1. Forum
  2. Fsxnet Message
  3. FSX BOT

  • Linux kernel (Xenial HWE) vulnerabilities

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Tuesday, December 03, 2019 00:10:07
    linux-lts-xenial, linux-aws vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 14.04 ESM

    Summary

    Several security issues were fixed in the Linux kernel.

    Software Description

    * linux-aws - Linux kernel for Amazon Web Services (AWS) systems
    * linux-lts-xenial - Linux hardware enablement kernel from
    Xenial for Trusty

    Details

    USN-4211-1 fixed vulnerabilities in the Linux kernel for Ubuntu
    16.04 LTS. This update provides the corresponding updates for the
    Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for
    Ubuntu 14.04 ESM.

    Zhipeng Xie discovered that an infinite loop could be triggered in
    the CFS Linux kernel process scheduler. A local attacker could
    possibly use this to cause a denial of service. (CVE-2018-20784)

    Nicolas Waisman discovered that the WiFi driver stack in the Linux
    kernel did not properly validate SSID lengths. A physically
    proximate attacker could use this to cause a denial of service
    (system crash). (CVE-2019-17133)

    Nicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for
    the Linux kernel performed DMA from a kernel stack. A local
    attacker could use this to cause a denial of service (system
    crash). (CVE-2019-17075)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 14.04 ESM
    linux-image-4.4.0-1059-aws - 4.4.0-1059.63
    linux-image-4.4.0-170-generic - 4.4.0-170.199~14.04.1
    linux-image-4.4.0-170-generic-lpae - 4.4.0-170.199~14.04.1
    linux-image-4.4.0-170-lowlatency - 4.4.0-170.199~14.04.1
    linux-image-4.4.0-170-powerpc-e500mc -
    4.4.0-170.199~14.04.1
    linux-image-4.4.0-170-powerpc-smp - 4.4.0-170.199~14.04.1
    linux-image-4.4.0-170-powerpc64-emb -
    4.4.0-170.199~14.04.1
    linux-image-4.4.0-170-powerpc64-smp -
    4.4.0-170.199~14.04.1
    linux-image-aws - 4.4.0.1059.60
    linux-image-generic-lpae-lts-xenial - 4.4.0.170.149
    linux-image-generic-lts-xenial - 4.4.0.170.149
    linux-image-lowlatency-lts-xenial - 4.4.0.170.149
    linux-image-powerpc-e500mc-lts-xenial - 4.4.0.170.149
    linux-image-powerpc-smp-lts-xenial - 4.4.0.170.149
    linux-image-powerpc64-emb-lts-xenial - 4.4.0.170.149
    linux-image-powerpc64-smp-lts-xenial - 4.4.0.170.149
    linux-image-virtual-lts-xenial - 4.4.0.170.149

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    After a standard system update you need to reboot your computer to
    make all the necessary changes.

    ATTENTION: Due to an unavoidable ABI change the kernel updates
    have been given a new version number, which requires you to
    recompile and reinstall all third party kernel modules you might
    have installed. Unless you manually uninstalled the standard
    kernel metapackages (e.g. linux-generic,
    linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a
    standard system upgrade will automatically perform this as well.

    References

    * USN-4211-1
    * CVE-2018-20784
    * CVE-2019-17075
    * CVE-2019-17133

    --- Mystic BBS v1.12 A43 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Tuesday, January 07, 2020 16:10:06
    linux-lts-xenial, linux-aws vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 14.04 ESM

    Summary

    Several security issues were fixed in the Linux kernel.

    Software Description

    * linux-aws - Linux kernel for Amazon Web Services (AWS) systems
    * linux-lts-xenial - Linux hardware enablement kernel from
    Xenial for Trusty

    Details

    USN-4228-1 fixed vulnerabilities in the Linux kernel for Ubuntu
    16.04 LTS. This update provides the corresponding updates for the
    Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for
    Ubuntu 14.04 ESM.

