You are here
Home > Preporuke > Sigurnosni nedostaci jezgre operacijskog sustava

Sigurnosni nedostaci jezgre operacijskog sustava

==========================================================================
Ubuntu Security Notice USN-4302-1
March 17, 2020

linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gke-4.15, linux-hwe,
linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-gke-4.15: Linux kernel for Google Container Engine (GKE) systems
– linux-kvm: Linux kernel for cloud environments
– linux-raspi2: Linux kernel for Raspberry Pi 2
– linux-snapdragon: Linux kernel for Snapdragon processors
– linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
– linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
– linux-hwe: Linux hardware enablement (HWE) kernel

Details:

Paulo Bonzini discovered that the KVM hypervisor implementation in the
Linux kernel could improperly let a nested (level 2) guest access the
resources of a parent (level 1) guest in certain situations. An attacker
could use this to expose sensitive information. (CVE-2020-2732)

Gregory Herrero discovered that the fix for CVE-2019-14615 to address the
Linux kernel not properly clearing data structures on context switches for
certain Intel graphics processors was incomplete. A local attacker could
use this to expose sensitive information. (CVE-2020-8832)

It was discovered that the IPMI message handler implementation in the Linux
kernel did not properly deallocate memory in certain situations. A local
attacker could use this to cause a denial of service (kernel memory
exhaustion). (CVE-2019-19046)

It was discovered that the Intel WiMAX 2400 driver in the Linux kernel did
not properly deallocate memory in certain situations. A local attacker
could use this to cause a denial of service (kernel memory exhaustion).
(CVE-2019-19051)

It was discovered that the Marvell Wi-Fi device driver in the Linux kernel
did not properly deallocate memory in certain error conditions. A local
attacker could use this to possibly cause a denial of service (kernel
memory exhaustion). (CVE-2019-19056)

It was discovered that the Intel(R) Wi-Fi device driver in the Linux kernel
device driver in the Linux kernel did not properly deallocate memory in
certain error conditions. A local attacker could possibly use this to cause
a denial of service (kernel memory exhaustion). (CVE-2019-19058)

It was discovered that the Brocade BFA Fibre Channel device driver in the
Linux kernel did not properly deallocate memory in certain error
conditions. A local attacker could possibly use this to cause a denial of
service (kernel memory exhaustion). (CVE-2019-19066)

It was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in the
Linux kernel did not properly deallocate memory in certain error
conditions. A local attacker could possibly use this to cause a denial of
service (kernel memory exhaustion). (CVE-2019-19068)

It was discovered that ZR364XX Camera USB device driver for the Linux
kernel did not properly initialize memory. A physically proximate attacker
could use this to cause a denial of service (system crash).
(CVE-2019-15217)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
linux-image-4.15.0-1055-gke 4.15.0-1055.58
linux-image-4.15.0-1056-kvm 4.15.0-1056.57
linux-image-4.15.0-1057-raspi2 4.15.0-1057.61
linux-image-4.15.0-1063-aws 4.15.0-1063.67
linux-image-4.15.0-1074-snapdragon 4.15.0-1074.81
linux-image-4.15.0-91-generic 4.15.0-91.92
linux-image-4.15.0-91-generic-lpae 4.15.0-91.92
linux-image-4.15.0-91-lowlatency 4.15.0-91.92
linux-image-aws 4.15.0.1063.64
linux-image-aws-lts-18.04 4.15.0.1063.64
linux-image-generic 4.15.0.91.83
linux-image-generic-lpae 4.15.0.91.83
linux-image-gke 4.15.0.1055.59
linux-image-gke-4.15 4.15.0.1055.59
linux-image-kvm 4.15.0.1056.56
linux-image-lowlatency 4.15.0.91.83
linux-image-powerpc-e500mc 4.15.0.91.83
linux-image-powerpc-smp 4.15.0.91.83
linux-image-powerpc64-emb 4.15.0.91.83
linux-image-powerpc64-smp 4.15.0.91.83
linux-image-raspi2 4.15.0.1057.55
linux-image-snapdragon 4.15.0.1074.77
linux-image-virtual 4.15.0.91.83

