==========================================================================
Ubuntu Security Notice USN-4254-2
January 29, 2020
linux-lts-xenial, linux-aws vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
USN-4254-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 ESM.
It was discovered that the Linux kernel did not properly clear data
structures on context switches for certain Intel graphics processors. A
local attacker could use this to expose sensitive information.
(CVE-2019-14615)
It was discovered that a race condition existed in the Virtual Video Test
Driver in the Linux kernel. An attacker with write access to /dev/video0 on
a system with the vivid module loaded could possibly use this to gain
administrative privileges. (CVE-2019-18683)
It was discovered that the btrfs file system in the Linux kernel did not
properly validate metadata, leading to a NULL pointer dereference. An
attacker could use this to specially craft a file system image that, when
mounted, could cause a denial of service (system crash). (CVE-2019-18885)
It was discovered that multiple memory leaks existed in the Marvell WiFi-Ex
Driver for the Linux kernel. A local attacker could possibly use this to
cause a denial of service (kernel memory exhaustion). (CVE-2019-19057)
It was discovered that the crypto subsystem in the Linux kernel did not
properly deallocate memory in certain error conditions. A local attacker
could use this to cause a denial of service (kernel memory exhaustion).
(CVE-2019-19062)
It was discovered that the Realtek rtlwifi USB device driver in the Linux
kernel did not properly deallocate memory in certain error conditions. A
local attacker could possibly use this to cause a denial of service (kernel
memory exhaustion). (CVE-2019-19063)
Dan Carpenter discovered that the AppleTalk networking subsystem of the
Linux kernel did not properly handle certain error conditions, leading to a
NULL pointer dereference. A local attacker could use this to cause a denial
of service (system crash). (CVE-2019-19227)
It was discovered that the KVM hypervisor implementation in the Linux
kernel did not properly handle ioctl requests to get emulated CPUID
features. An attacker with access to /dev/kvm could use this to cause a
denial of service (system crash). (CVE-2019-19332)
It was discovered that the B2C2 FlexCop USB device driver in the Linux
kernel did not properly validate device metadata. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2019-15291)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
linux-image-4.4.0-1061-aws 4.4.0-1061.65
linux-image-4.4.0-173-generic 4.4.0-173.203~14.04.1
linux-image-4.4.0-173-generic-lpae 4.4.0-173.203~14.04.1
linux-image-4.4.0-173-lowlatency 4.4.0-173.203~14.04.1
linux-image-4.4.0-173-powerpc-e500mc 4.4.0-173.203~14.04.1
linux-image-4.4.0-173-powerpc-smp 4.4.0-173.203~14.04.1
linux-image-4.4.0-173-powerpc64-emb 4.4.0-173.203~14.04.1
linux-image-4.4.0-173-powerpc64-smp 4.4.0-173.203~14.04.1
linux-image-aws 4.4.0.1061.62
linux-image-generic-lpae-lts-xenial 4.4.0.173.152
linux-image-generic-lts-xenial 4.4.0.173.152
linux-image-lowlatency-lts-xenial 4.4.0.173.152
linux-image-powerpc-e500mc-lts-xenial 4.4.0.173.152
linux-image-powerpc-smp-lts-xenial 4.4.0.173.152
linux-image-powerpc64-emb-lts-xenial 4.4.0.173.152
linux-image-powerpc64-smp-lts-xenial 4.4.0.173.152
linux-image-virtual-lts-xenial 4.4.0.173.152
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4254-2
https://usn.ubuntu.com/4254-1
CVE-2019-14615, CVE-2019-15291, CVE-2019-18683, CVE-2019-18885,
CVE-2019-19057, CVE-2019-19062, CVE-2019-19063, CVE-2019-19227,
CVE-2019-19332