    It was discovered that a heap-based buffer overflow existed in the
    Marvell WiFi-Ex Driver for the Linux kernel. A physically
    proximate attacker could use this to cause a denial of service
    (system crash) or possibly execute arbitrary code.
    (CVE-2019-14895, CVE-2019-14901)

    It was discovered that a heap-based buffer overflow existed in the
    Marvell Libertas WLAN Driver for the Linux kernel. A physically
    proximate attacker could use this to cause a denial of service
    (system crash) or possibly execute arbitrary code.
    (CVE-2019-14896, CVE-2019-14897)

    Anthony Steinhauser discovered that the Linux kernel did not
    properly perform Spectre_RSB mitigations to all processors for
    PowerPC architecture systems in some situations. A local attacker
    could use this to expose sensitive information. (CVE-2019-18660)

    It was discovered that Geschwister Schneider USB CAN interface
    driver in the Linux kernel did not properly deallocate memory in
    certain failure conditions. A physically proximate attacker could
    use this to cause a denial of service (kernel memory exhaustion).
    (CVE-2019-19052)

    It was discovered that the driver for memoryless force-feedback
    input devices in the Linux kernel contained a use-after-free
    vulnerability. A physically proximate attacker could possibly use
    this to cause a denial of service (system crash) or execute
    arbitrary code. (CVE-2019-19524)

    It was discovered that the PEAK-System Technik USB driver in the
    Linux kernel did not properly sanitize memory before sending it to
    the device. A physically proximate attacker could use this to
    expose sensitive information (kernel memory). (CVE-2019-19534)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 14.04 ESM
    linux-image-4.4.0-1060-aws - 4.4.0-1060.64
    linux-image-4.4.0-171-generic - 4.4.0-171.200~14.04.1
    linux-image-4.4.0-171-generic-lpae - 4.4.0-171.200~14.04.1
    linux-image-4.4.0-171-lowlatency - 4.4.0-171.200~14.04.1
    linux-image-4.4.0-171-powerpc-e500mc -
    4.4.0-171.200~14.04.1
    linux-image-4.4.0-171-powerpc-smp - 4.4.0-171.200~14.04.1
    linux-image-4.4.0-171-powerpc64-emb -
    4.4.0-171.200~14.04.1
    linux-image-4.4.0-171-powerpc64-smp -
    4.4.0-171.200~14.04.1
    linux-image-aws - 4.4.0.1060.61
    linux-image-generic-lpae-lts-xenial - 4.4.0.171.150
    linux-image-generic-lts-xenial - 4.4.0.171.150
    linux-image-lowlatency-lts-xenial - 4.4.0.171.150
    linux-image-powerpc-e500mc-lts-xenial - 4.4.0.171.150
    linux-image-powerpc-smp-lts-xenial - 4.4.0.171.150
    linux-image-powerpc64-emb-lts-xenial - 4.4.0.171.150
    linux-image-powerpc64-smp-lts-xenial - 4.4.0.171.150
    linux-image-virtual-lts-xenial - 4.4.0.171.150

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    After a standard system update you need to reboot your computer to
    make all the necessary changes.

    ATTENTION: Due to an unavoidable ABI change the kernel updates
    have been given a new version number, which requires you to
    recompile and reinstall all third party kernel modules you might
    have installed. Unless you manually uninstalled the standard
    kernel metapackages (e.g. linux-generic,
    linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a
    standard system upgrade will automatically perform this as well.

    References

    * USN-4228-1
    * CVE-2019-14895
    * CVE-2019-14896
    * CVE-2019-14897
    * CVE-2019-14901
    * CVE-2019-18660
    * CVE-2019-19052
    * CVE-2019-19524
    * CVE-2019-19534

    --- Mystic BBS v1.12 A43 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Wednesday, January 29, 2020 00:10:04
    linux-lts-xenial, linux-aws vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 14.04 ESM

    Summary

    Several security issues were fixed in the Linux kernel.

    Software Description

    * linux-aws - Linux kernel for Amazon Web Services (AWS) systems
    * linux-lts-xenial - Linux hardware enablement kernel from
    Xenial for Trusty

    Details

    USN-4254-1 fixed vulnerabilities in the Linux kernel for Ubuntu
    16.04 LTS. This update provides the corresponding updates for the
    Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for
    Ubuntu 14.04 ESM.

    It was discovered that the Linux kernel did not properly clear
    data structures on context switches for certain Intel graphics
    processors. A local attacker could use this to expose sensitive
    information. (CVE-2019-14615)

    It was discovered that a race condition existed in the Virtual
    Video Test Driver in the Linux kernel. An attacker with write
    access to /dev/video0 on a system with the vivid module loaded
    could possibly use this to gain administrative privileges.
    (CVE-2019-18683)

    It was discovered that the btrfs file system in the Linux kernel
    did not properly validate metadata, leading to a NULL pointer
    dereference. An attacker could use this to specially craft a file
    system image that, when mounted, could cause a denial of service
    (system crash). (CVE-2019-18885)

    It was discovered that multiple memory leaks existed in the
    Marvell WiFi-Ex Driver for the Linux kernel. A local attacker
    could possibly use this to cause a denial of service (kernel
    memory exhaustion). (CVE-2019-19057)