Ubuntu 16.04 LTS:
linux-image-4.15.0-1058-gcp 4.15.0-1058.62
linux-image-4.15.0-1063-aws 4.15.0-1063.67~16.04.1
linux-image-4.15.0-91-generic 4.15.0-91.92~16.04.1
linux-image-4.15.0-91-generic-lpae 4.15.0-91.92~16.04.1
linux-image-4.15.0-91-lowlatency 4.15.0-91.92~16.04.1
linux-image-aws-hwe 4.15.0.1063.63
linux-image-gcp 4.15.0.1058.72
linux-image-generic-hwe-16.04 4.15.0.91.101
linux-image-generic-lpae-hwe-16.04 4.15.0.91.101
linux-image-gke 4.15.0.1058.72
linux-image-lowlatency-hwe-16.04 4.15.0.91.101
linux-image-oem 4.15.0.91.101
linux-image-virtual-hwe-16.04 4.15.0.91.101

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4302-1
CVE-2019-15217, CVE-2019-19046, CVE-2019-19051, CVE-2019-19056,
CVE-2019-19058, CVE-2019-19066, CVE-2019-19068, CVE-2020-2732,
CVE-2020-8832

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.15.0-91.92
https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1063.67
https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1055.58
https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1056.57
https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1057.61
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1074.81
https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1063.67~16.04.1
https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1058.62
https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-91.92~16.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl5wM8gACgkQLwmejQBe
gfSpfxAAokZJ4BHGYQF7lPs3n6HBG5Qw6TPtfhwPBLk5M279LaZR0woI5uHqSnqd
eiauGluhqY/ah8zGRMxRnStAoTUQTQzkL7M2ksfvp9I8inFwu7mwl6N5YmVWOGlW
2JrmO5JWbCrR2orpM9g+KEZOfUgohoQtya35jh3Qz7lZV3FcNzBbm2s3wRBcTyks
/pBKq/0gB3yYE05SKoWxs+v2fZ9ZIZanWLUz4XrkblQ7LotBYTZ7UGp9iGyeIinh
RiIpY4pnAtfawJ69m1mslKlDyqdfXsX9g7WrL3j11a8nDOa1vQNfKc0N8YvMwFoZ
mq6ov2a/GV2lpVN9mqQHL5fSug0hXH3HM8AbNQ8aYm+73wYzk1bVUO+pQ5M4A5eh
Ik0Eyclt8IBFBnBB/NftpK7ee2xWKd1ljxpkIjE6OdIhLjoS7M1d2kp5+mjPJCPn
UQ9qSbb9ke9APbiT24cM/JPab7tyeow3nkstDPkyoRxfLlCz7pxwMrdD/PYcr/hG
hCetGiuLMhTzTGC5hlx9VlGE+ZS3l6apTRHvk1TJnow7EbVkFVzy26AaK6rGdzWi
MOEBKol5I7ipP5YyaQKc3gCQJYbbfubXsDBTXlRR9nJkiQOV1h7by1R0o2E38vgk
tdDUyIcmS2ZR+HHhElM+mcWdpss4Dx25LxrX3q4ncMWhdtLhh5Q=
=a7vC
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4303-2
March 17, 2020

linux-lts-xenial, linux-aws vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 ESM

Summary:

The system could be made to expose sensitive information.

Software Description:
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

USN-4303-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 ESM.

