==========================================================================
Ubuntu Security Notice USN-4681-1
January 06, 2021
linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2,
linux-snapdragon vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 LTS
– Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-kvm: Linux kernel for cloud environments
– linux-raspi2: Linux kernel for Raspberry Pi (V8) systems
– linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors
– linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
Ryan Hall discovered that the Intel 700 Series Ethernet Controllers driver
in the Linux kernel did not properly deallocate memory in some conditions.
A local attacker could use this to cause a denial of service (kernel memory
exhaustion). (CVE-2019-0148)
It was discovered that the console keyboard driver in the Linux kernel
contained a race condition. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2020-25656)
Minh Yuan discovered that the tty driver in the Linux kernel contained race
conditions when handling fonts. A local attacker could possibly use this to
expose sensitive information (kernel memory). (CVE-2020-25668)
Jinoh Kang discovered that the Xen event channel infrastructure in the
Linux kernel contained a race condition. An attacker in guest could
possibly use this to cause a denial of service (dom0 crash).
(CVE-2020-27675)
Minh Yuan discovered that the framebuffer console driver in the Linux
kernel did not properly handle fonts in some conditions. A local attacker
could use this to cause a denial of service (system crash) or possibly
expose sensitive information (kernel memory). (CVE-2020-28974)
It was discovered that Power 9 processors could be coerced to expose
information from the L1 cache in certain situations. A local attacker could
use this to expose sensitive information. (CVE-2020-4788)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
linux-image-4.4.0-1085-kvm 4.4.0-1085.94
linux-image-4.4.0-1119-aws 4.4.0-1119.133
linux-image-4.4.0-1143-raspi2 4.4.0-1143.153
linux-image-4.4.0-1147-snapdragon 4.4.0-1147.157
linux-image-4.4.0-198-generic 4.4.0-198.230
linux-image-4.4.0-198-generic-lpae 4.4.0-198.230
linux-image-4.4.0-198-lowlatency 4.4.0-198.230
linux-image-4.4.0-198-powerpc-e500mc 4.4.0-198.230
linux-image-4.4.0-198-powerpc-smp 4.4.0-198.230
linux-image-4.4.0-198-powerpc64-emb 4.4.0-198.230
linux-image-4.4.0-198-powerpc64-smp 4.4.0-198.230
linux-image-aws 4.4.0.1119.124
linux-image-generic 4.4.0.198.204
linux-image-generic-lpae 4.4.0.198.204
linux-image-kvm 4.4.0.1085.83
linux-image-lowlatency 4.4.0.198.204
linux-image-powerpc-e500mc 4.4.0.198.204
linux-image-powerpc-smp 4.4.0.198.204
linux-image-powerpc64-emb 4.4.0.198.204
linux-image-powerpc64-smp 4.4.0.198.204
linux-image-raspi2 4.4.0.1143.143
linux-image-snapdragon 4.4.0.1147.139
linux-image-virtual 4.4.0.198.204
Ubuntu 14.04 ESM:
linux-image-4.4.0-1083-aws 4.4.0-1083.87
linux-image-4.4.0-198-generic 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-generic-lpae 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-lowlatency 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-powerpc-e500mc 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-powerpc-smp 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-powerpc64-emb 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-powerpc64-smp 4.4.0-198.230~14.04.1
linux-image-aws 4.4.0.1083.80
linux-image-generic-lpae-lts-xenial 4.4.0.198.173
linux-image-generic-lts-xenial 4.4.0.198.173
linux-image-lowlatency-lts-xenial 4.4.0.198.173