    It was discovered that the crypto subsystem in the Linux kernel
    did not properly deallocate memory in certain error conditions. A
    local attacker could use this to cause a denial of service (kernel
    memory exhaustion). (CVE-2019-19062)

    It was discovered that the Realtek rtlwifi USB device driver in
    the Linux kernel did not properly deallocate memory in certain
    error conditions. A local attacker could possibly use this to
    cause a denial of service (kernel memory exhaustion).
    (CVE-2019-19063)

    Dan Carpenter discovered that the AppleTalk networking subsystem
    of the Linux kernel did not properly handle certain error
    conditions, leading to a NULL pointer dereference. A local
    attacker could use this to cause a denial of service (system
    crash). (CVE-2019-19227)

    It was discovered that the KVM hypervisor implementation in the
    Linux kernel did not properly handle ioctl requests to get
    emulated CPUID features. An attacker with access to /dev/kvm could
    use this to cause a denial of service (system crash).
    (CVE-2019-19332)

    It was discovered that the B2C2 FlexCop USB device driver in the
    Linux kernel did not properly validate device metadata. A
    physically proximate attacker could use this to cause a denial of
    service (system crash). (CVE-2019-15291)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 14.04 ESM
    linux-image-4.4.0-1061-aws - 4.4.0-1061.65
    linux-image-4.4.0-173-generic - 4.4.0-173.203~14.04.1
    linux-image-4.4.0-173-generic-lpae - 4.4.0-173.203~14.04.1
    linux-image-4.4.0-173-lowlatency - 4.4.0-173.203~14.04.1
    linux-image-4.4.0-173-powerpc-e500mc -
    4.4.0-173.203~14.04.1
    linux-image-4.4.0-173-powerpc-smp - 4.4.0-173.203~14.04.1
    linux-image-4.4.0-173-powerpc64-emb -
    4.4.0-173.203~14.04.1
    linux-image-4.4.0-173-powerpc64-smp -
    4.4.0-173.203~14.04.1
    linux-image-aws - 4.4.0.1061.62
    linux-image-generic-lpae-lts-xenial - 4.4.0.173.152
    linux-image-generic-lts-xenial - 4.4.0.173.152
    linux-image-lowlatency-lts-xenial - 4.4.0.173.152
    linux-image-powerpc-e500mc-lts-xenial - 4.4.0.173.152
    linux-image-powerpc-smp-lts-xenial - 4.4.0.173.152
    linux-image-powerpc64-emb-lts-xenial - 4.4.0.173.152
    linux-image-powerpc64-smp-lts-xenial - 4.4.0.173.152
    linux-image-virtual-lts-xenial - 4.4.0.173.152

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    After a standard system update you need to reboot your computer to
    make all the necessary changes.

    ATTENTION: Due to an unavoidable ABI change the kernel updates
    have been given a new version number, which requires you to
    recompile and reinstall all third party kernel modules you might
    have installed. Unless you manually uninstalled the standard
    kernel metapackages (e.g. linux-generic,
    linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a
    standard system upgrade will automatically perform this as well.

    References

    * USN-4254-1
    * CVE-2019-14615
    * CVE-2019-15291
    * CVE-2019-18683
    * CVE-2019-18885
    * CVE-2019-19057
    * CVE-2019-19062
    * CVE-2019-19063
    * CVE-2019-19227
    * CVE-2019-19332

    --- Mystic BBS v1.12 A43 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Tuesday, February 18, 2020 20:10:04
    linux-lts-xenial, linux-aws vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 14.04 ESM

    Summary

    Several security issues were fixed in the Linux kernel.

    Software Description

    * linux-aws - Linux kernel for Amazon Web Services (AWS) systems
    * linux-lts-xenial - Linux hardware enablement kernel from
    Xenial for Trusty

    Details

    USN-4286-1 fixed vulnerabilities in the Linux kernel for Ubuntu
    16.04 LTS. This update provides the corresponding updates for the
    Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for
    Ubuntu 14.04 ESM.

