You are here
Home > Preporuke > Sigurnosni nedostaci jezgre operacijskog sustava

Sigurnosni nedostaci jezgre operacijskog sustava

==========================================================================
Ubuntu Security Notice USN-4007-2
June 04, 2019

linux-aws-hwe, linux-hwe, linux-oracle vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

A system hardening measure could be bypassed.

Software Description:
– linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
– linux-hwe: Linux hardware enablement (HWE) kernel
– linux-oracle: Linux kernel for Oracle Cloud systems

Details:

USN-4007-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu
16.04 LTS.

Federico Manuel Bento discovered that the Linux kernel did not properly
apply Address Space Layout Randomization (ASLR) in some situations for
setuid a.out binaries. A local attacker could use this to improve the
chances of exploiting an existing vulnerability in a setuid a.out binary.

As a hardening measure, this update disables a.out support.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.15.0-1014-oracle 4.15.0-1014.16~16.04.1
linux-image-4.15.0-1040-aws 4.15.0-1040.42~16.04.1
linux-image-4.15.0-51-generic 4.15.0-51.55~16.04.1
linux-image-4.15.0-51-generic-lpae 4.15.0-51.55~16.04.1
linux-image-4.15.0-51-lowlatency 4.15.0-51.55~16.04.1
linux-image-aws-hwe 4.15.0.1040.40
linux-image-generic-hwe-16.04 4.15.0.51.72
linux-image-generic-lpae-hwe-16.04 4.15.0.51.72
linux-image-lowlatency-hwe-16.04 4.15.0.51.72
linux-image-oem 4.15.0.51.72
linux-image-oracle 4.15.0.1014.8
linux-image-virtual-hwe-16.04 4.15.0.51.72

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4007-2
https://usn.ubuntu.com/4007-1
CVE-2019-11191

Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1040.42~16.04.1
https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-51.55~16.04.1
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1014.16~16.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAlz2+EIACgkQLwmejQBe
gfTlXRAAptYScthbgJ2wf2qIl708UfgiQmFmZhjAVS/GqJZp25K7zLv38VW3Mkgz
1QqDt+8Mn//pFGRfQS6/mSyRED52Cd3s3HDPNxNZ2ObnrrzE1HDec6pVqNy/zwmW
v/+RKNiyrNuRDIdJb/Uxtr21j26desmwMnUA/CvWpwsPnXExyJQMeII7b7CV/TK4
E14/4nMRTU+534GxpGAZv7qVkqkki0ehBChol+yrJsjQoM46MDfsVCj91+C/Xgep
tXPW1Sm7r0G/ji7dXoOyBiVsWetGVytNfjvsNFnmqH8mVSQf7VGjqYwqzSyK3guq
mQ+BwV5TtGoLYO+unw9YonT4HsW/SN94WZUZtG+s3Z0sHU4K/NXVExxT7UNM5FrU
q9VXqDp4CbbDRNFGzo28zwi8eSQZCtR4tfrczteBT+lSWi4jsFDtrBNt+eisM0QR
TAqhBtxt9/b74IT9UUPhsX5LgDNg9vvJHNQ5jSn16g0nXi8/q/YyLZRkBR0reld6
GdLmRZbAVRyYBvafHeMwqyrWFJ5EQsAyik6EHiO/SN+9+0+GHQirKfbM8A6EtWVC
uyA8Br27oGjC32RmTiXc8BX06T8fxYSlEJxa3j/ubZa7WmS8183nVXmoMKY1eYPy
keQOpwZQfUAj9L9FJ5atq0+g6o+6lFF3CkJuVIwZwGAbkCl59NU=
=qbWv
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4006-2
June 04, 2019

linux-hwe vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS

Summary:

A system hardening measure could be bypassed.

Software Description:
– linux-hwe: Linux hardware enablement (HWE) kernel

Details:

USN-4006-1 fixed a vulnerability in the Linux kernel for Ubuntu 18.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS.

Federico Manuel Bento discovered that the Linux kernel did not properly
apply Address Space Layout Randomization (ASLR) in some situations for
setuid a.out binaries. A local attacker could use this to improve the
chances of exploiting an existing vulnerability in a setuid a.out binary.