Paulo Bonzini discovered that the KVM hypervisor implementation in the
Linux kernel could improperly let a nested (level 2) guest access the
resources of a parent (level 1) guest in certain situations. An attacker
could use this to expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
linux-image-4.4.0-1064-aws 4.4.0-1064.68
linux-image-4.4.0-176-generic 4.4.0-176.206~14.04.1
linux-image-4.4.0-176-generic-lpae 4.4.0-176.206~14.04.1
linux-image-4.4.0-176-lowlatency 4.4.0-176.206~14.04.1
linux-image-4.4.0-176-powerpc-e500mc 4.4.0-176.206~14.04.1
linux-image-4.4.0-176-powerpc-smp 4.4.0-176.206~14.04.1
linux-image-4.4.0-176-powerpc64-emb 4.4.0-176.206~14.04.1
linux-image-4.4.0-176-powerpc64-smp 4.4.0-176.206~14.04.1
linux-image-aws 4.4.0.1064.65
linux-image-generic-lpae-lts-xenial 4.4.0.176.155
linux-image-generic-lts-xenial 4.4.0.176.155
linux-image-lowlatency-lts-xenial 4.4.0.176.155
linux-image-powerpc-e500mc-lts-xenial 4.4.0.176.155
linux-image-powerpc-smp-lts-xenial 4.4.0.176.155
linux-image-powerpc64-emb-lts-xenial 4.4.0.176.155
linux-image-powerpc64-smp-lts-xenial 4.4.0.176.155
linux-image-virtual-lts-xenial 4.4.0.176.155

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4303-2
https://usn.ubuntu.com/4303-1
CVE-2020-2732

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl5wM+EACgkQLwmejQBe
gfSjTQ//do2PumwBFkStLgCaDmLjuDox5v1aVydGaQv53g458DbX+WsfZ53CDcM4
6mdVHQNneyq9y4s5k5B1km+m8JvE6Bu+Dqt6wcHxNDJSpJcR7FEV1FhlDtGVZQp5
T6BYLXCTc0nE/znyEVpVYWiS+7Eh9Eo75OchxNMPmkJ6p5kBCXgAK2C6RevXTBv4
RpuMbaYdBWkb4wAL2ggNDSZBKi3EEl31j4rQp8KgWWlPo0NC+c+2UEw3NW01gV1e
DJuqMW31ONsLVqZwVnWS+nqwBtOuMDyPl0dxBRSvZe2Z8Ie2e5izP4/gpM3ygf3h
vn6Q4Yu3Da1LwpWeaJartW0S5z4ydbJ2xnsedNgvZrN5dT8++FS10a7mKzSRHqo/
c34yAqTIkfoqx3L7ORfQ6fobkMEnNXosicGJxShjdQ6iee5BXCtJeSHrNDxIqKfv
PehbZ+WaUDNP0ZWZbIvBsLqelfxDtRLXACeJf+gCb5T5TORICLyossbYZILMv5qw
93G5frucBhW0KSsG9XjAeJWLp1B3WTzRAwl7ZvLhAy+e9nKulUHZcHbsVT0aRbkI
HgEnOI+xRMrDaNK3Lday/MPOAxXqER+M38A4r3aC+ZGlLpcyFR63Pa++BQ6Fx8We
kIUP4ju92tsKb19FF7h6c5060diudYnSryVxSDl0z2aJv9iZMA8=
=vR1N
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4303-1
March 17, 2020

linux, linux-aws, linux-kvm vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

The system could be made to expose sensitive information.

Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-kvm: Linux kernel for cloud environments

Details:

Paulo Bonzini discovered that the KVM hypervisor implementation in the
Linux kernel could improperly let a nested (level 2) guest access the
resources of a parent (level 1) guest in certain situations. An attacker
could use this to expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.4.0-1068-kvm 4.4.0-1068.75
linux-image-4.4.0-1104-aws 4.4.0-1104.115
linux-image-4.4.0-176-generic 4.4.0-176.206
linux-image-4.4.0-176-generic-lpae 4.4.0-176.206
linux-image-4.4.0-176-lowlatency 4.4.0-176.206
linux-image-4.4.0-176-powerpc-e500mc 4.4.0-176.206
linux-image-4.4.0-176-powerpc-smp 4.4.0-176.206
linux-image-4.4.0-176-powerpc64-emb 4.4.0-176.206
linux-image-4.4.0-176-powerpc64-smp 4.4.0-176.206
linux-image-aws 4.4.0.1104.108
linux-image-generic 4.4.0.176.184
linux-image-generic-lpae 4.4.0.176.184
linux-image-kvm 4.4.0.1068.68
linux-image-lowlatency 4.4.0.176.184
linux-image-powerpc-e500mc 4.4.0.176.184
linux-image-powerpc-smp 4.4.0.176.184
linux-image-powerpc64-emb 4.4.0.176.184
linux-image-powerpc64-smp 4.4.0.176.184
linux-image-virtual 4.4.0.176.184