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl4w2bUACgkQLwmejQBe
gfQvyQ//bjoBtpM/ozYp8IsZBjMI9IzgVtAArnnaeUyyn9EqiyntZecnT9qJm9Wm
4ptC5/cuDGYF2IWo18fCRxnnXUGfeJAWkqeou/Ia7dbj7XSlL3jFTVStuhVGQYTE
zjwNShhrsF2rJQ+UB4jqGW5HTEHiFfuw+DOM32KWO9w2UZahu0ADOTvYPGZ3kOGU
+Lb+i/ZKhKtiaMZkUReKDIrp/8egiWnJRIXuC8pp+ai62/nzIM5lJxfj8WcnXj8h
W/mVv2cFmbal9+GJ6WRmuMIjCChM743k7TM1FXkcfC+A8e+qfVXy8Y69mJUadTwM
QqzGzCQ2JnjNFmNvkqfCcaJaV3VojRExCH5pXgJ32yNgDg3o/+mRJcx2x0bKatMQ
ubXjfB7g2PVFkLMCKCoU7DEg1Uy7NP5Cx+FX/jwElM13RNr7mzOtY+9urFeQ7Csu
j7AngvhmvykOLeAee9LbeQ3UCePmIlC+yamBFbaZDoi5xJjoRNTGu9G1C6qMj/1J
Z4bFN3kniD+izbMlazjiw4h87eRdNuVZBJGYyMxDY50a+XTkTv8c4NCVDJSAP6k5
kiPcAH2Z6VkFjMf6XMN7dZ4fwRKUGul3C4BGxtobCYMzAwf58vrFXmtSB9PIdgmi
e6ji/qrJtdrQoJfvJx1v6Cms5TSqJhubjkSV0Atb05/05GYZLmE=
=CNCi
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-4258-1
January 29, 2020
linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-oracle-5.0 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
– linux-aws-5.0: Linux kernel for Amazon Web Services (AWS) systems
– linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
– linux-gke-5.0: Linux kernel for Google Container Engine (GKE) systems
– linux-oracle-5.0: Linux kernel for Oracle Cloud systems
Details:
It was discovered that the Atheros 802.11ac wireless USB device driver in
the Linux kernel did not properly validate device metadata. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2019-15099)
It was discovered that a race condition existed in the Virtual Video Test
Driver in the Linux kernel. An attacker with write access to /dev/video0 on
a system with the vivid module loaded could possibly use this to gain
administrative privileges. (CVE-2019-18683)
It was discovered that the btrfs file system in the Linux kernel did not
properly validate metadata, leading to a NULL pointer dereference. An
attacker could use this to specially craft a file system image that, when
mounted, could cause a denial of service (system crash). (CVE-2019-18885)
It was discovered that the crypto subsystem in the Linux kernel did not
properly deallocate memory in certain error conditions. A local attacker
could use this to cause a denial of service (kernel memory exhaustion).
(CVE-2019-19050, CVE-2019-19062)
It was discovered that the RSI 91x WLAN device driver in the Linux kernel
did not properly deallocate memory in certain error conditions. A local
attacker could use this to cause a denial of service (kernel memory
exhaustion). (CVE-2019-19071)
It was discovered that the Broadcom Netxtreme HCA device driver in the
Linux kernel did not properly deallocate memory in certain error
conditions. A local attacker could possibly use this to cause a denial of
service (kernel memory exhaustion). (CVE-2019-19077)
It was discovered that the Atheros 802.11ac wireless USB device driver in
the Linux kernel did not properly deallocate memory in certain error
conditions. A local attacker could possibly use this to cause a denial of
service (kernel memory exhaustion). (CVE-2019-19078)
It was discovered that the Qualcomm IPC Router TUN device driver in the
Linux kernel did not properly deallocate memory in certain situations. A
local attacker could possibly use this to cause a denial of service (kernel
memory exhaustion). (CVE-2019-19079)
It was discovered that the AMD GPU device drivers in the Linux kernel did
not properly deallocate memory in certain error conditions. A local
attacker could use this to possibly cause a denial of service (kernel
memory exhaustion). (CVE-2019-19082)
Dan Carpenter discovered that the AppleTalk networking subsystem of the
Linux kernel did not properly handle certain error conditions, leading to a
