==========================================================================
Ubuntu Security Notice USN-4485-1
September 02, 2020
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp,
linux-gcp-4.15, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle,
linux-raspi2, linux-snapdragon vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems
– linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
– linux-gke-4.15: Linux kernel for Google Container Engine (GKE) systems
– linux-kvm: Linux kernel for cloud environments
– linux-oem: Linux kernel for OEM systems
– linux-oracle: Linux kernel for Oracle Cloud systems
– linux-raspi2: Linux kernel for Raspberry Pi (V8) systems
– linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors
– linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
– linux-azure: Linux kernel for Microsoft Azure Cloud systems
– linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
Details:
Timothy Michaud discovered that the i915 graphics driver in the Linux
kernel did not properly validate user memory locations for the
i915_gem_execbuffer2_ioctl. A local attacker could possibly use this to
cause a denial of service or execute arbitrary code. (CVE-2018-20669)
It was discovered that the Kvaser CAN/USB driver in the Linux kernel did
not properly initialize memory in certain situations. A local attacker
could possibly use this to expose sensitive information (kernel memory).
(CVE-2019-19947)
Chuhong Yuan discovered that go7007 USB audio device driver in the Linux
kernel did not properly deallocate memory in some failure conditions. A
physically proximate attacker could use this to cause a denial of service
(memory exhaustion). (CVE-2019-20810)
It was discovered that the elf handling code in the Linux kernel did not
initialize memory before using it in certain situations. A local attacker
could use this to possibly expose sensitive information (kernel memory).
(CVE-2020-10732)
It was discovered that the Linux kernel did not correctly apply Speculative
Store Bypass Disable (SSBD) mitigations in certain situations. A local
attacker could possibly use this to expose sensitive information.
(CVE-2020-10766)
It was discovered that the Linux kernel did not correctly apply Indirect
Branch Predictor Barrier (IBPB) mitigations in certain situations. A local
attacker could possibly use this to expose sensitive information.
(CVE-2020-10767)
It was discovered that the Linux kernel could incorrectly enable Indirect
Branch Speculation after it has been disabled for a process via a prctl()
call. A local attacker could possibly use this to expose sensitive
information. (CVE-2020-10768)
Luca Bruno discovered that the zram module in the Linux kernel did not
properly restrict unprivileged users from accessing the hot_add sysfs file.
A local attacker could use this to cause a denial of service (memory
exhaustion). (CVE-2020-10781)
It was discovered that the XFS file system implementation in the Linux
kernel did not properly validate meta data in some circumstances. An
attacker could use this to construct a malicious XFS image that, when
mounted, could cause a denial of service. (CVE-2020-12655)
It was discovered that the bcache subsystem in the Linux kernel did not
properly release a lock in some error conditions. A local attacker could
possibly use this to cause a denial of service. (CVE-2020-12771)
It was discovered that the Virtual Terminal keyboard driver in the Linux
kernel contained an integer overflow. A local attacker could possibly use
this to have an unspecified impact. (CVE-2020-13974)
Kyungtae Kim discovered that the USB testing driver in the Linux kernel did
not properly deallocate memory on disconnect events. A physically proximate
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2020-15393)
It was discovered that the NFS server implementation in the Linux kernel
did not properly honor umask settings when setting permissions while