    It was discovered that the Linux kernel did not properly clear
    data structures on context switches for certain Intel graphics
    processors. A local attacker could use this to expose sensitive
    information. (CVE-2019-14615)

    It was discovered that a race condition existed in the Softmac USB
    Prism54 device driver in the Linux kernel. A physically proximate
    attacker could use this to cause a denial of service (system
    crash). (CVE-2019-15220)

    Julien Grall discovered that the Xen balloon memory driver in the
    Linux kernel did not properly restrict the amount of memory set
    aside for page mappings in some situations. An attacker could use
    this to cause a denial of service (kernel memory exhaustion).
    (CVE-2019-17351)

    It was discovered that the Intel WiMAX 2400 driver in the Linux
    kernel did not properly deallocate memory in certain situations. A
    local attacker could use this to cause a denial of service (kernel
    memory exhaustion). (CVE-2019-19051)

    It was discovered that the Marvell Wi-Fi device driver in the
    Linux kernel did not properly deallocate memory in certain error
    conditions. A local attacker could use this to possibly cause a
    denial of service (kernel memory exhaustion). (CVE-2019-19056)

    It was discovered that the Brocade BFA Fibre Channel device driver
    in the Linux kernel did not properly deallocate memory in certain
    error conditions. A local attacker could possibly use this to
    cause a denial of service (kernel memory exhaustion).
    (CVE-2019-19066)

    It was discovered that the Realtek RTL8xxx USB Wi-Fi device driver
    in the Linux kernel did not properly deallocate memory in certain
    error conditions. A local attacker could possibly use this to
    cause a denial of service (kernel memory exhaustion).
    (CVE-2019-19068)

    Gao Chuan discovered that the SAS Class driver in the Linux kernel
    contained a race condition that could lead to a NULL pointer
    dereference. A local attacker could possibly use this to cause a
    denial of service (system crash). (CVE-2019-19965)

    It was discovered that the Datagram Congestion Control Protocol
    (DCCP) implementation in the Linux kernel did not properly
    deallocate memory in certain error conditions. An attacker could
    possibly use this to cause a denial of service (kernel memory
    exhaustion). (CVE-2019-20096)

    Mitchell Frank discovered that the Wi-Fi implementation in the
    Linux kernel when used as an access point would send IAPP location
    updates for stations before client authentication had completed. A
    physically proximate attacker could use this to cause a denial of
    service. (CVE-2019-5108)

    It was discovered that ZR364XX Camera USB device driver for the
    Linux kernel did not properly initialize memory. A physically
    proximate attacker could use this to cause a denial of service
    (system crash). (CVE-2019-15217)

    It was discovered that the Line 6 POD USB device driver in the
    Linux kernel did not properly validate data size information from
    the device. A physically proximate attacker could use this to
    cause a denial of service (system crash). (CVE-2019-15221)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 14.04 ESM
    linux-image-4.4.0-1062-aws - 4.4.0-1062.66
    linux-image-4.4.0-174-generic - 4.4.0-174.204~14.04.1
    linux-image-4.4.0-174-generic-lpae - 4.4.0-174.204~14.04.1
    linux-image-4.4.0-174-lowlatency - 4.4.0-174.204~14.04.1
    linux-image-4.4.0-174-powerpc-e500mc -
    4.4.0-174.204~14.04.1
    linux-image-4.4.0-174-powerpc-smp - 4.4.0-174.204~14.04.1
    linux-image-4.4.0-174-powerpc64-emb -
    4.4.0-174.204~14.04.1
    linux-image-4.4.0-174-powerpc64-smp -
    4.4.0-174.204~14.04.1
    linux-image-aws - 4.4.0.1062.63
    linux-image-generic-lpae-lts-xenial - 4.4.0.174.153
    linux-image-generic-lts-xenial - 4.4.0.174.153
    linux-image-lowlatency-lts-xenial - 4.4.0.174.153
    linux-image-powerpc-e500mc-lts-xenial - 4.4.0.174.153
    linux-image-powerpc-smp-lts-xenial - 4.4.0.174.153
    linux-image-powerpc64-emb-lts-xenial - 4.4.0.174.153
    linux-image-powerpc64-smp-lts-xenial - 4.4.0.174.153
    linux-image-virtual-lts-xenial - 4.4.0.174.153

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    After a standard system update you need to reboot your computer to
    make all the necessary changes.

    ATTENTION: Due to an unavoidable ABI change the kernel updates
    have been given a new version number, which requires you to
    recompile and reinstall all third party kernel modules you might
    have installed. Unless you manually uninstalled the standard
    kernel metapackages (e.g. linux-generic,
    linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a
    standard system upgrade will automatically perform this as well.

    References

    * USN-4286-1
    * CVE-2019-14615
    * CVE-2019-15217
    * CVE-2019-15220
    * CVE-2019-15221
    * CVE-2019-17351
    * CVE-2019-19051
    * CVE-2019-19056
    * CVE-2019-19066
    * CVE-2019-19068
    * CVE-2019-19965
    * CVE-2019-20096
    * CVE-2019-5108

    --- Mystic BBS v1.12 A44 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)