NULL pointer dereference. A local attacker could use this to cause a denial
of service (system crash). (CVE-2019-19227)
Or Cohen discovered that the virtual console subsystem in the Linux kernel
did not properly restrict writes to unimplemented vcsu (unicode) devices. A
local attacker could possibly use this to cause a denial of service (system
crash) or have other unspecified impacts. (CVE-2019-19252)
It was discovered that the KVM hypervisor implementation in the Linux
kernel did not properly handle ioctl requests to get emulated CPUID
features. An attacker with access to /dev/kvm could use this to cause a
denial of service (system crash). (CVE-2019-19332)
It was discovered that the ext4 file system implementation in the Linux
kernel did not properly handle certain conditions. An attacker could use
this to specially craft an ext4 file system that, when mounted, could cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2019-19767)
It was discovered that the B2C2 FlexCop USB device driver in the Linux
kernel did not properly validate device metadata. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2019-15291)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
linux-image-5.0.0-1010-oracle 5.0.0-1010.15~18.04.1
linux-image-5.0.0-1024-aws 5.0.0-1024.27~18.04.1
linux-image-5.0.0-1029-gcp 5.0.0-1029.30~18.04.1
linux-image-5.0.0-1029-gke 5.0.0-1029.30~18.04.1
linux-image-aws-edge 5.0.0.1024.38
linux-image-gcp 5.0.0.1029.33
linux-image-gke-5.0 5.0.0.1029.17
linux-image-oracle-edge 5.0.0.1010.9
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4258-1
CVE-2019-15099, CVE-2019-15291, CVE-2019-18683, CVE-2019-18885,
CVE-2019-19050, CVE-2019-19062, CVE-2019-19071, CVE-2019-19077,
CVE-2019-19078, CVE-2019-19079, CVE-2019-19082, CVE-2019-19227,
CVE-2019-19252, CVE-2019-19332, CVE-2019-19767
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-5.0/5.0.0-1024.27~18.04.1
https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1029.30~18.04.1
https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1029.30~18.04.1
https://launchpad.net/ubuntu/+source/linux-oracle-5.0/5.0.0-1010.15~18.04.1
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl4w2Q4ACgkQLwmejQBe
gfQMQQ/8D+TF25ljSriUGnmhclzYjwHxwAFpHJQXzD9TqW5pFrEbKGiUFEudSr2y
IjFAk1ngpkQHqEJ27TKU5sPHUEYd3ZZ8pZUPss2XgdVaHJGSiQZe0dqqOi4eWg5C
o7rrIiV2P62xajQWhZaLK3X/DDdQ9GmBmHWRUASsubuvm2mabDwjBP4S9qNtsfSj
kjow6rhxEfToeNFnssvUKpyf7HNs20RUkNWfHg3favntXho7QYZ+yC1bkqHSVFCb
keIiPr16kY2CdGkIj25hEq8AsKNy8or1/QUpEQ2BGR93cOQ5Q7B1vBcQuFdN+BMQ
Nub3FB3GE+WdJ7CEtXsXow7kyItBDPZkx8Yz+nSXilT9hcnnc5LGHAl2/vAwCXSd
EcjcFsufx8wT0CCurNsAkUaO0TQfXWhfIT8rfLBJ3zUlLYS4y/rUWYFY90yY64By
Dx5UNrQBX4494CtxWG2DmYeS/LrBuYzenkmv39XUVCs9I81AMSGRGuASs5n84wz4
YwMSpdmk1oyw5bCemepRlxn6NH0YjM6YTNWTi9/uTRVhIVbHM9JcFY6oBabuKOFT
oYdCt9kaXmCbVyi6kapdyQ430PCPOe7GI0IscMwtv69m3JA1yVy1FVR61VxG3rQh
dCeziTDXiOTgWXnNzB4SoN6xOGdmOPeMzQ5N0Z1hd3iHHxjVp/U=
=okwn
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-4253-2
January 28, 2020
linux-hwe vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.04 LTS
Summary:
he Linux kernel could be made to expose sensitive information.
Software Description:
– linux-hwe: Linux hardware enablement (HWE) kernel
Details:
USN-4253-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.10.
This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 19.10 for Ubuntu
18.04 LTS.
It was discovered that the Linux kernel did not properly clear data
structures on context switches for certain Intel graphics processors. A
local attacker could use this to expose sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
linux-image-5.3.0-28-generic 5.3.0-28.30~18.04.1
