You are here
Home > Preporuke > Sigurnosni nedostaci jezgre operacijskog sustava

Sigurnosni nedostaci jezgre operacijskog sustava

==========================================================================
Ubuntu Security Notice USN-4344-1
April 28, 2020

linux-gke-5.0, linux-oem-osp11 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux-gke-5.0: Linux kernel for Google Container Engine (GKE) systems
– linux-oem-osp1: Linux kernel for OEM processors

Details:

It was discovered that the Intel Wi-Fi driver in the Linux kernel did not
properly check for errors in some situations. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2019-16234)

It was discovered that the Intel WiMAX 2400 driver in the Linux kernel did
not properly deallocate memory in certain situations. A local attacker
could use this to cause a denial of service (kernel memory exhaustion).
(CVE-2019-19051)

Tristan Madani discovered that the block I/O tracing implementation in the
Linux kernel contained a race condition. A local attacker could use this to
cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2019-19768)

It was discovered that the vhost net driver in the Linux kernel contained a
stack buffer overflow. A local attacker with the ability to perform ioctl()
calls on /dev/vhost-net could use this to cause a denial of service (system
crash). (CVE-2020-10942)

It was discovered that the virtual terminal implementation in the Linux
kernel contained a race condition. A local attacker could possibly use this
to cause a denial of service (system crash) or expose sensitive
information. (CVE-2020-8648)

Shijie Luo discovered that the ext4 file system implementation in the Linux
kernel did not properly check for a too-large journal size. An attacker
could use this to construct a malicious ext4 image that, when mounted,
could cause a denial of service (soft lockup). (CVE-2020-8992)

Jordy Zomer discovered that the floppy driver in the Linux kernel did not
properly check for errors in some situations. A local attacker could
possibly use this to cause a denial of service (system crash) or possibly
expose sensitive information. (CVE-2020-9383)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
linux-image-5.0.0-1035-gke 5.0.0-1035.36
linux-image-5.0.0-1050-oem-osp1 5.0.0-1050.55
linux-image-gke-5.0 5.0.0.1035.23
linux-image-oem-osp1 5.0.0.1050.53

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4344-1
CVE-2019-16234, CVE-2019-19051, CVE-2019-19768, CVE-2020-10942,
CVE-2020-8648, CVE-2020-8992, CVE-2020-9383

Package Information:
https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1035.36
https://launchpad.net/ubuntu/+source/linux-oem-osp1/5.0.0-1050.55

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl6oyTUACgkQLwmejQBe
gfT4iA/+LLeQwD3giZdkKppLQdYLjY9Wz7CEcV45ziptlYwFU2DWWxPoa52JwRbj
+J7KTbO9cBUan/nri2YzO0+YSTWYM/L47q9GcgzpNVjQTRXKIe+Uje1w6KRFjlJr
gNJXpV20IMg3M6UPUlgZGHCyxu27aylliDblfNbxoc+dIR6DHuoBvYfn3JuW/4jX
mZAYTty8FXKT6ZY/brRWx2zuXJB0Hc7b5ujBfSHuYzZHg5Qevme+1fKUNYWEVTGO
PkXo1VE74b/rBnNv9KOKKpiYRVNdWyXKiRhmwMF3uNIkBioIRQW+i6MrN4+pIDry
e//cxbmC9sAUiTaR44odVnHVA32vZsVkIaTKJldQ3id2zIanRoBnEsPupoNbt2bV
We7WDQxW9haBD8q/OjG4AXmM0A2UVzFNkpPOR0XkUa28DeVmsk6SDCtC/T1Kjekh
mVRVH0WDeOSgGTYbUnAbt91i8KmqfnObesb9xmqUW3yBvdjGygYEjFQ1UT7wvhT3
T/WzZYLUlphhxQANi07DwDQOIlM0yo5/N8bDDFIB4lAFaisV7q9ptcaNk+DGRHX1
eNsGFFBrDTlv+SS/UFQWORXIGbQJFIc66ndooD8HxYEixPCt2N4j+cyhe+eYVd3m
m4r4jf6nQ0StmLgj8Zthz+km5grm10WKoawEhO69ZLDBDgPLsBA=
=+WGd
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4345-1
April 28, 2020

linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp,
linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle,
linux-raspi2, linux-snapdragon vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-gke-4.15: Linux kernel for Google Container Engine (GKE) systems
– linux-kvm: Linux kernel for cloud environments
– linux-oem: Linux kernel for OEM processors
– linux-oracle: Linux kernel for Oracle Cloud systems
– linux-raspi2: Linux kernel for Raspberry Pi 2
– linux-snapdragon: Linux kernel for Snapdragon processors
– linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
– linux-azure: Linux kernel for Microsoft Azure Cloud systems
– linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
– linux-hwe: Linux hardware enablement (HWE) kernel