As a hardening measure, this update disables a.out support.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
linux-image-4.18.0-21-generic 4.18.0-21.22~18.04.1
linux-image-4.18.0-21-generic-lpae 4.18.0-21.22~18.04.1
linux-image-4.18.0-21-lowlatency 4.18.0-21.22~18.04.1
linux-image-4.18.0-21-snapdragon 4.18.0-21.22~18.04.1
linux-image-generic-hwe-18.04 4.18.0.21.71
linux-image-generic-lpae-hwe-18.04 4.18.0.21.71
linux-image-lowlatency-hwe-18.04 4.18.0.21.71
linux-image-snapdragon-hwe-18.04 4.18.0.21.71

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4006-2
https://usn.ubuntu.com/4006-1
CVE-2019-11191

Package Information:
https://launchpad.net/ubuntu/+source/linux-hwe/4.18.0-21.22~18.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAlz2+DUACgkQLwmejQBe
gfRT5g/9HHxLBHevGdRamQCNIs4tHbbM+UgXq6BF9YdJPmrXSv2kOwOpNS5yc0nn
Y6PDfxXPF2XssBPMU5ofWv4RRBzHQ6kPDWOeJx3LXO+XnOL56WoYGIYYzYBVz9do
nJ8/WVfDUJAlfejHYoS92Yhksb01KTPZeEhx4z9204lf/r9GfGhvv7p6+D6Qv+/R
HvkTehlH8AWPRMUL7OpQSRrk8NqcFLjE6Tq7P6NNDPFJitseALO7e/kHKqXu97XC
Rzodu2D1BbcEmxij80sCDJhfLLgVRlveMbXfE93z8gNYsznmkT+tCv+elXOEsGmh
c1/18Nn5R3XF8InFX1cpndfiVB5m6870e5+BGAnDmyvqhZOu5Ctn85MU9FLaksJZ
h5koxxjihZqh8tbaH3mHbBck0qlw4kzi3ijqj3mwaP5wuDWZ49Vp0kjCTb8lhg2u
YmMl7KSW3kQc9WEnLBYMFlUUnYfE6MRtLW1BHeclylV3BdpSZpaK20UPOcCVjMYD
Epb+rxyt1UMyWSB2ymVO3AjGRmK53Xds1YhBY8Rm6zmuP947om6rgpWjsa3s03av
kisvdbRvPu0CbXPk7G3+gTELn9D5kv/lofaA6XRiEWuKyE7iwkBkXqtC9oeFQ7rQ
kvs1aj5vExwkd3mcdPP1nhVeWuvFIlZztseCmSF37s2bhn/VHbU=
=BMoE
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4008-1
June 04, 2019

linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-kvm: Linux kernel for cloud environments
– linux-raspi2: Linux kernel for Raspberry Pi 2
– linux-snapdragon: Linux kernel for Snapdragon processors

Details:

Robert Święcki discovered that the Linux kernel did not properly apply
Address Space Layout Randomization (ASLR) in some situations for setuid elf
binaries. A local attacker could use this to improve the chances of
exploiting an existing vulnerability in a setuid elf binary.
(CVE-2019-11190)

It was discovered that a null pointer dereference vulnerability existed in
the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash). (CVE-2019-11810)

It was discovered that a race condition leading to a use-after-free existed
in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux
kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2019-11815)

Federico Manuel Bento discovered that the Linux kernel did not properly
apply Address Space Layout Randomization (ASLR) in some situations for
setuid a.out binaries. A local attacker could use this to improve the
chances of exploiting an existing vulnerability in a setuid a.out binary.
(CVE-2019-11191)

As a hardening measure, this update disables a.out support.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.4.0-1047-kvm 4.4.0-1047.53
linux-image-4.4.0-1084-aws 4.4.0-1084.94
linux-image-4.4.0-1110-raspi2 4.4.0-1110.118
linux-image-4.4.0-1114-snapdragon 4.4.0-1114.119
linux-image-4.4.0-150-generic 4.4.0-150.176
linux-image-4.4.0-150-generic-lpae 4.4.0-150.176
linux-image-4.4.0-150-lowlatency 4.4.0-150.176
linux-image-4.4.0-150-powerpc-e500mc 4.4.0-150.176
linux-image-4.4.0-150-powerpc-smp 4.4.0-150.176
linux-image-4.4.0-150-powerpc64-emb 4.4.0-150.176
linux-image-4.4.0-150-powerpc64-smp 4.4.0-150.176
linux-image-aws 4.4.0.1084.87
linux-image-generic 4.4.0.150.158
linux-image-generic-lpae 4.4.0.150.158
linux-image-kvm 4.4.0.1047.47
linux-image-lowlatency 4.4.0.150.158
linux-image-powerpc-e500mc 4.4.0.150.158
linux-image-powerpc-smp 4.4.0.150.158
linux-image-powerpc64-emb 4.4.0.150.158
linux-image-powerpc64-smp 4.4.0.150.158
linux-image-raspi2 4.4.0.1110.110
linux-image-snapdragon 4.4.0.1114.106
linux-image-virtual 4.4.0.150.158