linux-image-powerpc-e500mc-lts-xenial 4.4.0.198.173
linux-image-powerpc-smp-lts-xenial 4.4.0.198.173
linux-image-powerpc64-emb-lts-xenial 4.4.0.198.173
linux-image-powerpc64-smp-lts-xenial 4.4.0.198.173
linux-image-virtual-lts-xenial 4.4.0.198.173
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4681-1
CVE-2019-0148, CVE-2020-25656, CVE-2020-25668, CVE-2020-27675,
CVE-2020-28974, CVE-2020-4788
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-198.230
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1119.133
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1085.94
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1143.153
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1147.157
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl/1NSEACgkQLwmejQBe
gfTTiBAAk1OxdeRX6ulDUQG3rpb0nNlkAxQCOY9wxU+EhuJIuR46vwXDiVsRQmID
4uRZogyMcQK7Mm9H+g7Uygzx1GUCpztrfNqN5AaGhOxC7fPv0a7kGtOaelCuzhRh
iWxMDjyUh6hBAVJCBIznhV26EvrQpP5vPfC1XQEH6BNLPR4DyQabVaN+Mfo0Q0aG
ubR1eOsvxdyQiAUpj5xbIZZQECpp3uKBZIzy029TWUhMzcHo1N5BEsBugq4p7oy4
+Hsl1rrMs5YawIaVv8r3OHp8Sm/Fd9ygTkqUX7lfP2oJ85DOUYea3hcSCjTzbr6R
1GPIWZ8ndr3hhBSqsfm88SISIzj2Vx6n62dk+sq1NY+GQPr9IV6zbJ4y7wyPgHtF
EsXpRFPSK6dWRz/RfnrUq2icAYv921ED2AhChYDj++EL0AGn+7Kezp47gwL/8NoA
f/mMp+cOAaxKin9nYhaUx6EF2GEvxlrtiryg+3xD6IIB4RZ/ZPA2YxJcq6IEQ3aV
wb/ZN2JyJG5IlUDYhP0NIfv03QZ0yjQtyF2TG7MGhughHOtr6IJIAP9IwTEfAHg9
H6IRhwhqU0Ui/XTxeRgoy2ziA0GHP86/t3SKDjcKrNNHa9oEEXC3MXY8FM9aXSJC
bTcG2QGH2Jpt7DZ2dZNTdNfnm0181slNJCH3EblG32aSeZ4Wf5w=
=lOr5
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-4679-1
January 06, 2021
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp,
linux-gcp-5.4, linux-gke-5.4, linux-hwe-5.4, linux-kvm, linux-oracle,
linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-azure: Linux kernel for Microsoft Azure Cloud systems
– linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
– linux-kvm: Linux kernel for cloud environments
– linux-oracle: Linux kernel for Oracle Cloud systems
– linux-raspi: Linux kernel for Raspberry Pi (V8) systems
– linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems
– linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems
– linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems
– linux-gke-5.4: Linux kernel for Google Container Engine (GKE) systems
– linux-hwe-5.4: Linux hardware enablement (HWE) kernel
– linux-oracle-5.4: Linux kernel for Oracle Cloud systems
– linux-raspi-5.4: Linux kernel for Raspberry Pi (V8) systems
Details:
It was discovered that the console keyboard driver in the Linux kernel
contained a race condition. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2020-25656)
Minh Yuan discovered that the tty driver in the Linux kernel contained race
conditions when handling fonts. A local attacker could possibly use this to
expose sensitive information (kernel memory). (CVE-2020-25668)
Kiyin (尹亮) discovered that the perf subsystem in the Linux kernel did
not properly deallocate memory in some situations. A privileged attacker
could use this to cause a denial of service (kernel memory exhaustion).
(CVE-2020-25704)
Jinoh Kang discovered that the Xen event channel infrastructure in the
Linux kernel contained a race condition. An attacker in guest could
possibly use this to cause a denial of service (dom0 crash).
(CVE-2020-27675)
Daniel Axtens discovered that PowerPC RTAS implementation in the Linux
kernel did not properly restrict memory accesses in some situations. A
privileged local attacker could use this to arbitrarily modify kernel
memory, potentially bypassing kernel lockdown restrictions.
