==========================================================================
Ubuntu Security Notice USN-4626-1
November 11, 2020
linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle,
linux-raspi vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.10
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-azure: Linux kernel for Microsoft Azure Cloud systems
– linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
– linux-kvm: Linux kernel for cloud environments
– linux-oracle: Linux kernel for Oracle Cloud systems
– linux-raspi: Linux kernel for Raspberry Pi (V8) systems
Details:
Simon Scannell discovered that the bpf verifier in the Linux kernel did not
properly calculate register bounds for certain operations. A local attacker
could use this to expose sensitive information (kernel memory) or gain
administrative privileges. (CVE-2020-27194)
Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine
Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running
Average Power Limit (RAPL) driver in the Linux kernel did not properly
restrict access to power data. A local attacker could possibly use this to
expose sensitive information. (CVE-2020-8694)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
linux-image-5.8.0-1007-raspi 5.8.0-1007.10
linux-image-5.8.0-1007-raspi-nolpae 5.8.0-1007.10
linux-image-5.8.0-1009-kvm 5.8.0-1009.10
linux-image-5.8.0-1010-oracle 5.8.0-1010.10
linux-image-5.8.0-1011-gcp 5.8.0-1011.11
linux-image-5.8.0-1012-azure 5.8.0-1012.13
linux-image-5.8.0-1013-aws 5.8.0-1013.14
linux-image-5.8.0-28-generic 5.8.0-28.30
linux-image-5.8.0-28-generic-64k 5.8.0-28.30
linux-image-5.8.0-28-generic-lpae 5.8.0-28.30
linux-image-5.8.0-28-lowlatency 5.8.0-28.30
linux-image-aws 5.8.0.1013.15
linux-image-azure 5.8.0.1012.12
linux-image-gcp 5.8.0.1011.11
linux-image-generic 5.8.0.28.33
linux-image-generic-64k 5.8.0.28.33
linux-image-generic-lpae 5.8.0.28.33
linux-image-gke 5.8.0.1011.11
linux-image-kvm 5.8.0.1009.10
linux-image-lowlatency 5.8.0.28.33
linux-image-oem-20.04 5.8.0.28.33
linux-image-oracle 5.8.0.1010.10
linux-image-raspi 5.8.0.1007.10
linux-image-raspi-nolpae 5.8.0.1007.10
linux-image-virtual 5.8.0.28.33
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4626-1
CVE-2020-27194, CVE-2020-8694
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.8.0-28.30
https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1013.14
https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1012.13
https://launchpad.net/ubuntu/+source/linux-gcp/5.8.0-1011.11
https://launchpad.net/ubuntu/+source/linux-kvm/5.8.0-1009.10
https://launchpad.net/ubuntu/+source/linux-oracle/5.8.0-1010.10
https://launchpad.net/ubuntu/+source/linux-raspi/5.8.0-1007.10
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl+rSw4ACgkQLwmejQBe
gfQK/w//TQU3yjJyhSM6/CV49a1DIVfI1qidMNXUsIZXgFBa6/E3vgvGoiXxwpUy
wj4AyPQ2FtzimmWwDjHXJBqcmvVGsNAECDgJKWoSONRtTzrClvWaphUHdqw78yab
uDL/8z6IclHP5Lk4Q4QiyYrcjSmHRsl/NViyeps37jyNVdSOrZRIaVNFchhy8R1z
VQcqgQ0Vxp46NSI1f2tuFrtyxb8640uV5VBB1GZ2p7sfQU93PUb0NQ2xHjrI3EAW
0Ktw3/PCJ1y5o0twmpu+tEmR8aUmZUY3gm3PMNPxaPXjmFO3HgFk2fn4a9mtVkbs
dJGq2vGjP5aIbt1Ro09CWcr+hQVAx2TLMav7153KxGodFb0bTrKXf2RfLmMMpAGR
VCa8V5Uuy7OeWy3Cec/uYT9ZyOR3hKCaEBv2ynhSiKFLXrBtUxNsEg3PLf+npaWz
vIUuwB613zDSpM0tfyvMk1nIio0z2FPiSO4mSHjkiiULkH6gki1GBkzDF0XkZ3KU
QFhAmMl9zFI5P5/tiDp/ROF/0SmQSC2rkn1XDnIh6PsaKXdzAVdN0lTcLATCndc6
Us80p4oavnmW59qjm9qDnP+X6hMZKHnfmK8mbaB9TdyokixoOGsoFrDMwBAqq/0p
Oi5V2b1jenPwQbomfmyHYgrQ8zAfhVJoJnJM+yCh57lkGoTIl2w=
=6bdG
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-4627-1
November 11, 2020
linux, linux-gcp, linux-gcp-4.15, linux-gcp-5.4, linux-gke-4.15,
linux-gke-5.3, linux-hwe, linux-hwe-5.4, linux-oem, linux-oem-osp1,
linux-oracle, linux-oracle-5.4 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM
Summary:
The system could be made to expose sensitive information.