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4303-1
CVE-2020-2732

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-176.206
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1104.115
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1068.75

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl5wM9cACgkQLwmejQBe
gfSjZxAAkf8scXoHmcqNlfohbAbGC8oWQOzqjBfNalqeBTiM9tV1zn2Uk8piEnZK
LkzdPkPSNB8rdqCjzpU5twtCF1OlCieABFVc6kZsKf7qyA87/DiA+NKnUpKKDLZu
fJy8EhQUw6kMHeNnZcYne3YqB+DKMJf38bjjl3mgGz1Fws5gK2ZLGh5EUJGDJb1l
TwW0bCBvZs9NkxMTNtBOS/eFoHI2cBdKI54pAEWBtQCOQDam0/RqVQyLkllnzUpn
cXN8Sw2pvuOHxr9LKss02YOeg57tSMr5aGx5q62t3SHnsDOXLqY2XEEC/CjBigT9
PAw6jyKb7KJwqFEPUYnHudVZmC7aIKzspsiB6fG9oZ13QtZP+0IdwZ+Zr4cKzDFM
NNhtm90cHmA7AupfhS3DrC8zxYitLeGYZ1/8XmJ70gO89hBrIrxki6QwHOkSI58v
ys0fbzBQRZD0D07ZbOhHw12ZDSqX7+uEVRwkPzqbEs/tLUyy6nnOyMD1LApcw5YG
JMfdw2G14sczvlIgLBO04Dr6hYwwbO9wJ39IOVHAVloat/oHAB6OJ3GDmCE6fOCQ
SmMBJtEfxgXGTfkasacdS5UewtNLn1qQVlWLfuDuLwLC6mM9DJQGoAM0euGUa7XA
blFHqec5veDu3SC0mrFwnvmut53quEM3n4xtDmkNGb7P0YgxXfc=
=kEXD
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4300-1
March 16, 2020

linux, linux-aws, linux-gcp, linux-gcp-5.3, linux-gke-5.3, linux-hwe,
linux-kvm, linux-oracle, linux-raspi2, linux-raspi2-5.3 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.10
– Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
– linux-kvm: Linux kernel for cloud environments
– linux-oracle: Linux kernel for Oracle Cloud systems
– linux-raspi2: Linux kernel for Raspberry Pi 2
– linux-gcp-5.3: Linux kernel for Google Cloud Platform (GCP) systems
– linux-gke-5.3: Linux kernel for Google Container Engine (GKE) systems
– linux-hwe: Linux hardware enablement (HWE) kernel
– linux-raspi2-5.3: Linux kernel for Raspberry Pi 2

Details:

It was discovered that the KVM implementation in the Linux kernel, when
paravirtual TLB flushes are enabled in guests, the hypervisor in some
situations could miss deferred TLB flushes or otherwise mishandle them. An
attacker in a guest VM could use this to expose sensitive information (read
memory from another guest VM). (CVE-2019-3016)

Paulo Bonzini discovered that the KVM hypervisor implementation in the
Linux kernel could improperly let a nested (level 2) guest access the
resources of a parent (level 1) guest in certain situations. An attacker
could use this to expose sensitive information. (CVE-2020-2732)

It was discovered that the Afatech AF9005 DVB-T USB device driver in the
Linux kernel did not properly deallocate memory in certain error
conditions. A local attacker could possibly use this to cause a denial of
service (kernel memory exhaustion). (CVE-2019-18809)