creating file system objects if the underlying file system did not support
ACLs. An attacker could possibly use this to expose sensitive information
or violate system integrity. (CVE-2020-24394)
It was discovered that the Kerberos SUNRPC GSS implementation in the Linux
kernel did not properly deallocate memory on module unload. A local
privileged attacker could possibly use this to cause a denial of service
(memory exhaustion). (CVE-2020-12656)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
linux-image-4.15.0-1051-oracle 4.15.0-1051.55
linux-image-4.15.0-1067-gke 4.15.0-1067.70
linux-image-4.15.0-1068-raspi2 4.15.0-1068.72
linux-image-4.15.0-1072-kvm 4.15.0-1072.73
linux-image-4.15.0-1080-aws 4.15.0-1080.84
linux-image-4.15.0-1081-gcp 4.15.0-1081.92
linux-image-4.15.0-1084-snapdragon 4.15.0-1084.92
linux-image-4.15.0-1093-azure 4.15.0-1093.103
linux-image-4.15.0-1094-oem 4.15.0-1094.104
linux-image-4.15.0-115-generic 4.15.0-115.116
linux-image-4.15.0-115-generic-lpae 4.15.0-115.116
linux-image-4.15.0-115-lowlatency 4.15.0-115.116
linux-image-aws-lts-18.04 4.15.0.1080.82
linux-image-azure-lts-18.04 4.15.0.1093.67
linux-image-gcp-lts-18.04 4.15.0.1081.99
linux-image-generic 4.15.0.115.103
linux-image-generic-lpae 4.15.0.115.103
linux-image-gke 4.15.0.1067.71
linux-image-gke-4.15 4.15.0.1067.71
linux-image-kvm 4.15.0.1072.68
linux-image-lowlatency 4.15.0.115.103
linux-image-oem 4.15.0.1094.98
linux-image-oracle-lts-18.04 4.15.0.1051.62
linux-image-powerpc-e500mc 4.15.0.115.103
linux-image-powerpc-smp 4.15.0.115.103
linux-image-powerpc64-emb 4.15.0.115.103
linux-image-powerpc64-smp 4.15.0.115.103
linux-image-raspi2 4.15.0.1068.66
linux-image-snapdragon 4.15.0.1084.87
linux-image-virtual 4.15.0.115.103
Ubuntu 16.04 LTS:
linux-image-4.15.0-1051-oracle 4.15.0-1051.55~16.04.1
linux-image-4.15.0-1080-aws 4.15.0-1080.84~16.04.1
linux-image-4.15.0-1081-gcp 4.15.0-1081.92~16.04.1
linux-image-4.15.0-1093-azure 4.15.0-1093.103~16.04.1
linux-image-aws-hwe 4.15.0.1080.77
linux-image-azure 4.15.0.1093.88
linux-image-azure-edge 4.15.0.1093.88
linux-image-gcp 4.15.0.1081.83
linux-image-gke 4.15.0.1081.83
linux-image-oracle 4.15.0.1051.42
Ubuntu 14.04 ESM:
linux-image-4.15.0-1093-azure 4.15.0-1093.103~14.04.1
linux-image-azure 4.15.0.1093.70
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4485-1
CVE-2018-20669, CVE-2019-19947, CVE-2019-20810, CVE-2020-10732,
CVE-2020-10766, CVE-2020-10767, CVE-2020-10768, CVE-2020-10781,
CVE-2020-12655, CVE-2020-12656, CVE-2020-12771, CVE-2020-13974,
CVE-2020-15393, CVE-2020-24394
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.15.0-115.116
https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1080.84
https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1093.103
https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1081.92
https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1067.70
https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1072.73
https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1094.104
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1051.55
https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1068.72
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1084.92
https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1080.84~16.04.1
https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1093.103~16.04.1
https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1081.92~16.04.1
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1051.55~16.04.1
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl9PGdMACgkQLwmejQBe
gfTzeQ//amuliDJxfEyKp8LZiz/+DRjUdtctzxpduTMwYzosmeD7cjxIivXwILwT
AOtHDe0jCmYCKvGCAg3hE9pa9YSbSPruEZkyidr1iiTfnlVQ/i0Bnwza/ct8P5jX
yEkkwEZOhFijOFLxFy+QBECgdfBytEDAcM60+dY5weVrnoE25beJqaH60iiYG+Oh
q3yrKF4BFbGUtDdvqOjbn3WG8TUCw85CJViU4lts3y8EL5b1CdBfWaOSzzuDzc4D
sauhfOPAXDXVUtD6uo+OdYt5uB3RVgdX71sRStbvQsOefifrqR8w7nh5mbtN4Ewu
tCHY85Az9VFF62VjaiNne832OSuFGdj5CL1T18K7zpkZ4rEz6HmenqYX35SBWQru