Details:

Al Viro discovered that the Linux kernel for s390x systems did not properly
perform page table upgrades for kernel sections that use secondary address
mode. A local attacker could use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2020-11884)

It was discovered that the Intel Wi-Fi driver in the Linux kernel did not
properly check for errors in some situations. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2019-16234)

Tristan Madani discovered that the block I/O tracing implementation in the
Linux kernel contained a race condition. A local attacker could use this to
cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2019-19768)

It was discovered that the vhost net driver in the Linux kernel contained a
stack buffer overflow. A local attacker with the ability to perform ioctl()
calls on /dev/vhost-net could use this to cause a denial of service (system
crash). (CVE-2020-10942)

It was discovered that the OV51x USB Camera device driver in the Linux
kernel did not properly validate device metadata. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2020-11608)

It was discovered that the STV06XX USB Camera device driver in the Linux
kernel did not properly validate device metadata. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2020-11609)

It was discovered that the Xirlink C-It USB Camera device driver in the
Linux kernel did not properly validate device metadata. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2020-11668)

It was discovered that the virtual terminal implementation in the Linux
kernel contained a race condition. A local attacker could possibly use this
to cause a denial of service (system crash) or expose sensitive
information. (CVE-2020-8648)

Jordy Zomer discovered that the floppy driver in the Linux kernel did not
properly check for errors in some situations. A local attacker could
possibly use this to cause a denial of service (system crash) or possibly
expose sensitive information. (CVE-2020-9383)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
linux-image-4.15.0-1038-oracle 4.15.0-1038.42
linux-image-4.15.0-1058-gke 4.15.0-1058.61
linux-image-4.15.0-1059-kvm 4.15.0-1059.60
linux-image-4.15.0-1061-raspi2 4.15.0-1061.65
linux-image-4.15.0-1066-aws 4.15.0-1066.70
linux-image-4.15.0-1077-snapdragon 4.15.0-1077.84
linux-image-4.15.0-1080-oem 4.15.0-1080.90
linux-image-4.15.0-99-generic 4.15.0-99.100
linux-image-4.15.0-99-generic-lpae 4.15.0-99.100
linux-image-4.15.0-99-lowlatency 4.15.0-99.100
linux-image-aws-lts-18.04 4.15.0.1066.69
linux-image-generic 4.15.0.99.89
linux-image-generic-lpae 4.15.0.99.89
linux-image-gke 4.15.0.1058.62
linux-image-gke-4.15 4.15.0.1058.62
linux-image-kvm 4.15.0.1059.59
linux-image-lowlatency 4.15.0.99.89
linux-image-oem 4.15.0.1080.84
linux-image-oracle-lts-18.04 4.15.0.1038.47
linux-image-powerpc-e500mc 4.15.0.99.89
linux-image-powerpc-smp 4.15.0.99.89
linux-image-powerpc64-emb 4.15.0.99.89
linux-image-powerpc64-smp 4.15.0.99.89
linux-image-raspi2 4.15.0.1061.59
linux-image-snapdragon 4.15.0.1077.80
linux-image-virtual 4.15.0.99.89

Ubuntu 16.04 LTS:
linux-image-4.15.0-1038-oracle 4.15.0-1038.42~16.04.1
linux-image-4.15.0-1061-gcp 4.15.0-1061.65
linux-image-4.15.0-1066-aws 4.15.0-1066.70~16.04.1
linux-image-4.15.0-1082-azure 4.15.0-1082.92~16.04.1
linux-image-4.15.0-99-generic 4.15.0-99.100~16.04.1
linux-image-4.15.0-99-generic-lpae 4.15.0-99.100~16.04.1
linux-image-4.15.0-99-lowlatency 4.15.0-99.100~16.04.1
linux-image-aws-hwe 4.15.0.1066.66
linux-image-azure 4.15.0.1082.81
linux-image-azure-edge 4.15.0.1082.81
linux-image-gcp 4.15.0.1061.75
linux-image-generic-hwe-16.04 4.15.0.99.106
linux-image-generic-lpae-hwe-16.04 4.15.0.99.106
linux-image-gke 4.15.0.1061.75
linux-image-lowlatency-hwe-16.04 4.15.0.99.106
linux-image-oem 4.15.0.99.106
linux-image-oracle 4.15.0.1038.31
linux-image-virtual-hwe-16.04 4.15.0.99.106