It was discovered that the Intel(R) XL710 Ethernet Controller device driver
in the Linux kernel did not properly deallocate memory in certain error
conditions. A local attacker could possibly use this to cause a denial of
service (kernel memory exhaustion). (CVE-2019-19043)

It was discovered that the RPMSG character device interface in the Linux
kernel did not properly deallocate memory in certain error conditions. A
local attacker could possibly use this to cause a denial of service (kernel
memory exhaustion). (CVE-2019-19053)

It was discovered that the Marvell Wi-Fi device driver in the Linux kernel
did not properly deallocate memory in certain error conditions. A local
attacker could use this to possibly cause a denial of service (kernel
memory exhaustion). (CVE-2019-19056)

It was discovered that the Intel(R) Wi-Fi device driver in the Linux kernel
device driver in the Linux kernel did not properly deallocate memory in
certain error conditions. A local attacker could possibly use this to cause
a denial of service (kernel memory exhaustion). (CVE-2019-19058,
CVE-2019-19059)

It was discovered that the Serial Peripheral Interface (SPI) driver in the
Linux kernel device driver in the Linux kernel did not properly deallocate
memory in certain error conditions. A local attacker could possibly use
this to cause a denial of service (kernel memory exhaustion).
(CVE-2019-19064)

It was discovered that the Brocade BFA Fibre Channel device driver in the
Linux kernel did not properly deallocate memory in certain error
conditions. A local attacker could possibly use this to cause a denial of
service (kernel memory exhaustion). (CVE-2019-19066)

It was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in the
Linux kernel did not properly deallocate memory in certain error
conditions. A local attacker could possibly use this to cause a denial of
service (kernel memory exhaustion). (CVE-2019-19068)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
linux-image-5.3.0-1011-oracle 5.3.0-1011.12
linux-image-5.3.0-1012-kvm 5.3.0-1012.13
linux-image-5.3.0-1013-aws 5.3.0-1013.14
linux-image-5.3.0-1014-gcp 5.3.0-1014.15
linux-image-5.3.0-1019-raspi2 5.3.0-1019.21
linux-image-5.3.0-42-generic 5.3.0-42.34
linux-image-5.3.0-42-generic-lpae 5.3.0-42.34
linux-image-5.3.0-42-lowlatency 5.3.0-42.34
linux-image-5.3.0-42-snapdragon 5.3.0-42.34
linux-image-aws 5.3.0.1013.15
linux-image-gcp 5.3.0.1014.15
linux-image-generic 5.3.0.42.36
linux-image-generic-lpae 5.3.0.42.36
linux-image-gke 5.3.0.1014.15
linux-image-kvm 5.3.0.1012.14
linux-image-lowlatency 5.3.0.42.36
linux-image-oracle 5.3.0.1011.12
linux-image-raspi2 5.3.0.1019.16
linux-image-snapdragon 5.3.0.42.36
linux-image-virtual 5.3.0.42.36

Ubuntu 18.04 LTS:
linux-image-5.3.0-1014-gcp 5.3.0-1014.15~18.04.1
linux-image-5.3.0-1014-gke 5.3.0-1014.15~18.04.1
linux-image-5.3.0-1019-raspi2 5.3.0-1019.21~18.04.1
linux-image-5.3.0-42-generic 5.3.0-42.34~18.04.1
linux-image-5.3.0-42-generic-lpae 5.3.0-42.34~18.04.1
linux-image-5.3.0-42-lowlatency 5.3.0-42.34~18.04.1
linux-image-gcp-edge 5.3.0.1014.13
linux-image-generic-hwe-18.04 5.3.0.42.99
linux-image-generic-lpae-hwe-18.04 5.3.0.42.99
linux-image-gke-5.3 5.3.0.1014.4
linux-image-lowlatency-hwe-18.04 5.3.0.42.99
linux-image-raspi2-hwe-18.04 5.3.0.1019.8
linux-image-snapdragon-hwe-18.04 5.3.0.42.99
linux-image-virtual-hwe-18.04 5.3.0.42.99