(CVE-2020-27777)
Minh Yuan discovered that the framebuffer console driver in the Linux
kernel did not properly handle fonts in some conditions. A local attacker
could use this to cause a denial of service (system crash) or possibly
expose sensitive information (kernel memory). (CVE-2020-28974)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.4.0-1026-raspi 5.4.0-1026.29
linux-image-5.4.0-1031-kvm 5.4.0-1031.32
linux-image-5.4.0-1033-gcp 5.4.0-1033.35
linux-image-5.4.0-1034-aws 5.4.0-1034.35
linux-image-5.4.0-1034-oracle 5.4.0-1034.36
linux-image-5.4.0-1035-azure 5.4.0-1035.36
linux-image-5.4.0-59-generic 5.4.0-59.65
linux-image-5.4.0-59-generic-lpae 5.4.0-59.65
linux-image-5.4.0-59-lowlatency 5.4.0-59.65
linux-image-aws 5.4.0.1034.35
linux-image-azure 5.4.0.1035.33
linux-image-gcp 5.4.0.1033.42
linux-image-generic 5.4.0.59.62
linux-image-generic-lpae 5.4.0.59.62
linux-image-kvm 5.4.0.1031.29
linux-image-lowlatency 5.4.0.59.62
linux-image-oem 5.4.0.59.62
linux-image-oem-osp1 5.4.0.59.62
linux-image-oracle 5.4.0.1034.31
linux-image-raspi 5.4.0.1026.61
linux-image-raspi2 5.4.0.1026.61
linux-image-virtual 5.4.0.59.62
Ubuntu 18.04 LTS:
linux-image-5.4.0-1026-raspi 5.4.0-1026.29~18.04.1
linux-image-5.4.0-1033-gcp 5.4.0-1033.35~18.04.1
linux-image-5.4.0-1033-gke 5.4.0-1033.35~18.04.1
linux-image-5.4.0-1034-aws 5.4.0-1034.35~18.04.1
linux-image-5.4.0-1034-oracle 5.4.0-1034.36~18.04.1
linux-image-5.4.0-1035-azure 5.4.0-1035.36~18.04.1
linux-image-5.4.0-59-generic 5.4.0-59.65~18.04.1
linux-image-5.4.0-59-generic-lpae 5.4.0-59.65~18.04.1
linux-image-5.4.0-59-lowlatency 5.4.0-59.65~18.04.1
linux-image-aws 5.4.0.1034.19
linux-image-azure 5.4.0.1035.17
linux-image-gcp 5.4.0.1033.21
linux-image-generic-hwe-18.04 5.4.0.59.65~18.04.54
linux-image-generic-lpae-hwe-18.04 5.4.0.59.65~18.04.54
linux-image-gke-5.4 5.4.0.1033.35~18.04.2
linux-image-lowlatency-hwe-18.04 5.4.0.59.65~18.04.54
linux-image-oem 5.4.0.59.65~18.04.54
linux-image-oem-osp1 5.4.0.59.65~18.04.54
linux-image-oracle 5.4.0.1034.36~18.04.18
linux-image-raspi-hwe-18.04 5.4.0.1026.30
linux-image-snapdragon-hwe-18.04 5.4.0.59.65~18.04.54
linux-image-virtual-hwe-18.04 5.4.0.59.65~18.04.54
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4679-1
CVE-2020-25656, CVE-2020-25668, CVE-2020-25704, CVE-2020-27675,
CVE-2020-27777, CVE-2020-28974
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.4.0-59.65
https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1034.35
https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1035.36
https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1033.35
https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1031.32
https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1034.36
https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1026.29
https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1034.35~18.04.1
https://launchpad.net/ubuntu/+source/linux-azure-5.4/5.4.0-1035.36~18.04.1
https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1033.35~18.04.1
https://launchpad.net/ubuntu/+source/linux-gke-5.4/5.4.0-1033.35~18.04.1
https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-59.65~18.04.1
https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1034.36~18.04.1
https://launchpad.net/ubuntu/+source/linux-raspi-5.4/5.4.0-1026.29~18.04.1
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl/1NOUACgkQLwmejQBe
gfSNkQ//fTPEoxFEuTzBrNmy17ZL53gI7Lh7WoPmseV7ID0ni8xZRTUVks14TSxr
kI/245vNpdwmPaFCjDCI0JQrAqe5sAIBpxM6kVq5D8jPpan3dSBTQEuSmn3DE7zr
OnRc76k1vz3v5u2d70Jtp/j/6lj571j/BnkQ65Lku3LFboJgMVQrR7pQ1nA4NqmT
Mo8svP7PjvwhMmc3/G5ctIoqGHsaRSU9AmwzVRudI5ocveAK3Mz14LpnAQifSWPJ
Ime4Zoj4YNIkCgTLvBRf2M1m2aiucOq9ZeKQZ5FKrNzaCibB3mJJZ8jowc2jFtXi
uXmxQT+QXh6Wzrz7r9qFB6iO66+hj5fR0oNjeeDfh2zQAc+M2HbM6KtxwububOvo
hdF4ug5sNGiJgOrQNwobuZpor/mvSEpdLpb52gehczKS7X4mevqB4MYab+AZlra+
NwwQ1ZxjOfjbIMlqR3esRD1kS6B3Rf7U0RXaL9msddjCLZkJkR9lobeR61Z8gCDU
Lw1SiYAHLCu2moFcB0+3dFRlnbR4WYtw8F19f25BWMr68dEJMT6AlWkvBnihKDLp
Gb0wzQURa+SX7tFu/4FhC4sQKeO8VGxBWr71wps213QgGQtzvWgkudky1gSmyW8j
giBxUUMdKcWg3ZKOgTXtGwmY5VgSPgZuTqH4tDCWsUQ35OdY6tE=
=a8PP
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-4678-1
January 06, 2021
linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle,
linux-raspi vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.10
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-azure: Linux kernel for Microsoft Azure Cloud systems
– linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
– linux-kvm: Linux kernel for cloud environments
– linux-oracle: Linux kernel for Oracle Cloud systems
– linux-raspi: Linux kernel for Raspberry Pi (V8) systems
Details:
It was discovered that the AMD Running Average Power Limit (RAPL) driver in
the Linux kernel did not properly restrict access to power data. A local
attacker could possibly use this to expose sensitive information.