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4345-1
CVE-2019-16234, CVE-2019-19768, CVE-2020-10942, CVE-2020-11608,
CVE-2020-11609, CVE-2020-11668, CVE-2020-11884, CVE-2020-8648,
CVE-2020-9383

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.15.0-99.100
https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1066.70
https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1058.61
https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1059.60
https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1080.90
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1038.42
https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1061.65
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1077.84
https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1066.70~16.04.1
https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1082.92~16.04.1
https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1061.65
https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-99.100~16.04.1
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1038.42~16.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl6oyVUACgkQLwmejQBe
gfR3VQ/+LaO3/Sq0tC+zvdUthpbyoSSS2n15p5Wj7d1OR0R5ndjud83MeLBO42cs
zhicvQAgEI1IWkK41fL9VAwo+/FllPnMnPxVgwg886HlKcBAPnr1nSE7ggmJXbpv
/CeU7cvcvW8KawPaPASxqZkS1qVGjR1lWIj6iuAZ323uj+SMuk6b/wXRIzBoj3eD
ojnzycofbRXrBjpS5AxIIR4+a8lC8C6qp6jexEciR7Qux6/VX8/2EUeRioz4rnkp
fBcJ6hldbi5mNxrEOJiu10RcbqGxS9Gjr9eHZUaMSd8wYhdjWLFslfbRM9AfJyG8
+x6NomxQf1RcQqbqtbmt88pVqcsV6SJeLVCE2InnUekVYI9zXi95M5BvoKQlq5QL
TsAw6owSzyv4NFAb1Djc81bCpJH/fHbDWHqViuHyKqrqvTgZa6cCZrcTJvBHG5sL
w2RVuC+yat6dRjSCU0XszmIYXzJJMnoqKXKaE66tAI94YhBNO1Ze78/8IYuff3it
+kA1S+LW9AsKRYRb0JYa1OSDP7ymNflPUCynmO+BsANeS2l1e5zNpfXQVrlu87q/
dw//aWHElIiqCcC9GhPR67+om4uPoTIqgu38ItU1k0CsP9qKrWRkOXnVahLmqv3N
j6ZCIRWufvpkBKHc3HBvA2e/XRaTtrLO7zz6i5u2MVvETg7GzYs=
=teC8
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4346-1
April 29, 2020

linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2,
linux-snapdragon vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS
– Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-kvm: Linux kernel for cloud environments
– linux-raspi2: Linux kernel for Raspberry Pi 2
– linux-snapdragon: Linux kernel for Snapdragon processors
– linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

It was discovered that the QLogic Fibre Channel driver in the Linux kernel
did not properly check for error, leading to a NULL pointer dereference. A
local attacker could possibly use this to cause a denial of service (system
crash). (CVE-2019-16233)

It was discovered that the Intel Wi-Fi driver in the Linux kernel did not
properly check for errors in some situations. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2019-16234)

Tristan Madani discovered that the block I/O tracing implementation in the
Linux kernel contained a race condition. A local attacker could use this to
cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2019-19768)

It was discovered that the virtual terminal implementation in the Linux
kernel contained a race condition. A local attacker could possibly use this
to cause a denial of service (system crash) or expose sensitive
information. (CVE-2020-8648)

Jordy Zomer discovered that the floppy driver in the Linux kernel did not
properly check for errors in some situations. A local attacker could
possibly use this to cause a denial of service (system crash) or possibly
expose sensitive information. (CVE-2020-9383)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.4.0-1070-kvm 4.4.0-1070.77
linux-image-4.4.0-1106-aws 4.4.0-1106.117
linux-image-4.4.0-1132-raspi2 4.4.0-1132.141
linux-image-4.4.0-1136-snapdragon 4.4.0-1136.144
linux-image-4.4.0-178-generic 4.4.0-178.208
linux-image-4.4.0-178-generic-lpae 4.4.0-178.208
linux-image-4.4.0-178-lowlatency 4.4.0-178.208
linux-image-4.4.0-178-powerpc-e500mc 4.4.0-178.208
linux-image-4.4.0-178-powerpc-smp 4.4.0-178.208
linux-image-4.4.0-178-powerpc64-emb 4.4.0-178.208
linux-image-4.4.0-178-powerpc64-smp 4.4.0-178.208
linux-image-aws 4.4.0.1106.110
linux-image-generic 4.4.0.178.186
linux-image-generic-lpae 4.4.0.178.186
linux-image-kvm 4.4.0.1070.70
linux-image-lowlatency 4.4.0.178.186
linux-image-powerpc-e500mc 4.4.0.178.186
linux-image-powerpc-smp 4.4.0.178.186
linux-image-powerpc64-emb 4.4.0.178.186
linux-image-powerpc64-smp 4.4.0.178.186
linux-image-raspi2 4.4.0.1132.132
linux-image-snapdragon 4.4.0.1136.128
linux-image-virtual 4.4.0.178.186