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4300-1
CVE-2019-18809, CVE-2019-19043, CVE-2019-19053, CVE-2019-19056,
CVE-2019-19058, CVE-2019-19059, CVE-2019-19064, CVE-2019-19066,
CVE-2019-19068, CVE-2019-3016, CVE-2020-2732

Package Information:
https://launchpad.net/ubuntu/+source/linux/5.3.0-42.34
https://launchpad.net/ubuntu/+source/linux-aws/5.3.0-1013.14
https://launchpad.net/ubuntu/+source/linux-gcp/5.3.0-1014.15
https://launchpad.net/ubuntu/+source/linux-kvm/5.3.0-1012.13
https://launchpad.net/ubuntu/+source/linux-oracle/5.3.0-1011.12
https://launchpad.net/ubuntu/+source/linux-raspi2/5.3.0-1019.21
https://launchpad.net/ubuntu/+source/linux-gcp-5.3/5.3.0-1014.15~18.04.1
https://launchpad.net/ubuntu/+source/linux-gke-5.3/5.3.0-1014.15~18.04.1
https://launchpad.net/ubuntu/+source/linux-hwe/5.3.0-42.34~18.04.1
https://launchpad.net/ubuntu/+source/linux-raspi2-5.3/5.3.0-1019.21~18.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl5wM6sACgkQLwmejQBe
gfQzphAAsqrrU25OkiRxTMyssbA823HZwycunGsWiEnDuglnyH4YhE1UCYhmReQL
FjtTh6l4JUb3n7a+b23aKc6KNoSoR3gFxw/aO8jM3eLu1GuZEiSE61LMp+Zs+F64
TgyLOVUoRnldxZEd1qcRr7nRzdKxT2nETD86GFWy58KlZ7K9QFFLMKEh4sv68k/S
ILB7xMGt3OBu1izJHfKEb6G0mIT5gBXem4tbHUzpeND4oyNTSXBAa96/m4CJIW3y
Ojc1A4gz96O54UUV87UYp0+BtbtKyAhkAPCNkLBRV+JUkhwWiQgCV9Q5P2e7Ytu5
RJwz0iq5GoJebNV7vqDPfTkJYeJIBH2HMuPqdJWFK9gbDFrO2+nhWnFctWT1dhLJ
ac/lyjNerbAFxyCxiw+CNC8pcP2OT6gSn688vT0vaqdzaOMcsdBcX4dHbH5EDCNN
h0ze8XydpL4OImKHg9anZLHmpnt7HBvFNaBkq7vfP6ABaaR2VO9qfYIHwIDMSy4C
NGd1LWANClSdB0Cn5kdvGKiSxOSTwjf3OigMOwNDSaFtF/feIdV0y1FfsZc6fpZW
BGjtdfZx9nbSghRNlT6YDcxngrlb68n7Iu0u3CjwNb39rINZyl1GKN8nq3PIXjBj
2v2JvXbKqXPIrUYCm6GeZ/1o1QiZ4feJJPmQlG7ni3ysKHLTC5M=
=UjhA
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4301-1
March 16, 2020

linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-oracle-5.0 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux-aws-5.0: Linux kernel for Amazon Web Services (AWS) systems
– linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
– linux-gke-5.0: Linux kernel for Google Container Engine (GKE) systems
– linux-oracle-5.0: Linux kernel for Oracle Cloud systems

Details:

It was discovered that the KVM implementation in the Linux kernel, when
paravirtual TLB flushes are enabled in guests, the hypervisor in some
situations could miss deferred TLB flushes or otherwise mishandle them. An
attacker in a guest VM could use this to expose sensitive information (read
memory from another guest VM). (CVE-2019-3016)

Paulo Bonzini discovered that the KVM hypervisor implementation in the
Linux kernel could improperly let a nested (level 2) guest access the
resources of a parent (level 1) guest in certain situations. An attacker
could use this to expose sensitive information. (CVE-2020-2732)