(CVE-2020-12912)
Jann Horn discovered that the io_uring subsystem in the Linux kernel did
not properly perform reference counting in some situations. A local
attacker could use this to expose sensitive information or possibly
escalate privileges. (CVE-2020-29534)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
linux-image-5.8.0-1011-raspi 5.8.0-1011.14
linux-image-5.8.0-1011-raspi-nolpae 5.8.0-1011.14
linux-image-5.8.0-1014-kvm 5.8.0-1014.15
linux-image-5.8.0-1014-oracle 5.8.0-1014.14
linux-image-5.8.0-1015-gcp 5.8.0-1015.15
linux-image-5.8.0-1016-azure 5.8.0-1016.17
linux-image-5.8.0-1017-aws 5.8.0-1017.18
linux-image-5.8.0-34-generic 5.8.0-34.37
linux-image-5.8.0-34-generic-64k 5.8.0-34.37
linux-image-5.8.0-34-generic-lpae 5.8.0-34.37
linux-image-5.8.0-34-lowlatency 5.8.0-34.37
linux-image-aws 5.8.0.1017.19
linux-image-azure 5.8.0.1016.16
linux-image-gcp 5.8.0.1015.15
linux-image-generic 5.8.0.34.39
linux-image-generic-64k 5.8.0.34.39
linux-image-generic-lpae 5.8.0.34.39
linux-image-gke 5.8.0.1015.15
linux-image-kvm 5.8.0.1014.16
linux-image-lowlatency 5.8.0.34.39
linux-image-oracle 5.8.0.1014.14
linux-image-raspi 5.8.0.1011.14
linux-image-raspi-nolpae 5.8.0.1011.14
linux-image-virtual 5.8.0.34.39
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4678-1
CVE-2020-12912, CVE-2020-29534
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.8.0-34.37
https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1017.18
https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1016.17
https://launchpad.net/ubuntu/+source/linux-gcp/5.8.0-1015.15
https://launchpad.net/ubuntu/+source/linux-kvm/5.8.0-1014.15
https://launchpad.net/ubuntu/+source/linux-oracle/5.8.0-1014.14
https://launchpad.net/ubuntu/+source/linux-raspi/5.8.0-1011.14
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl/1NNYACgkQLwmejQBe
gfTbwg/+K7h8XhxrMCef0SNFOCF34OvrBUDU0X53kfyzCnavWzZvXkpaKfEzrf6a
PAywyeeMEFE9dWMuewgkTXarDYqN3+v+qUxZW2DEu7p4PHFeXthyROf8R4wQyTpe
CQVL/kK6piNwtE/pz+IpwHdKZ+TY33OMKBnKTZy20g9PlHZe0HeNQ87zVTdFxobM
7BSYkWHP7V9kKle+dYEAUoHMQ8L6JuDm9TX7vgjkoNg/9LalwN3cz40MZyOsSef4
bVX22KjwofssSnSpATdGEE/Sp42C7df7MZpkXE2DH/2Lkac+JsL3FAZGhkJXqbda
H86tRRazisY3KmDksmvFOmC2TbxsmFR+0pevf2aqOaHlErw8D1zpLgWwWGx7wPBk
cuV5/sOX+MMqDG1Lh4YGZkTfk4HVewM5NfIZ9pwKmd/HjVo2YliUkQkJZiG8DpPt
RI0l9C0JyFuzdw/SNU2nL9c6MZuKUY5iF44isUwHXL3p0rCWumwlk8WQtw6Tpvci
7kJc54X9qC+qUxQuiED5XIMp6kLzFBpa+Soj4vpPG1ozVKtifU9Kk2tIbgrg0BZL
31bG0G5EDzuS4z/ilnR9LjAD5jzz6suqrSgaejG9UioxnLFnSI0WrCkzApGQLjLD
q3FJmDvDH+XtAQQzebVsoRpWBBteUqsaWc6Kvjm7jmYQCUD+gEw=
=xQYD
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-4680-1
January 06, 2021
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp,
linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle,
linux-raspi2, linux-snapdragon vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems
– linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
– linux-gke-4.15: Linux kernel for Google Container Engine (GKE) systems
– linux-kvm: Linux kernel for cloud environments
– linux-oracle: Linux kernel for Oracle Cloud systems
– linux-raspi2: Linux kernel for Raspberry Pi (V8) systems
– linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors
– linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