Software Description:
– linux: Linux kernel
– linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
– linux-oracle: Linux kernel for Oracle Cloud systems
– linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
– linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems
– linux-gke-4.15: Linux kernel for Google Container Engine (GKE) systems
– linux-gke-5.3: Linux kernel for Google Container Engine (GKE) systems
– linux-hwe: Linux hardware enablement (HWE) kernel
– linux-hwe-5.4: Linux hardware enablement (HWE) kernel
– linux-oem: Linux kernel for OEM systems
– linux-oem-osp1: Linux kernel for OEM systems
– linux-oracle-5.4: Linux kernel for Oracle Cloud systems
– linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
– linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise ESM
Details:
Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine
Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running
Average Power Limit (RAPL) driver in the Linux kernel did not properly
restrict access to power data. A local attacker could possibly use this to
expose sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.4.0-1029-gcp 5.4.0-1029.31
linux-image-5.4.0-1029-oracle 5.4.0-1029.31
linux-image-5.4.0-53-generic 5.4.0-53.59
linux-image-5.4.0-53-generic-lpae 5.4.0-53.59
linux-image-5.4.0-53-lowlatency 5.4.0-53.59
linux-image-gcp 5.4.0.1029.37
linux-image-generic 5.4.0.53.56
linux-image-generic-hwe-20.04 5.4.0.53.56
linux-image-generic-lpae 5.4.0.53.56
linux-image-generic-lpae-hwe-20.04 5.4.0.53.56
linux-image-gke 5.4.0.1029.37
linux-image-lowlatency 5.4.0.53.56
linux-image-lowlatency-hwe-20.04 5.4.0.53.56
linux-image-oem 5.4.0.53.56
linux-image-oem-osp1 5.4.0.53.56
linux-image-oracle 5.4.0.1029.26
linux-image-virtual 5.4.0.53.56
linux-image-virtual-hwe-20.04 5.4.0.53.56
Ubuntu 18.04 LTS:
linux-image-4.15.0-1058-oracle 4.15.0-1058.64
linux-image-4.15.0-1073-gke 4.15.0-1073.78
linux-image-4.15.0-1087-gcp 4.15.0-1087.100
linux-image-4.15.0-1101-oem 4.15.0-1101.112
linux-image-4.15.0-123-generic 4.15.0-123.126
linux-image-4.15.0-123-generic-lpae 4.15.0-123.126
linux-image-4.15.0-123-lowlatency 4.15.0-123.126
linux-image-5.0.0-1071-oem-osp1 5.0.0-1071.77
linux-image-5.3.0-1039-gke 5.3.0-1039.42
linux-image-5.3.0-69-generic 5.3.0-69.65
linux-image-5.3.0-69-lowlatency 5.3.0-69.65
linux-image-5.4.0-1029-gcp 5.4.0-1029.31~18.04.1
linux-image-5.4.0-1029-oracle 5.4.0-1029.31~18.04.1
linux-image-5.4.0-53-generic 5.4.0-53.59~18.04.1
linux-image-5.4.0-53-generic-lpae 5.4.0-53.59~18.04.1
linux-image-5.4.0-53-lowlatency 5.4.0-53.59~18.04.1
linux-image-gcp 5.4.0.1029.17
linux-image-gcp-edge 5.4.0.1029.17
linux-image-gcp-lts-18.04 4.15.0.1087.105
linux-image-generic 4.15.0.123.110
linux-image-generic-hwe-18.04 5.4.0.53.59~18.04.47
linux-image-generic-lpae 4.15.0.123.110
linux-image-generic-lpae-hwe-18.04 5.4.0.53.59~18.04.47
linux-image-gke 4.15.0.1073.77
linux-image-gke-4.15 4.15.0.1073.77
linux-image-gke-5.3 5.3.0.1039.22