qr7fMC9rDQSM2qj3QG4Hdg98EhX6hT/ePBj3lqX0rRvmmVSYR70KdU/tTccRKsmu
Ev5ba7YUa4KjVO7fqIyQDn6fzfdOw9gKKQRRtvqwzOU4hwHAKDuuwQvIy2AInhOK
+kJxnETgVOteKhH4NE8FiES6BYflkFtfQfWDyJ2t6R9MZyJ+89CJ/ntZ7JEG5cw8
sQ1crr3pO/YhcUnBwqBDBtH8QYQZ3mcpUmjuIOFbVKkQXQ0D2PN+PV2dd8RJMNSp
tnUpKT5zdm2GlhR14Q6aD2wg/fqb5GMPT/VnjbfNibI/62nf0AY=
=Ly5v
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-4483-1
September 02, 2020
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp,
linux-gcp-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi,
linux-raspi-5.4 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-azure: Linux kernel for Microsoft Azure Cloud systems
– linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
– linux-kvm: Linux kernel for cloud environments
– linux-oracle: Linux kernel for Oracle Cloud systems
– linux-raspi: Linux kernel for Raspberry Pi (V8) systems
– linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems
– linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems
– linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems
– linux-oracle-5.4: Linux kernel for Oracle Cloud systems
– linux-raspi-5.4: Linux kernel for Raspberry Pi (V8) systems
Details:
Chuhong Yuan discovered that go7007 USB audio device driver in the Linux
kernel did not properly deallocate memory in some failure conditions. A
physically proximate attacker could use this to cause a denial of service
(memory exhaustion). (CVE-2019-20810)
Fan Yang discovered that the mremap implementation in the Linux kernel did
not properly handle DAX Huge Pages. A local attacker with access to DAX
storage could use this to gain administrative privileges. (CVE-2020-10757)
It was discovered that the Linux kernel did not correctly apply Speculative
Store Bypass Disable (SSBD) mitigations in certain situations. A local
attacker could possibly use this to expose sensitive information.
(CVE-2020-10766)
It was discovered that the Linux kernel did not correctly apply Indirect
Branch Predictor Barrier (IBPB) mitigations in certain situations. A local
attacker could possibly use this to expose sensitive information.
(CVE-2020-10767)
It was discovered that the Linux kernel could incorrectly enable Indirect
Branch Speculation after it has been disabled for a process via a prctl()
call. A local attacker could possibly use this to expose sensitive
information. (CVE-2020-10768)
Luca Bruno discovered that the zram module in the Linux kernel did not
properly restrict unprivileged users from accessing the hot_add sysfs file.
A local attacker could use this to cause a denial of service (memory
exhaustion). (CVE-2020-10781)
It was discovered that the XFS file system implementation in the Linux
kernel did not properly validate meta data in some circumstances. An
attacker could use this to construct a malicious XFS image that, when
mounted, could cause a denial of service. (CVE-2020-12655)
It was discovered that the bcache subsystem in the Linux kernel did not
properly release a lock in some error conditions. A local attacker could
possibly use this to cause a denial of service. (CVE-2020-12771)
It was discovered that the Virtual Terminal keyboard driver in the Linux
kernel contained an integer overflow. A local attacker could possibly use
this to have an unspecified impact. (CVE-2020-13974)
It was discovered that the cgroup v2 subsystem in the Linux kernel did not
properly perform reference counting in some situations, leading to a NULL
pointer dereference. A local attacker could use this to cause a denial of
service or possibly gain administrative privileges. (CVE-2020-14356)
Kyungtae Kim discovered that the USB testing driver in the Linux kernel did
not properly deallocate memory on disconnect events. A physically proximate
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2020-15393)
It was discovered that the NFS server implementation in the Linux kernel
did not properly honor umask settings when setting permissions while