– linux-azure: Linux kernel for Microsoft Azure Cloud systems
– linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
– linux-hwe: Linux hardware enablement (HWE) kernel
Details:
It was discovered that debugfs in the Linux kernel as used by blktrace
contained a use-after-free in some situations. A privileged local attacker
could possibly use this to cause a denial of service (system crash).
(CVE-2019-19770)
It was discovered that a race condition existed in the binder IPC
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2020-0423)
Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered
that legacy pairing and secure-connections pairing authentication in the
Bluetooth protocol could allow an unauthenticated user to complete
authentication without pairing credentials via adjacent access. A
physically proximate attacker could use this to impersonate a previously
paired Bluetooth device. (CVE-2020-10135)
It was discovered that the console keyboard driver in the Linux kernel
contained a race condition. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2020-25656)
Minh Yuan discovered that the tty driver in the Linux kernel contained race
conditions when handling fonts. A local attacker could possibly use this to
expose sensitive information (kernel memory). (CVE-2020-25668)
Keyu Man discovered that the ICMP global rate limiter in the Linux kernel
could be used to assist in scanning open UDP ports. A remote attacker could
use to facilitate attacks on UDP based services that depend on source port
randomization. (CVE-2020-25705)
Jinoh Kang discovered that the Xen event channel infrastructure in the
Linux kernel contained a race condition. An attacker in guest could
possibly use this to cause a denial of service (dom0 crash).
(CVE-2020-27675)
Daniel Axtens discovered that PowerPC RTAS implementation in the Linux
kernel did not properly restrict memory accesses in some situations. A
privileged local attacker could use this to arbitrarily modify kernel
memory, potentially bypassing kernel lockdown restrictions.
(CVE-2020-27777)
Minh Yuan discovered that the framebuffer console driver in the Linux
kernel did not properly handle fonts in some conditions. A local attacker
could use this to cause a denial of service (system crash) or possibly
expose sensitive information (kernel memory). (CVE-2020-28974)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
linux-image-4.15.0-1062-oracle 4.15.0-1062.68
linux-image-4.15.0-1077-gke 4.15.0-1077.82
linux-image-4.15.0-1077-raspi2 4.15.0-1077.82
linux-image-4.15.0-1082-kvm 4.15.0-1082.84
linux-image-4.15.0-1091-aws 4.15.0-1091.96
linux-image-4.15.0-1091-gcp 4.15.0-1091.104
linux-image-4.15.0-1094-snapdragon 4.15.0-1094.103
linux-image-4.15.0-1103-azure 4.15.0-1103.114
linux-image-4.15.0-129-generic 4.15.0-129.132
linux-image-4.15.0-129-generic-lpae 4.15.0-129.132
linux-image-4.15.0-129-lowlatency 4.15.0-129.132
linux-image-aws-lts-18.04 4.15.0.1091.93
linux-image-azure-lts-18.04 4.15.0.1103.76
linux-image-gcp-lts-18.04 4.15.0.1091.109
linux-image-generic 4.15.0.129.116
linux-image-generic-lpae 4.15.0.129.116
linux-image-gke 4.15.0.1077.81
linux-image-gke-4.15 4.15.0.1077.81
linux-image-kvm 4.15.0.1082.78
