzOi8i0LP7Z3nGIeHJZx7v314SmMOzET4EiGh26dS0JJhnmu
hdOBr1Mc1SvJHSY083TU0+OeMppyAdBbj2Qd6uO4wBBQsY5eFefT1vWwAwhy0vak
LVs+hif9k1LDozUr+CAJANC9Mn6PMWR+G+vmA35dL/MkWBPjrbKXusLIl0UYT2gr
/BpV/m/aDzowvmacAh7b/eVjIvkECEsyhSPH0G2+uGpEY+OuJEE=
=NY1Z
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-4253-1
January 28, 2020
linux, linux-aws vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 19.10
Summary:
The Linux kernel could be made to expose sensitive information.
Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
Details:
It was discovered that the Linux kernel did not properly clear data
structures on context switches for certain Intel graphics processors. A
local attacker could use this to expose sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.10:
linux-image-5.3.0-1010-aws 5.3.0-1010.11
linux-image-5.3.0-29-generic 5.3.0-29.31
linux-image-5.3.0-29-generic-lpae 5.3.0-29.31
linux-image-5.3.0-29-lowlatency 5.3.0-29.31
linux-image-5.3.0-29-snapdragon 5.3.0-29.31
linux-image-aws 5.3.0.1010.12
linux-image-generic 5.3.0.29.33
linux-image-generic-lpae 5.3.0.29.33
linux-image-lowlatency 5.3.0.29.33
linux-image-virtual 5.3.0.29.33
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4253-1
CVE-2019-14615
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.3.0-29.31
https://launchpad.net/ubuntu/+source/linux-aws/5.3.0-1010.11
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl4vsB8ACgkQLwmejQBe
gfSQtA//cx1iqvVVZCaVovQYxC95JPADgXeam73ABKLKVaYaJroMJMRzvfOUB4fX
dERqvDIo++nnm6S191C8AiOg+kPguNo6HWjo/hAYpVyTNaJfrQPK83HBY3RSh84y
Niwd9WnXTK5wAw0/tElgMCc7RiaZsx6B0423GAXmCqxyZRGe1VvtswXJGRhJkPuk
IQt4AzvpTJ0uemde0xqcRutiWmMlKJEMhjlQCGU3qvWdHo5CgEv8PkGUVaxKDfug
j8QVeE55hHb+o1hz9XBlpY/o9g8Lmy6CTPWHjr4pAJAVh/f2XkEbQz8ydJdX4TTb
zY7B+ZCOBptdxtnjzT3kQPUGiJN0jTYFAxlzU8bht30sEhS+XNYaSLaooWoRiTd8
xeGpCfgZXIrueCuun6Lgkg9NXY81Z83EKFMd/vYLDn39OnvNkHBFzW4McHGQVajk
+hGQksu9F8fN+ue2Uk3XLF7X8Ok6jiC1oLGukDmRHhxN1hNtXOSlxtXH3LS+hFOM
XGCaShnUP+87BilXAn7jLQC2KhOf5RKYfwcw9tLpgrjs9HlN5aICEH6YxWqyXf7r
THRJFYKmoCLtneXfIEkZyKwVa0fx1MUdQ/DRE6OvvfmVwoYLfn3qW28Wfdppw3mi
87I51pIPLNEjl9G5t0xVgR81eqRYDNflKTiTBP9ly3xAFOnSTVE=
=j5Xs
—–END PGP SIGNATURE—–
—