Ubuntu 14.04 ESM:
linux-image-4.4.0-1066-aws 4.4.0-1066.70
linux-image-4.4.0-178-generic 4.4.0-178.208~14.04.1
linux-image-4.4.0-178-lowlatency 4.4.0-178.208~14.04.1
linux-image-aws 4.4.0.1066.67
linux-image-generic-lts-xenial 4.4.0.178.157
linux-image-lowlatency-lts-xenial 4.4.0.178.157
linux-image-virtual-lts-xenial 4.4.0.178.157

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4346-1
CVE-2019-16233, CVE-2019-16234, CVE-2019-19768, CVE-2020-8648,
CVE-2020-9383

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-178.208
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1106.117
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1070.77
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1132.141
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1136.144

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl6oyWcACgkQLwmejQBe
gfTUHw//fPj9bPzXEsb8BVSxo1B64PBIAI3LUFTD9dV+WfYFJqU3AccBqpDtWJzo
9GLwWwoYzPu4hM3xbZ1ta++J3SmiNoMpbyqIuNGgl2pAPicRdoDOoQeO/XT1Is+o
kcCK5iQP+YyrlZizf0jdkF3oZClC6J/Ni7s1pczA+PyzQC043dIxJELkuXlGc1jX
vCzOBulSkrPi8ZnD1w/2SeCpdL+FPQOxrKs+l0Pnk06HtCyWgvu6PbAaoAeg2W9s
Su/zNYe0R0g6rmCdhN7Z/mjNzKcY2vecg7LWo0dkPdkFh04cZWReZNYQYGwFHyve
ALU8OiaeYiTCI3rCSa+0JaBUiahpHHYwbhPidZ3kjdexA258CqkZ67G9hEEmLY+E
yp8eBCyEJsUywtxq1KwcsEIN4/S94+C2nS5bPzkAietFqmRlozweLOs++H1tLl0E
yDVAzMpskG9K+nJgJDSorPUnJeVEpTXoHf6QYMkV1bMj5DM4QPqFfW1opd7fvAiC
hcDPp99SZYXOydKHPquggqrUooD6tI73y7nGeWs6KHL0vyeNdZL1RDrHcQgC5IXQ
5U3bKC9+SxuVmEgSk0Pge6DFR2b0qkNWTaU6H3To7+7mFgoMpscgoVw1W6AzCREK
Vm2et2q8G1IGNjkQuUS7cIb6NzI5Xvh1SVyCnNety4mg/VY9RJI=
=hJZf
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4343-1
April 28, 2020

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.04 LTS

Summary:

Systems running on s390x architecture could be made to crash or run
programs as an administrator under certain conditions.

Software Description:
– linux: Linux kernel

Details:

Al Viro discovered that the Linux kernel for s390x systems did not properly
perform page table upgrades for kernel sections that use secondary address
mode. A local attacker could use this to cause a denial of service (system
crash) or execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
linux-image-5.4.0-28-generic 5.4.0-28.32
linux-image-5.4.0-28-generic-lpae 5.4.0-28.32
linux-image-5.4.0-28-lowlatency 5.4.0-28.32
linux-image-generic 5.4.0.28.33
linux-image-generic-lpae 5.4.0.28.33
linux-image-lowlatency 5.4.0.28.33
linux-image-oem 5.4.0.28.33
linux-image-oem-osp1 5.4.0.28.33
linux-image-virtual 5.4.0.28.33

