You are here
Home > Preporuke > Sigurnosni nedostaci jezgre operacijskog sustava

Sigurnosni nedostaci jezgre operacijskog sustava

==========================================================================
Ubuntu Security Notice USN-4465-1
August 19, 2020

linux-hwe, linux-azure-5.3, linux-gke-5.3, vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux-azure-5.3: Linux kernel for microsoft azure cloud systems
– linux-gke-5.3: Linux kernel for Google Container Engine (GKE) systems
– linux-hwe: Linux hardware enablement (HWE) kernel

Details:

It was discovered that the XFS file system implementation in the Linux
kernel did not properly validate meta data in some circumstances. An
attacker could use this to construct a malicious XFS image that, when
mounted, could cause a denial of service. (CVE-2020-12655)

It was discovered that the bcache subsystem in the Linux kernel did not
properly release a lock in some error conditions. A local attacker could
possibly use this to cause a denial of service. (CVE-2020-12771)

Kyungtae Kim discovered that the USB testing driver in the Linux kernel did
not properly deallocate memory on disconnect events. A physically proximate
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2020-15393)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
linux-image-5.3.0-1033-gke 5.3.0-1033.35
linux-image-5.3.0-1035-azure 5.3.0-1035.36
linux-image-5.3.0-65-generic 5.3.0-65.59
linux-image-5.3.0-65-lowlatency 5.3.0-65.59
linux-image-azure 5.3.0.1035.31
linux-image-gke-5.3 5.3.0.1033.18
linux-image-gkeop-5.3 5.3.0.65.121

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4465-1
CVE-2020-12655, CVE-2020-12771, CVE-2020-15393

Package Information:
https://launchpad.net/ubuntu/+source/linux-azure-5.3/5.3.0-1035.36
https://launchpad.net/ubuntu/+source/linux-gke-5.3/5.3.0-1033.35
https://launchpad.net/ubuntu/+source/linux-hwe/5.3.0-65.59

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl88kUoACgkQLwmejQBe
gfT+Fw//RFNsAxwnVCgnKodbYoWwROjUtrn4Qwx1PG10w1qKDGlKor/yBkQGvKyj
GAhtpyH80+LfYtG3k2uwtokE8L6/WgcG9qQnYQIe94Y6twYRTxAg+X69HtIXeUNR
9TDco5cKoqObCkWyzcYg8i+fCpEv2Vbf93sqQ8ZHAdbXIbSEt3Q+14SPi/Og19+R
y1e0DKHS3IhauRAg2nw4Dgtn/l7jpVno2LNBPqOdTnk6YmkseM/q+4SjO18BmzNt
mLtq4MYnsF871JsQ4HcLkdqogdEzrck4w8a16YjXbfyJlckxCwmX4DcmjsIO5XTA
nZqWrVxAlxhHdDNpvN30ZU2xM20PI4T63gbW3xKfzMP6VhoQzLZEkes+hwRyQ38C
y1oStrqjLvxsbuIaceb49i6qWluRJiqRZd+6WvPHWgOtJ0fpymqY+Xu5Eec4VW6v
Yry7SPo+TQ0nLHBbIDnsotdI2uRXjoG8lI0AsFgrt4smcrUeKEBZYfoUwofkOLW8
6HyzrOmIn9hSwK8lK6Obxr6BsUBdMGeVdOv3c/DBzIPp4hBI97Sq4vZ0+TAJV8J4
3DzGqDOT7DvYiYsOG75nHyOEinFfWAzng5PyQuXMKnslepIk9hy23BWO5KHwOXmR
vA2TmaoHikC8pvVJ4mrxEVQ4hc9ueBqfo7b756Ia941N7yZuItI=
=d9PV
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskih paketa postgresql, postgresql96, postgresql10, postgresql12

Otkriveni su sigurnosni nedostaci u programskim paketima postgresql, postgresql96, postgresql10 te postgresql12 za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim napadačima...

Close