It was discovered that the RPMSG character device interface in the Linux
kernel did not properly deallocate memory in certain error conditions. A
local attacker could possibly use this to cause a denial of service (kernel
memory exhaustion). (CVE-2019-19053)

It was discovered that the Marvell Wi-Fi device driver in the Linux kernel
did not properly deallocate memory in certain error conditions. A local
attacker could use this to possibly cause a denial of service (kernel
memory exhaustion). (CVE-2019-19056)

It was discovered that the Intel(R) Wi-Fi device driver in the Linux kernel
device driver in the Linux kernel did not properly deallocate memory in
certain error conditions. A local attacker could possibly use this to cause
a denial of service (kernel memory exhaustion). (CVE-2019-19058,
CVE-2019-19059)

It was discovered that the Brocade BFA Fibre Channel device driver in the
Linux kernel did not properly deallocate memory in certain error
conditions. A local attacker could possibly use this to cause a denial of
service (kernel memory exhaustion). (CVE-2019-19066)

It was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in the
Linux kernel did not properly deallocate memory in certain error
conditions. A local attacker could possibly use this to cause a denial of
service (kernel memory exhaustion). (CVE-2019-19068)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
linux-image-5.0.0-1013-oracle 5.0.0-1013.18
linux-image-5.0.0-1027-aws 5.0.0-1027.30
linux-image-5.0.0-1032-gke 5.0.0-1032.33
linux-image-5.0.0-1033-gcp 5.0.0-1033.34
linux-image-aws-edge 5.0.0.1027.41
linux-image-gcp 5.0.0.1033.37
linux-image-gke-5.0 5.0.0.1032.20
linux-image-oracle 5.0.0.1013.13

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4301-1
CVE-2019-19053, CVE-2019-19056, CVE-2019-19058, CVE-2019-19059,
CVE-2019-19066, CVE-2019-19068, CVE-2019-3016, CVE-2020-2732

Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-5.0/5.0.0-1027.30
https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1033.34
https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1032.33
https://launchpad.net/ubuntu/+source/linux-oracle-5.0/5.0.0-1013.18

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl5wM7gACgkQLwmejQBe
gfTm1g//REjnKVLqwx2/GrZFC5/O67BekmJSTlYzVYz6m5EgIJfwCADNzG6u28Cp
2oaFmuvUWfxE9qVB5AB5/QLi70hPHKb3afdyv3R5Mh31AhkrzNeV47cVqO9eBNlz
0m8AKZOsNGU7CpQWF4bUeGvkoA/jB2PiDT2XILu8nk4iNzNJh6kDqLDevmuoEHfU
g+CBkj04Bft7SU2VM3MCJgrtShlsQzelQ4AGqMUaT4nW8Tp2n5h7s8Z0sc28MkLN
U66GV5j5ogSgrjXb9EgGqs03QmKaat0mlES/Jn8x4VLSH3j5omSz2v1iANPu+idT
pPUBkeBt/jFDui+BCIZuN0npENtK0V3IRP1PQ4ijdvypA+V5PMPpW5jyXuNi8UIj
zxoq8Q6KZI3a93TVcMfZMbzM1PRH/tQwm/60GEnIxN+1GU0tNdK2UGVvg+XwxT94
+Bg/kltT5C6nEdgIDAtrYysbmpUEcewmsvc8fesZHSPdS6nIpGIK5aZWKwQyqTKT
RxsTWVx8eG1yEAJboJfSnEWqXYo5hOf9KiNrUTLdHyzMvK6gSLAOKur9UYkmzfkE
AdXAMBj8sAyJI9szwvXK2IznXZW5hrzA4KrI7QaDYn4dODCJSLsw9lf559VUzTO6
Xn1D9hNibCSsEErxPVLMC+Y2xMkH/4NVNOub1TFq5sSCg4sVB3I=
=2c8B
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa php-horde-Horde-Form

Otkriven je sigurnosni nedostatak u programskom paketu php-horde-Horde-Form za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje izvršavanje proizvoljnog programskog...

Close