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4343-1
CVE-2020-11884

Package Information:
https://launchpad.net/ubuntu/+source/linux/5.4.0-28.32

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl6oySgACgkQLwmejQBe
gfTg2w//bqZnrtSPdiXi02szavMI0QSYYlrSiCzTDtK6jlCPf1CyU6B2c1hAiPLq
iqVYXeNnFnoO1vXShh0NXc3juuWIe01FDKEiyBZQUCkdoPD+eqSjHWN1ID/uc1JA
TUC2CIGmhHw2tcL8mKdjbXltdAyruLdnWPQKfJoMBarzlzYoG4PF/Midon+nT1+u
M+HK61aNLzJFVn0pVPxAUACUx82Ayzdz5LtsjsFdr0U+g1/NUZ2qObh7EJKZt5iF
iycxtZ3z67M7Un2W49j0CcEopsY2XVBj09C2wcTU3EL+wbbTbvd2LW+4h3pkE1pF
+36esWSFf5qwoytknhafF7RhpMNAZnDLL3dPxCvCO8DM7IKy0f+pTxpEqhj2K7M1
SrHVdXzVnrNwEjicdDPjjbk9fQnYPeoIW+qAIA+bx7unOx9lHtufgQ+DHknoNvFS
cyoibEXHJjukTB6NO3nN5e29XrYq5NV2tiMCpPQAcu1gCVtmJAcs0W/pG3a/37o9
ldbkvneaxOEY5syl97rzh2/W52afYmc0LebDB5LBEKyr24g86GzwgC/9gadl3eiS
TQsuZAYgzbyVcPlDZH5orA1XFYqgKDvaVeKUunmG6RsnFgviy7hL+LjVzO6vixEk
xmKlxy5Y3jV4Sf99fMA/BGN+JsiaCZTZ5yyuVydpg4E98qDO8YI=
=V4vH
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4342-1
April 28, 2020

linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.3, linux-hwe,
linux-kvm, linux-raspi2, linux-raspi2-5.3 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.10
– Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-azure: Linux kernel for Microsoft Azure Cloud systems
– linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
– linux-kvm: Linux kernel for cloud environments
– linux-raspi2: Linux kernel for Raspberry Pi 2
– linux-gke-5.3: Linux kernel for Google Container Engine (GKE) systems
– linux-hwe: Linux hardware enablement (HWE) kernel
– linux-raspi2-5.3: Linux kernel for Raspberry Pi 2

Details:

Al Viro discovered that the Linux kernel for s390x systems did not properly
perform page table upgrades for kernel sections that use secondary address
mode. A local attacker could use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2020-11884)

It was discovered that the Intel Wi-Fi driver in the Linux kernel did not
properly check for errors in some situations. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2019-16234)

Tristan Madani discovered that the block I/O tracing implementation in the
Linux kernel contained a race condition. A local attacker could use this to
cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2019-19768)

It was discovered that the vhost net driver in the Linux kernel contained a
stack buffer overflow. A local attacker with the ability to perform ioctl()
calls on /dev/vhost-net could use this to cause a denial of service (system
crash). (CVE-2020-10942)

It was discovered that the virtual terminal implementation in the Linux
kernel contained a race condition. A local attacker could possibly use this
to cause a denial of service (system crash) or expose sensitive
information. (CVE-2020-8648)

Shijie Luo discovered that the ext4 file system implementation in the Linux
kernel did not properly check for a too-large journal size. An attacker
could use this to construct a malicious ext4 image that, when mounted,
could cause a denial of service (soft lockup). (CVE-2020-8992)

Jordy Zomer discovered that the floppy driver in the Linux kernel did not
properly check for errors in some situations. A local attacker could
possibly use this to cause a denial of service (system crash) or possibly
expose sensitive information. (CVE-2020-9383)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
linux-image-5.3.0-1016-kvm 5.3.0-1016.17
linux-image-5.3.0-1017-aws 5.3.0-1017.18
linux-image-5.3.0-1018-gcp 5.3.0-1018.19
linux-image-5.3.0-1020-azure 5.3.0-1020.21
linux-image-5.3.0-1023-raspi2 5.3.0-1023.25
linux-image-5.3.0-51-generic 5.3.0-51.44
linux-image-5.3.0-51-generic-lpae 5.3.0-51.44
linux-image-5.3.0-51-lowlatency 5.3.0-51.44
linux-image-5.3.0-51-snapdragon 5.3.0-51.44
linux-image-aws 5.3.0.1017.19
linux-image-azure 5.3.0.1020.39
linux-image-gcp 5.3.0.1018.19
linux-image-generic 5.3.0.51.42
linux-image-generic-lpae 5.3.0.51.42
linux-image-gke 5.3.0.1018.19
linux-image-kvm 5.3.0.1016.18
linux-image-lowlatency 5.3.0.51.42
linux-image-raspi2 5.3.0.1023.20
linux-image-snapdragon 5.3.0.51.42
linux-image-virtual 5.3.0.51.42