linux-image-5.3.0-28-generic-lpae 5.3.0-28.30~18.04.1
linux-image-5.3.0-28-lowlatency 5.3.0-28.30~18.04.1
linux-image-generic-hwe-18.04 5.3.0.28.96
linux-image-generic-lpae-hwe-18.04 5.3.0.28.96
linux-image-lowlatency-hwe-18.04 5.3.0.28.96
linux-image-snapdragon-hwe-18.04 5.3.0.28.96
linux-image-virtual-hwe-18.04 5.3.0.28.96
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4253-2
https://usn.ubuntu.com/4253-1
CVE-2019-14615
Package Information:
https://launchpad.net/ubuntu/+source/linux-hwe/5.3.0-28.30~18.04.1
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl4w2P0ACgkQLwmejQBe
gfQFnBAAlorIjiTvJWvzoATM/Ro2j8daM9w17Te5gmIkfT9P7PbcWb2N/B4/wQx0
BSeyLaUUAj01FeTlNMUboNB5nak/Scj9U1gyv6NMDqGDR4mwcvPZZY1R48tF7R+t
RlAaL7107ZkSU3allm7iBHwVZ9Hr4181uLvktIXVfotI3+SQmoG+Dpfum//sOngT
cpXNtHdCKNp2yGVRfHut0YZivdsR/q+T1r6i0omz719+rTbLgXhKSi9lgTvyJ2ue
IHnSMHfE4+Asi7FvsKqyoPF/4lIsfzbNDY5NGUA/3F3Z34TWnK83JKoTPbqWXBhs
Y06G06wdojmqWpQ35E6sKOo2pCxrrty9uSJOSiqOl6j/pKfeg2fOeaMU9etDjo3l
ivH5v/+2Ce6O8YuHrYZ87SSqVZzCPrhS2bE68IooHAvj4ubezRcyhaVQG4+voI8Z
fpCq93TiJcgr5zYOuXedhHIW5JWYl96SK86WjsIGGsRkm6XGzMhiUe5HMAdTu24z
1ztcecLWCCuw+fARSjlYdzydiC0ivAjtdZiVN5YQliE+3CZkLkzMf6TfLqu3dySd
qV/gUm2KRlLuXEYW/21F5di/enEDFQcZzvpRJAu6cJa6Wqgr1wFnyYMZu2krMY3w
1s+19EnGC3qZhMbaxz/0/BYIzMH2JiDGG/zVhaZiZ6ttMm3WJXs=
=gCqg
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-4255-2
January 28, 2020
linux-hwe, linux-aws-hwe vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
– linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
– linux-hwe: Linux hardware enablement (HWE) kernel
Details:
USN-4255-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu
16.04 LTS.
It was discovered that the Linux kernel did not properly clear data
structures on context switches for certain Intel graphics processors. A
local attacker could use this to expose sensitive information.
(CVE-2019-14615)
It was discovered that a race condition can lead to a use-after-free while
destroying GEM contexts in the i915 driver for the Linux kernel. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-7053)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
linux-image-4.15.0-1058-aws 4.15.0-1058.60~16.04.1
linux-image-4.15.0-76-generic 4.15.0-76.86~16.04.1
linux-image-4.15.0-76-generic-lpae 4.15.0-76.86~16.04.1
linux-image-4.15.0-76-lowlatency 4.15.0-76.86~16.04.1
linux-image-aws-hwe 4.15.0.1058.58
linux-image-generic-hwe-16.04 4.15.0.76.96
linux-image-generic-lpae-hwe-16.04 4.15.0.76.96
linux-image-lowlatency-hwe-16.04 4.15.0.76.96
linux-image-oem 4.15.0.76.96
linux-image-virtual-hwe-16.04 4.15.0.76.96
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4255-2
https://usn.ubuntu.com/4255-1
CVE-2019-14615, CVE-2020-7053
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1058.60~16.04.1
https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-76.86~16.04.1
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl4w2OUACgkQLwmejQBe
gfTqYA//ZYNlKxGgieF8jqABYKYQZP+zOTKiTQu/ZCCHIuNioYvvdj5vafLs9f3S
h7oyV5fnQyACE7prUVVQQHUgjhtghULwnhI7KcUDZGEOaH5wcW83uue4R2aHbxiE
G4l27iYJpAnc/GG3xjZpKCfUl/4B1MvEQrdj2niYmJ/5WnMCHXpODC7yM/7WKbIW
zSOT/rpQXisMnZRMxs0tCOA8hUtUXgU8fX1IDcSt5fZ8OX5DTsTx4l7RK8/9B8pp
TUHO35iegU/zF3rKjk/hfh4kdVHCY/p58/sBBOR2jI1F1CZ3lMKyeNhZA50IeAc2
wwEz58AlgX5Q9UYOCu9+qFJBX3P3yl92YQEqheUKw+zR9+CvKZHUpmKzIsB0t1Yn
joDmKAAPzjUjrAiVmCq89wz99w/P9PsD9XcECWhQMds09B6NVlLivXpRhGVcdeIy
0LGLHU1ZzwcCMqshWivNmVebZli7WgrHpLKSt1vSn32UGeIUxZkn9qhsCp0T7cmA
wG85APNSTA+YmrSYFfYLSysO7/CLdpVm3J+jL3Xwb8bt0FrDK8S546Gxw90h8LzF
Wywl2wQ9WsXoiESJ5k8hopXi1HIO81hlDwjQcX/OYGcpVh2FbyYzi6K0uEuNtaNt
+ewNfuP6bib5yfj6FdGucXGKw1NKvpKYQjTmbfIuN8ToAv/YjKg=
=Ugl4
—–END PGP SIGNATURE—–
—