linux-image-lowlatency 4.15.0.129.116
linux-image-oracle-lts-18.04 4.15.0.1062.72
linux-image-powerpc-e500mc 4.15.0.129.116
linux-image-powerpc-smp 4.15.0.129.116
linux-image-powerpc64-emb 4.15.0.129.116
linux-image-powerpc64-smp 4.15.0.129.116
linux-image-raspi2 4.15.0.1077.74
linux-image-snapdragon 4.15.0.1094.97
linux-image-virtual 4.15.0.129.116
Ubuntu 16.04 LTS:
linux-image-4.15.0-1062-oracle 4.15.0-1062.68~16.04.1
linux-image-4.15.0-1091-aws 4.15.0-1091.96~16.04.1
linux-image-4.15.0-1091-gcp 4.15.0-1091.104~16.04.1
linux-image-4.15.0-1103-azure 4.15.0-1103.114~16.04.1
linux-image-4.15.0-129-generic 4.15.0-129.132~16.04.1
linux-image-4.15.0-129-generic-lpae 4.15.0-129.132~16.04.1
linux-image-4.15.0-129-lowlatency 4.15.0-129.132~16.04.1
linux-image-aws-hwe 4.15.0.1091.85
linux-image-azure 4.15.0.1103.96
linux-image-gcp 4.15.0.1091.92
linux-image-generic-hwe-16.04 4.15.0.129.128
linux-image-generic-lpae-hwe-16.04 4.15.0.129.128
linux-image-gke 4.15.0.1091.92
linux-image-lowlatency-hwe-16.04 4.15.0.129.128
linux-image-oem 4.15.0.129.128
linux-image-oracle 4.15.0.1062.51
linux-image-virtual-hwe-16.04 4.15.0.129.128
Ubuntu 14.04 ESM:
linux-image-4.15.0-1103-azure 4.15.0-1103.114~14.04.1
linux-image-azure 4.15.0.1103.78
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4680-1
CVE-2019-19770, CVE-2020-0423, CVE-2020-10135, CVE-2020-25656,
CVE-2020-25668, CVE-2020-25705, CVE-2020-27675, CVE-2020-27777,
CVE-2020-28974
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.15.0-129.132
https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1091.96
https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1103.114
https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1091.104
https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1077.82
https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1082.84
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1062.68
https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1077.82
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1094.103
https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1091.96~16.04.1
https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1103.114~16.04.1
https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1091.104~16.04.1
https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-129.132~16.04.1
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1062.68~16.04.1
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl/1NPYACgkQLwmejQBe
gfT/YA//ZNdDtAqTcnrbIcHvNmsBA3V1c/hQS75iDuRIYmQC0dqX7z0HB6428ZNh
8CwtfZ2MQCF8e8hJHo36ztS4BORRs7vQU6TeN5QDXoOayfbr1fwfXogxTvoOZ6VM
7rqvTg1Rfjta93ZCVtgWgbFpGBv7Ad4rkZxYmxlY5rtn4n5RF/t62EBY3MQ+aJD5
N9kyUyG2k+oSMy+eJs1vO4dQjCXBMwm95WeQz7G9taefpKRnDKxBsaVPi9y5L2Qk
P2zeEft4fL0nRCOduozrpbIwD1Kbuq5HM2Oe9+9aGelmBsNdMOaQiSQLeSaul4vN
9OMfy9OOMeNZT890ktGHDWccMurpFFxwrIR16EKofkqVIa0PhhrQ7W86yyLCNzzh
+ml+lVesHOw0lZLv7yOiWgiNuMCMW7K86cudfBakoua5V7IiyZj7BWo3zr5savhQ
ofMDnFA8VKTEhwIv61MNJK+cWvFwTPprvCgPI3+O6MaWVflAjTOSd4VkYHY8Zjpb
lWFMRQx3HmHSYeLO1cgEhBGWgaR8uK83gPHKzIWYlro4lDJkG3c/D/X/CEbp1T28
9jHDWrxBcScg07l2EGN3uc/Bf/EGr10u8XdFuvWGJWWUAbGWeLhjSo+Ot5L7GapQ
fi2+oiygry341ARJSDrNJ4oX1EB73Fd7KY/E/oSHKUTb2mG6zOE=
=ZKR6
—–END PGP SIGNATURE—–
—