linux-image-gkeop-5.3 5.3.0.69.126
linux-image-lowlatency 4.15.0.123.110
linux-image-lowlatency-hwe-18.04 5.4.0.53.59~18.04.47
linux-image-oem 4.15.0.1101.105
linux-image-oem-osp1 5.0.0.1071.69
linux-image-oracle 5.4.0.1029.13
linux-image-oracle-edge 5.4.0.1029.13
linux-image-oracle-lts-18.04 4.15.0.1058.68
linux-image-powerpc-e500mc 4.15.0.123.110
linux-image-powerpc-smp 4.15.0.123.110
linux-image-powerpc64-emb 4.15.0.123.110
linux-image-powerpc64-smp 4.15.0.123.110
linux-image-snapdragon-hwe-18.04 5.4.0.53.59~18.04.47
linux-image-virtual 4.15.0.123.110
linux-image-virtual-hwe-18.04 5.4.0.53.59~18.04.47
Ubuntu 16.04 LTS:
linux-image-4.15.0-1058-oracle 4.15.0-1058.64~16.04.1
linux-image-4.15.0-1087-gcp 4.15.0-1087.100~16.04.1
linux-image-4.15.0-123-generic 4.15.0-123.126~16.04.1
linux-image-4.15.0-123-generic-lpae 4.15.0-123.126~16.04.1
linux-image-4.15.0-123-lowlatency 4.15.0-123.126~16.04.1
linux-image-4.4.0-194-generic 4.4.0-194.226
linux-image-4.4.0-194-generic-lpae 4.4.0-194.226
linux-image-4.4.0-194-lowlatency 4.4.0-194.226
linux-image-4.4.0-194-powerpc-e500mc 4.4.0-194.226
linux-image-4.4.0-194-powerpc-smp 4.4.0-194.226
linux-image-4.4.0-194-powerpc64-emb 4.4.0-194.226
linux-image-4.4.0-194-powerpc64-smp 4.4.0-194.226
linux-image-gcp 4.15.0.1087.88
linux-image-generic 4.4.0.194.200
linux-image-generic-hwe-16.04 4.15.0.123.123
linux-image-generic-lpae 4.4.0.194.200
linux-image-generic-lpae-hwe-16.04 4.15.0.123.123
linux-image-gke 4.15.0.1087.88
linux-image-lowlatency 4.4.0.194.200
linux-image-lowlatency-hwe-16.04 4.15.0.123.123
linux-image-oem 4.15.0.123.123
linux-image-oracle 4.15.0.1058.47
linux-image-powerpc-e500mc 4.4.0.194.200
linux-image-powerpc-smp 4.4.0.194.200
linux-image-powerpc64-emb 4.4.0.194.200
linux-image-powerpc64-smp 4.4.0.194.200
linux-image-virtual 4.4.0.194.200
linux-image-virtual-hwe-16.04 4.15.0.123.123
Ubuntu 14.04 ESM:
linux-image-3.13.0-183-generic 3.13.0-183.234
linux-image-3.13.0-183-generic-lpae 3.13.0-183.234
linux-image-3.13.0-183-lowlatency 3.13.0-183.234
linux-image-3.13.0-183-powerpc-e500 3.13.0-183.234
linux-image-3.13.0-183-powerpc-e500mc 3.13.0-183.234
linux-image-3.13.0-183-powerpc-smp 3.13.0-183.234
linux-image-3.13.0-183-powerpc64-emb 3.13.0-183.234
linux-image-3.13.0-183-powerpc64-smp 3.13.0-183.234
linux-image-4.4.0-194-generic 4.4.0-194.226~14.04.1
linux-image-4.4.0-194-generic-lpae 4.4.0-194.226~14.04.1
linux-image-4.4.0-194-lowlatency 4.4.0-194.226~14.04.1
linux-image-4.4.0-194-powerpc-e500mc 4.4.0-194.226~14.04.1
linux-image-4.4.0-194-powerpc-smp 4.4.0-194.226~14.04.1
linux-image-4.4.0-194-powerpc64-emb 4.4.0-194.226~14.04.1
linux-image-4.4.0-194-powerpc64-smp 4.4.0-194.226~14.04.1
linux-image-generic 3.13.0.183.192
linux-image-generic-lpae 3.13.0.183.192
linux-image-generic-lpae-lts-xenial 4.4.0.194.170
linux-image-generic-lts-xenial 4.4.0.194.170
linux-image-generic-pae 3.13.0.183.192
linux-image-highbank 3.13.0.183.192
linux-image-lowlatency 3.13.0.183.192
linux-image-lowlatency-lts-xenial 4.4.0.194.170