creating file system objects if the underlying file system did not support
ACLs. An attacker could possibly use this to expose sensitive information
or violate system integrity. (CVE-2020-24394)
It was discovered that the Kerberos SUNRPC GSS implementation in the Linux
kernel did not properly deallocate memory on module unload. A local
privileged attacker could possibly use this to cause a denial of service
(memory exhaustion). (CVE-2020-12656)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.4.0-1016-raspi 5.4.0-1016.17
linux-image-5.4.0-1022-aws 5.4.0-1022.22
linux-image-5.4.0-1022-gcp 5.4.0-1022.22
linux-image-5.4.0-1022-oracle 5.4.0-1022.22
linux-image-5.4.0-1023-azure 5.4.0-1023.23
linux-image-5.4.0-45-generic 5.4.0-45.49
linux-image-5.4.0-45-generic-lpae 5.4.0-45.49
linux-image-5.4.0-45-lowlatency 5.4.0-45.49
linux-image-aws 5.4.0.1022.23
linux-image-azure 5.4.0.1023.22
linux-image-gcp 5.4.0.1022.20
linux-image-generic 5.4.0.45.49
linux-image-generic-lpae 5.4.0.45.49
linux-image-gke 5.4.0.1022.20
linux-image-kvm 5.4.0.1021.20
linux-image-lowlatency 5.4.0.45.49
linux-image-oem 5.4.0.45.49
linux-image-oem-osp1 5.4.0.45.49
linux-image-oracle 5.4.0.1022.20
linux-image-raspi 5.4.0.1016.51
linux-image-raspi2 5.4.0.1016.51
linux-image-virtual 5.4.0.45.49
Ubuntu 18.04 LTS:
linux-image-5.4.0-1016-raspi 5.4.0-1016.17~18.04.1
linux-image-5.4.0-1022-aws 5.4.0-1022.22~18.04.1
linux-image-5.4.0-1022-gcp 5.4.0-1022.22~18.04.1
linux-image-5.4.0-1022-oracle 5.4.0-1022.22~18.04.1
linux-image-5.4.0-1023-azure 5.4.0-1023.23~18.04.1
linux-image-aws-edge 5.4.0.1022.8
linux-image-azure 5.4.0.1023.7
linux-image-gcp 5.4.0.1022.9
linux-image-gke-5.4 5.4.0.1022.9
linux-image-oracle 5.4.0.1022.7
linux-image-raspi-hwe-18.04 5.4.0.1016.20
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4483-1
CVE-2019-20810, CVE-2020-10757, CVE-2020-10766, CVE-2020-10767,
CVE-2020-10768, CVE-2020-10781, CVE-2020-12655, CVE-2020-12656,
CVE-2020-12771, CVE-2020-13974, CVE-2020-14356, CVE-2020-15393,
CVE-2020-24394
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.4.0-45.49
https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1022.22
https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1023.23
https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1022.22
https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1021.21
https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1022.22
https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1016.17
https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1022.22~18.04.1
https://launchpad.net/ubuntu/+source/linux-azure-5.4/5.4.0-1023.23~18.04.1
https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1022.22~18.04.1
https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1022.22~18.04.1
https://launchpad.net/ubuntu/+source/linux-raspi-5.4/5.4.0-1016.17~18.04.1
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl9PGXsACgkQLwmejQBe
gfSmfQ//SyuotyEIPZ3Phhy4fnrwTvVcUYuE1jlHDEJYsVetVHPihoGD74b2pO44
0uHwF2ZYG8uOttun+mvewkHOujGRb+OjnTPzBOFWIQG+7/u4ygpEDeUCUAWq6gg9
ntJL8+eviivBKxfjTLbSZIaStGNFBw5QVqFDF91991zYZwLpeYUvmbA+axjpR8vT
yt+rnrTTsB6X8zHDMfSK8fckQbRkO5UUis8rf4CWP4TT47h60BJ4pASdJdt7mBT4
xxLbqZe/Ok6Yq1G7WxSnbKEApewtSN3gJHLX3OpLVZdSr4rUpxNPcCC1akbvD9S/
PkUOZ2KFkiR63GzKAqgUPQ37aMLKb/F2xm3mqUbEM7SIN1JqdJ7K5ghQsoBYo62o
0UTz3SsKzj34kdjMprMwX2CPLLV9gHPTmCyRZcnvwa8irE3Mdx2TpEya9NcS//AI
v6s2VZlVrNTjo/lVF/aqYTZV3NB0I1wgXCboN74DgmRE2qhIa1NiKVib+v3fR8hd
BgsIU6t82LM/W3jJ6bmiEi79LT9+vGpv3JWz3NGOBagsOtSXynx7Z64XrUGkKEUT
PnkhoUCea4E8mv9G0vPQQEnzw23AOf6Qe7aDdJWwfm2ldb8T5w3yV8sJHgVO9Kfe
jeMITvybitYKbq++EgwVVNtDQXkzTalRFIvaakBPaumEFAXiX48=
=Zg7t
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-4484-1
September 02, 2020
linux-hwe, linux-aws-5.3, linux-gke-5.3, linux-raspi2-5.3 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.04 LTS
Summary:
The system could be made to crash or run programs as an administrator.