Ubuntu 18.04 LTS:
linux-image-5.3.0-1018-gke 5.3.0-1018.19~18.04.1
linux-image-5.3.0-1023-raspi2 5.3.0-1023.25~18.04.1
linux-image-5.3.0-51-generic 5.3.0-51.44~18.04.2
linux-image-5.3.0-51-generic-lpae 5.3.0-51.44~18.04.2
linux-image-5.3.0-51-lowlatency 5.3.0-51.44~18.04.2
linux-image-generic-hwe-18.04 5.3.0.51.104
linux-image-generic-lpae-hwe-18.04 5.3.0.51.104
linux-image-gke-5.3 5.3.0.1018.8
linux-image-lowlatency-hwe-18.04 5.3.0.51.104
linux-image-raspi2-hwe-18.04 5.3.0.1023.12
linux-image-snapdragon-hwe-18.04 5.3.0.51.104
linux-image-virtual-hwe-18.04 5.3.0.51.104

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4342-1
CVE-2019-16234, CVE-2019-19768, CVE-2020-10942, CVE-2020-11884,
CVE-2020-8648, CVE-2020-8992, CVE-2020-9383

Package Information:
https://launchpad.net/ubuntu/+source/linux/5.3.0-51.44
https://launchpad.net/ubuntu/+source/linux-aws/5.3.0-1017.18
https://launchpad.net/ubuntu/+source/linux-azure/5.3.0-1020.21
https://launchpad.net/ubuntu/+source/linux-gcp/5.3.0-1018.19
https://launchpad.net/ubuntu/+source/linux-kvm/5.3.0-1016.17
https://launchpad.net/ubuntu/+source/linux-raspi2/5.3.0-1023.25
https://launchpad.net/ubuntu/+source/linux-gke-5.3/5.3.0-1018.19~18.04.1
https://launchpad.net/ubuntu/+source/linux-hwe/5.3.0-51.44~18.04.2
https://launchpad.net/ubuntu/+source/linux-raspi2-5.3/5.3.0-1023.25~18.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl6oyQkACgkQLwmejQBe
gfTVXA/+KRXZ8t3TnQpE1zuBGxq2YEWi+MdGfoyYhPIauvFXBGZOf/NjRWs36ATX
pCh7z7Ovmua8TP3SdecZRhjnxog8+5Y5TKcck4DsmRYUqpSiHTo97mBR6MzEQnmF
6XLWqFkV1Nv21s/Plh1p/Vcb7UQa13XBRftvdR1JiO7r0FHyaXAeaEQLqNHucTau
zdErITknS9msjzn6CrkUBjbDFBf99tCbcgzLFD557AHO7aQCf2GDP8sXI5VP1AH9
BeH8mBy680T49yLbHyVF/dYxdT7r4JM74kfTVqtoaDzaGSQQ/G5xDG2J/FbKvDRL
U1AWl9oAtnKudYdSlvzPAu5pC5t5fXkWROjx8rBjsbooE4WSx3R/ZYy6m1urhjeY
NcQSOaHn1AADLl5tRW1w+TbQqpycwKl83fvWdLxQBxYmjnYzKGjL3LecM+K6mbiK
UAs9YgPf6sw1Tr6o5FRLbf2Ur1rxL/v6QIj9rjr6V2KaQ/b32/zzT4bDd0DIkcQ0
XI6Y2UIUuUyMog+ns3s8d8dyg3j8CbSRSebMb7nWfXNw9rsIri+KCOI1aQGwLUbN
q+oiQOs+MmCrc8j84R8LGaijb9+Ai8Sil7MQi2giN5mtHjOGUnYJdJJv+0g2VU8d
APV8/FDVbaEv1sfiKVedxDTGDLVW8jfw3bbn2MAeea3mEZFM0ww=
=2cdN
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa targetcli

Otkriven je sigurnosni nedostatak u programskom paketu targetcli za operacijski sustav RHEL. Otkriveni nedostatak potencijalnim napadačima omogućuje stjecanje uvećanih ovlasti....

Close