linux-image-lowlatency-pae 3.13.0.183.192
linux-image-omap 3.13.0.183.192
linux-image-powerpc-e500 3.13.0.183.192
linux-image-powerpc-e500mc 3.13.0.183.192
linux-image-powerpc-e500mc-lts-xenial 4.4.0.194.170
linux-image-powerpc-smp 3.13.0.183.192
linux-image-powerpc-smp-lts-xenial 4.4.0.194.170
linux-image-powerpc64-emb 3.13.0.183.192
linux-image-powerpc64-emb-lts-xenial 4.4.0.194.170
linux-image-powerpc64-smp 3.13.0.183.192
linux-image-powerpc64-smp-lts-xenial 4.4.0.194.170
linux-image-server 3.13.0.183.192
linux-image-virtual 3.13.0.183.192
linux-image-virtual-lts-xenial 4.4.0.194.170
Ubuntu 12.04 ESM:
linux-image-3.13.0-183-generic 3.13.0-183.234~12.04.1
linux-image-3.13.0-183-generic-lpae 3.13.0-183.234~12.04.1
linux-image-3.13.0-183-lowlatency 3.13.0-183.234~12.04.1
linux-image-generic-lpae-lts-trusty 3.13.0.183.169
linux-image-generic-lts-trusty 3.13.0.183.169
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4627-1
CVE-2020-8694
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.4.0-53.59
https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1029.31
https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1029.31
https://launchpad.net/ubuntu/+source/linux/4.15.0-123.126
https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1087.100
https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1029.31~18.04.1
https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1073.78
https://launchpad.net/ubuntu/+source/linux-gke-5.3/5.3.0-1039.42
https://launchpad.net/ubuntu/+source/linux-hwe/5.3.0-69.65
https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-53.59~18.04.1
https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1101.112
https://launchpad.net/ubuntu/+source/linux-oem-osp1/5.0.0-1071.77
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1058.64
https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1029.31~18.04.1
https://launchpad.net/ubuntu/+source/linux/4.4.0-194.226
https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1087.100~16.04.1
https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-123.126~16.04.1
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1058.64~16.04.1
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl+rUSEACgkQLwmejQBe
gfRZqQ//R3h8/i7zHY+9D3O0r+RbGDRMe34LRSQI38KiJ3isihOmt2RSZVMTrxY7
+ZDV1jVzVq2glMq9k69r3IfIa50NeriUXNjUj38I2gSjI+VjmZm1vjAWEepCPTHY
7xoq61kKB+oaw2y3jZJQprCIfYBpaBlCGX7bThEDXtaQ+ToA1+sraLB5ZygDlFsV
soV6nsSuHmYlqEGcfjsF6QwrDtsQpT7j+Wy+o4K8RNMHgRn5olkPYddgptE5jJlt
0wQIifcz5x9e7RJtedK6B2/mOKG69L7zZgYa7balztjeQ1DmG4udWj01bUwtVUKF
AgsqAmYCeggX6coWT25b1Im7/Qo6voP40BAbvFDRPxkC0lXu6dIasGUYMDfpl8ek
K7b6sQwwFQOJKvNW0bfLThhpdSkK4z1VZJ7I2hHCL2tcDBsO5LaEjXbHe1lfRN6n
zgcG4vHdHsa1/TwVZa9mNe9H197/gcHmvP0LMtJ1CspoG21/WP5Xlijc+fy9wm1m
XQvdaL1sqGvZJZlQ5aNDCmZpJyok8as10ttN8mcYGM6jLT9e1Y5Es31QDiygZclb
JPysMlKC7Elu/PJ7RNGIgz5KzCOKPqJ8V1XAgAg1hhE9ozAio9XJ4aQ/KXPjtTNl
02oqzVjSkfmPNgQYLqbBIRS80a0T5Feg2htSe1RKQoj5KV4FuAg=
=0Z5T
—–END PGP SIGNATURE—–
—