Software Description:
– linux-aws-5.3: Linux kernel for Amazon Web Services (AWS) systems
– linux-gke-5.3: Linux kernel for Google Container Engine (GKE) systems
– linux-hwe: Linux hardware enablement (HWE) kernel
– linux-raspi2-5.3: Linux kernel for Raspberry Pi (V8) systems
Details:
It was discovered that the cgroup v2 subsystem in the Linux kernel did not
properly perform reference counting in some situations, leading to a NULL
pointer dereference. A local attacker could use this to cause a denial of
service or possibly gain administrative privileges. (CVE-2020-14356)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
linux-image-5.3.0-1032-raspi2 5.3.0-1032.34
linux-image-5.3.0-1034-aws 5.3.0-1034.36
linux-image-5.3.0-1034-gke 5.3.0-1034.36
linux-image-5.3.0-66-generic 5.3.0-66.60
linux-image-5.3.0-66-lowlatency 5.3.0-66.60
linux-image-aws 5.3.0.1034.33
linux-image-gke-5.3 5.3.0.1034.19
linux-image-gkeop-5.3 5.3.0.66.123
linux-image-raspi2-hwe-18.04 5.3.0.1032.22
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4484-1
CVE-2020-14356
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-5.3/5.3.0-1034.36
https://launchpad.net/ubuntu/+source/linux-gke-5.3/5.3.0-1034.36
https://launchpad.net/ubuntu/+source/linux-hwe/5.3.0-66.60
https://launchpad.net/ubuntu/+source/linux-raspi2-5.3/5.3.0-1032.34
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl9PGcYACgkQLwmejQBe
gfTGgw//S1o8qYwbnYEqFsQkOSYSsmgd50KvJI+CGN6MSSSKrBXbzP4edePzsh9M
AaoRLtMOwNpkb+SPBQQ/X70tsUkRX11qaaU86wgEDi3ECCdSZHPa6dEDGHMpCoIZ
6EpF8rVLxZ7J8qctdRJ2pt6hEGGivdR9rCEF1S2B55cSvoXYkQh229mX2iN9wskx
zd+8FurMf+qJXYHI0M71vBL1XakBVXEArZYu69I4x9fGPgmGUiS7L3NuuOTDrM/a
m8uPoBpLhWLgW+v8+Hkk65RZ5SvbYhKFc3tg7AGfNih3kCvYfLN7PnjZH59w/98X
8q6XV/3Q5NNjt3/RYAztGaJ2A44xc5D2Xhn+rFm0b7HriMjBGSn+uepl+M4iD8SC
Mdrsk2neYfK7uUlBigBF1dP8QQP6ASFu5Td/g1MOzz/UEuYBtbfxYU6mWSv5g3qr
hqW9hQycSZjYGf9cZkpD6QkQdB0fK/Fwv/GKRNe5pC4NmtDv8VyCx0ePx7xs1jej
IstBUriyjyLZDwnB5C0OBv6B52iIbgnOu/DE1dMaOwbrRMRr4iyLEG8L/cxFZU8S
vj8NBceaKvmnNkV0G2tSQM/6lBxCIe9mHdFZHEBo5DO23VJRO/HZleS7jk53iGIR
kch6+3HWMqgfca5G2aU9pqIRXSQ17CcsQRT3EUaeNP39EOyh+Wg=
=W0HG
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-4486-1
September 02, 2020
linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2,
linux-snapdragon vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 LTS
– Ubuntu 14.04 ESM
Summary:
The Linux kernel could be made to crash if it mounted a malicious XFS
file system.
Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-kvm: Linux kernel for cloud environments
– linux-raspi2: Linux kernel for Raspberry Pi (V8) systems
– linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors
– linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly validate meta-data information. An attacker could
use this to construct a malicious xfs image that, when mounted, could cause
a denial of service (system crash).