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4008-1
CVE-2019-11190, CVE-2019-11191, CVE-2019-11810, CVE-2019-11815

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-150.176
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1084.94
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1047.53
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1110.118
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1114.119

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAlz2+CoACgkQLwmejQBe
gfRPPhAAnwdOVl/tBOaZA6hKUVJkVBPqG0cv2S2V8c1Q74KmX0XInzTOv928jVwK
EeuRo/MnOZCjqzKe3Ilg3/F/EGAo5kILL9OqUbZijrBn0eDPql6xbNHMMXUsbSyR
jvCz8d/WKnMAa8E4KygpmBypj0YXFZoX03YdBrP3UyJFjl+6UtiC/i+ecB+MyIfQ
/D2U0373ZsQGcO5BeVgVSc6cK91rFavoINsTvCd5jDtyycor4z5H8bQlOs4paqmi
zMV2+8IMBYU0QOKO+bkW6DGMP55fuKV6hg3sCQijuHVcEo2qtuOA/j9VV7IRukzh
gXinRHDJcpoHC78LmXlzAXR5/8ECSmpxmmT/mkpOac4JYuDq8QCKX6GxI/Jok1OW
lu7Rs+QqWW7Pxg/rILw/WD/scPWwA58ynRTnQz8EMuMcMWhxaKP+OR3BQ22tXBih
cGq/w1qW8wU09THvPyipq1Gncr8ogsq4FI1Jk42m/AEaGBGXxnN4g/wWLpU7pL7h
5FUxEhtof48Rkcy1htRwn3t41Ft4uWcICG+lym1Lo9HgCQjgYeCBIwjHZXVCxdUs
sgGGsmbUqgegf9veKPldhDyEdFg28FqG2ahNcES5YpJOkq2g4/rbCidyeM2s644q
3Ni7Acq7SxwnUTawPZWofGmsSQ2rEndqYrIJCoqcj+hS8iJL/aE=
=ZXSL
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4007-1
June 04, 2019

linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle,
linux-raspi2, linux-snapdragon vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS

Summary:

A system hardening measure could be bypassed.

Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
– linux-kvm: Linux kernel for cloud environments
– linux-meta:
– linux-oem: Linux kernel for OEM processors
– linux-oracle: Linux kernel for Oracle Cloud systems
– linux-raspi2: Linux kernel for Raspberry Pi 2
– linux-snapdragon: Linux kernel for Snapdragon processors

Details:

Federico Manuel Bento discovered that the Linux kernel did not properly
apply Address Space Layout Randomization (ASLR) in some situations for
setuid a.out binaries. A local attacker could use this to improve the
chances of exploiting an existing vulnerability in a setuid a.out binary.

As a hardening measure, this update disables a.out support.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
linux-image-4.15.0-1014-oracle 4.15.0-1014.16
linux-image-4.15.0-1033-gcp 4.15.0-1033.35
linux-image-4.15.0-1035-kvm 4.15.0-1035.35
linux-image-4.15.0-1037-raspi2 4.15.0-1037.39
linux-image-4.15.0-1039-oem 4.15.0-1039.44
linux-image-4.15.0-1040-aws 4.15.0-1040.42
linux-image-4.15.0-1054-snapdragon 4.15.0-1054.58
linux-image-4.15.0-51-generic 4.15.0-51.55
linux-image-4.15.0-51-generic-lpae 4.15.0-51.55
linux-image-4.15.0-51-lowlatency 4.15.0-51.55
linux-image-aws 4.15.0.1040.39
linux-image-gcp 4.15.0.1033.35
linux-image-generic 4.15.0.51.53
linux-image-generic-lpae 4.15.0.51.53
linux-image-kvm 4.15.0.1035.35
linux-image-lowlatency 4.15.0.51.53
linux-image-oem 4.15.0.1039.43
linux-image-oracle 4.15.0.1014.17
linux-image-raspi2 4.15.0.1037.35
linux-image-snapdragon 4.15.0.1054.57

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4007-1
CVE-2019-11191

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.15.0-51.55
https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1040.42
https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1033.35
https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1035.35
https://launchpad.net/ubuntu/+source/linux-meta/4.15.0.51.53
https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1039.44
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1014.16
https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1037.39
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1054.58