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
linux-image-4.4.0-1079-kvm 4.4.0-1079.86
linux-image-4.4.0-1113-aws 4.4.0-1113.126
linux-image-4.4.0-1138-raspi2 4.4.0-1138.147
linux-image-4.4.0-1142-snapdragon 4.4.0-1142.151
linux-image-4.4.0-189-generic 4.4.0-189.219
linux-image-4.4.0-189-generic-lpae 4.4.0-189.219
linux-image-4.4.0-189-lowlatency 4.4.0-189.219
linux-image-4.4.0-189-powerpc-e500mc 4.4.0-189.219
linux-image-4.4.0-189-powerpc-smp 4.4.0-189.219
linux-image-4.4.0-189-powerpc64-emb 4.4.0-189.219
linux-image-4.4.0-189-powerpc64-smp 4.4.0-189.219
linux-image-aws 4.4.0.1113.118
linux-image-generic 4.4.0.189.195
linux-image-generic-lpae 4.4.0.189.195
linux-image-kvm 4.4.0.1079.77
linux-image-lowlatency 4.4.0.189.195
linux-image-powerpc-e500mc 4.4.0.189.195
linux-image-powerpc-smp 4.4.0.189.195
linux-image-powerpc64-emb 4.4.0.189.195
linux-image-powerpc64-smp 4.4.0.189.195
linux-image-raspi2 4.4.0.1138.138
linux-image-snapdragon 4.4.0.1142.134
linux-image-virtual 4.4.0.189.195
Ubuntu 14.04 ESM:
linux-image-4.4.0-1077-aws 4.4.0-1077.81
linux-image-4.4.0-189-generic 4.4.0-189.219~14.04.1
linux-image-4.4.0-189-generic-lpae 4.4.0-189.219~14.04.1
linux-image-4.4.0-189-lowlatency 4.4.0-189.219~14.04.1
linux-image-4.4.0-189-powerpc-e500mc 4.4.0-189.219~14.04.1
linux-image-4.4.0-189-powerpc-smp 4.4.0-189.219~14.04.1
linux-image-4.4.0-189-powerpc64-emb 4.4.0-189.219~14.04.1
linux-image-4.4.0-189-powerpc64-smp 4.4.0-189.219~14.04.1
linux-image-aws 4.4.0.1077.74
linux-image-generic-lpae-lts-xenial 4.4.0.189.165
linux-image-generic-lts-xenial 4.4.0.189.165
linux-image-lowlatency-lts-xenial 4.4.0.189.165
linux-image-powerpc-e500mc-lts-xenial 4.4.0.189.165
linux-image-powerpc-smp-lts-xenial 4.4.0.189.165
linux-image-powerpc64-emb-lts-xenial 4.4.0.189.165
linux-image-powerpc64-smp-lts-xenial 4.4.0.189.165
linux-image-virtual-lts-xenial 4.4.0.189.165
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4486-1
CVE-2018-10323
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-189.219
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1113.126
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1079.86
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1138.147
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1142.151
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl9PGd0ACgkQLwmejQBe
gfSp8xAApcCSsCm4tQmHQX852PEq7mR9u3phFMcgCI7Hyo6vNS9UKDWra5lFyKGU
aZIiWS9QyyamAZ0f78O9CJGKXaJAXRvLWgf1+l4ct6HdQ8cjbQvlGf09Cvzmu9bQ
onRl2NaHaQNsEoezPgUkNeIzqoLdElDG+xd2fHmKlUE1vw/35VqyynM4jo6ySYJJ
uHsJYlIDKYH1KLdbiO4PyOu/b+e2RSzAVhpjnyh0u1RG1WF9vuAwSmzjBnhmt0Qv
sqzqZk9W3XT/siuhwhkXQVvkZ+Pd6WNcdKw23SAdGPR4WLwLqYcvHrdd8fdeN/9n
FdlRAP/LnTP+2uDB8yt4yH0hDA9p8KKhp084RU9M9PZIWkzadajLn+x1znd/nhc3
ziaQ7qqApzYO5NAaagQ7XVyJ0RWVoZgLT4FfNJLuhiIQdqbg7fWfDR5YB4gz2js+
f6LDDqMVwPDd3OFof+c0cQzCrUR75j2Tv0RUQDmuHc5qcBH5rSffbgJIkHRrI4WZ
5njqYQgwFf6m7UXMe8RNFX/ULhfRXuGVWpCbMCSwI1jwj7796fTd+GOwP7QU6kRu
GGOpEVQfPBYDpn7C9PIQJHdj60a4Z9NyJdTgs16dtZM415sg5Fve/yLFmYM8Bn/Q
9OzRQGPXjX6dFY6CuJbcSNaFr3/6rgwAB1YYlc5ikiqTOQ1H1RU=
=8x0E
—–END PGP SIGNATURE—–
—