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAlz2+BsACgkQLwmejQBe
gfRCsA//blHGn/JpfmPPHuArBf3nd4g7IhqhlZkJOqF+k6epkCuwXPgyEGD5+9+6
6TRDJGUCCSoQAoe72Ia4hBFHddgnPZU1pSIzRs6eaNKuftsPdqY3AEBFzsKXUtu6
xG7xqFZcre6a6gUUy7/lI1YU8MrgIiQOBm8kcsLJirxC4CNhjKG497e39xJ10f80
UMB/oByDeBYGJG0RjkcOfK4uXWtSxzs7wLDoYvGgMSunfqa/FDwcLBj/vxIq5hg4
yKQcwalLJdmIZams1kIXxXqFWqjSW1M+fsppTTEacgx1sT6XC86XLYF2326xzoYU
c1bnvmGzjlrO0LxaroJpY53a2rsLi5nACOE07MIUom89J4addfFJKb8hCoIXD2vt
iDB0qcDYcDxS65rWRT88rPbGr/aHH/vxDXA90LUEkVQi6zAR9nB494xOFHcU+twg
Rsxa0TiLt3GEwRerv/awqT9QC73ZMDteMTtDMLFpJrMGpyXCYZ9oyCySws2fnhLS
RjvdEv04nUuNOPYEO73cUTUq2jSCQnm3zC1o1+wmwYByUGdTcRs4okbHtcFDwJoL
k3f69jkIx4RvAg/ApA0wLyzLcvfF/0HDycuqVqXeNujEzqgWyMFqLOp+SKc/i377
IbFW7Lp519XT/DRZxPhMkC/wtbYzLE5ixwohNhH3RQDa2BvcYEM=
=3geN
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4006-1
June 04, 2019

linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.10

Summary:

A system hardening measure could be bypassed.

Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
– linux-kvm: Linux kernel for cloud environments
– linux-raspi2: Linux kernel for Raspberry Pi 2

Details:

Federico Manuel Bento discovered that the Linux kernel did not properly
apply Address Space Layout Randomization (ASLR) in some situations for
setuid a.out binaries. A local attacker could use this to improve the
chances of exploiting an existing vulnerability in a setuid a.out binary.

As a hardening measure, this update disables a.out support.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
linux-image-4.18.0-1012-gcp 4.18.0-1012.13
linux-image-4.18.0-1013-kvm 4.18.0-1013.13
linux-image-4.18.0-1015-raspi2 4.18.0-1015.17
linux-image-4.18.0-1017-aws 4.18.0-1017.19
linux-image-4.18.0-21-generic 4.18.0-21.22
linux-image-4.18.0-21-generic-lpae 4.18.0-21.22
linux-image-4.18.0-21-lowlatency 4.18.0-21.22
linux-image-4.18.0-21-snapdragon 4.18.0-21.22
linux-image-aws 4.18.0.1017.17
linux-image-gcp 4.18.0.1012.12
linux-image-generic 4.18.0.21.22
linux-image-generic-lpae 4.18.0.21.22
linux-image-gke 4.18.0.1012.12
linux-image-kvm 4.18.0.1013.13
linux-image-lowlatency 4.18.0.21.22
linux-image-raspi2 4.18.0.1015.12
linux-image-snapdragon 4.18.0.21.22

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4006-1
CVE-2019-11191

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.18.0-21.22
https://launchpad.net/ubuntu/+source/linux-aws/4.18.0-1017.19
https://launchpad.net/ubuntu/+source/linux-gcp/4.18.0-1012.13
https://launchpad.net/ubuntu/+source/linux-kvm/4.18.0-1013.13
https://launchpad.net/ubuntu/+source/linux-raspi2/4.18.0-1015.17

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAlz29/oACgkQLwmejQBe
gfQx2A/+J1PPpAVQbnNFztyJ8f87/3iBc3bycrEB36sqrUTZPifQwiIYlHkh1RTx
mSq4LPGnLwKzldbrh4iUJ1ccsDiu7jpuGB04132yJSParvPN+NlsVjKUHx3ulULZ
BMwfhbQ781rXcaRLVla/D+wxCoEL7UMveU6dOy74+6exPT/7F88ktRbCFN4/Z2tP
7QUui+TOvG8Vit5EiCy1xqerjjhbafkezz2TJOu3yT6JHRTBM29AKbQq1koSzoVx
v0K3hBNk9txakR9rlZxOSjaPsNdHUAAYpsliUmEOVLvyUZHTzqnHoPu7rgvcUrKJ
Npp7+lZx3z7jxwg2VJBPuyhxjWWr433jEsS3tP7a7ss7+LvLHLBJ3+suMbulAvgX
1AuWK3w9gxtRflrV3zpiJSTd0FCuNWj8DMstxYZJAkFpYzMpBzwnbaABbqxSkZkf
8NGLTNTu16oyzUU8d64C88pBPuZaNE3M0stertTjc6MYKt8+tXwSAFnDALZ0qq49
m5N66t4j9G6ce/Q36rw3CRhV/X3EtezGxieECMDKwnF1juPIbeVTt7qhgUmDqDy7
jU9owwKPl1PyDKDcteYuq+lsExo0ZFhWp2IWfjZG89aYm7wR0DW680JISmSwntNH
ndhypCT6SML8N10VwOwo8YdL+Bxmq0X9BEz3oic6e2pHdgzZfNg=
=WpbS
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4005-1
June 04, 2019

linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon
vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
– linux-kvm: Linux kernel for cloud environments
– linux-raspi2: Linux kernel for Raspberry Pi 2
– linux-snapdragon: Linux kernel for Snapdragon processors

Details:

It was discovered that a null pointer dereference vulnerability existed in
the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash). (CVE-2019-11810)

It was discovered that a race condition leading to a use-after-free existed
in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux
kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2019-11815)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
linux-image-5.0.0-1007-aws 5.0.0-1007.7
linux-image-5.0.0-1007-gcp 5.0.0-1007.7
linux-image-5.0.0-1007-kvm 5.0.0-1007.7
linux-image-5.0.0-1009-raspi2 5.0.0-1009.9
linux-image-5.0.0-1013-snapdragon 5.0.0-1013.13
linux-image-5.0.0-16-generic 5.0.0-16.17
linux-image-5.0.0-16-generic-lpae 5.0.0-16.17
linux-image-5.0.0-16-lowlatency 5.0.0-16.17
linux-image-aws 5.0.0.1007.7
linux-image-gcp 5.0.0.1007.7
linux-image-generic 5.0.0.16.17
linux-image-generic-lpae 5.0.0.16.17
linux-image-gke 5.0.0.1007.7
linux-image-kvm 5.0.0.1007.7
linux-image-lowlatency 5.0.0.16.17
linux-image-raspi2 5.0.0.1009.6
linux-image-snapdragon 5.0.0.1013.6

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4005-1
CVE-2019-11810, CVE-2019-11815

Package Information:
https://launchpad.net/ubuntu/+source/linux/5.0.0-16.17
https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1007.7
https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1007.7
https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1007.7
https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1009.9
https://launchpad.net/ubuntu/+source/linux-snapdragon/5.0.0-1013.13

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAlz299gACgkQLwmejQBe
gfR4KA//ZyPCP2gy/mtIgHPKFhfkDP+LOcfCXF/v2fnmG9EnnRNTSMLc8EQwpf98
GpSTM9GqnyEo9eEUbbT/k9TpS/AuE7LQjCQJL9n/qeALThbV5dRckuPh3PMFkYOD
EgrWgnPtnMNBw43sHQXcNuS2/U+tMNUzvzHRemuL6b0HZgNej4vYgUvEoMu9XvGf
I3RddIEIf8W9xAgB/SUqA9AlPuMf0B/fvLW9M2U/9QpnK2wm2mgTeh7u2CHewldj
2njrc3iwKh7Uf9DvkvAUzF++1GxJy6ZAA183yBctQxLZDhqYLcXnqfSoh2FH9zxG
cbgQ2GHrQKeXQxU6CGRqH8/PtFogThnmhFXrvmwmL2KyLQma7X9owbZAaGGc7Cbw
VBp5A4JzRrrmv+UMAbpYkSqC4E4wVsMKGTkhl5nyt4rl1ATr1/PO0m23MyL49oka
Vvh7cT1X+dlpWmCgLrafO3u9FDY4tJaQOcmOVnKRssTSWbiO9OhbJOPXj4KVxHye
S0Ncy7vypC16DQT23P9CEOkD5A5pAtba9RlrRhzCkRQIfzvfucd4CMDhlxRdeRxE
eZXiatDiq+pnS8Ly5PAWdWT8sMtgFruDxWrFcU+6s3Hn/0RsaHoNm2yhfqVoPRpO
QmxqdedTnYMyCs7UiQxPU4unBXbP9CjrMW6aabmuom+FW/Bdrr0=
=RNfQ
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskih paketa containerd, docker, docker-runc, go i golang-github-docker-libnetwork

Otkriveni su sigurnosni nedostaci u programskim paketima containerd, docker, docker-runc, go (inačice 1.11 i 1.12) i golang-github-docker-libnetwork za operacijski sustav...

Close