Ubuntu Security Advisories

USN-4214-2: RabbitMQ vulnerability

2 hours 47 minutes ago
librabbitmq vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

RabbitMQ could be made to execute arbitrary code if it received a specially crafted input.

Software Description
  • librabbitmq - Command-line utilities for interacting with AMQP servers
Details

USN-4214-1 fixed a vulnerability in RabbitMQ. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
amqp-tools - 0.8.0-1ubuntu0.18.04.2
librabbitmq4 - 0.8.0-1ubuntu0.18.04.2
Ubuntu 16.04 LTS
amqp-tools - 0.7.1-1ubuntu0.2
librabbitmq-dev - 0.7.1-1ubuntu0.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4217-2: Samba vulnerabilities

4 hours 32 minutes ago
samba vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 ESM
Summary

Several security issues were fixed in Samba.

Software Description
  • samba - SMB/CIFS file, print, and login server for Unix
Details

USN-4217-1 fixed several vulnerabilities in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. (CVE-2019-14861)

Isaac Boukris discovered that Samba did not enforce the Kerberos DelegationNotAllowed feature restriction, contrary to expectations. (CVE-2019-14870)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM
libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4
samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4221-1: libpcap vulnerability

19 hours 23 minutes ago
libpcap vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 ESM
Summary

Applications using libpcap could be made to crash if given specially crafted data.

Software Description
  • libpcap - Library for for user-level network packet capture
Details

It was discovered that libpcap did not properly validate PHB headers in some situations. An attacker could use this to cause a denial of service (memory exhaustion).

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
libpcap0.8 - 1.8.1-6ubuntu1.19.04.1
Ubuntu 18.04 LTS
libpcap0.8 - 1.8.1-6ubuntu1.18.04.1
Ubuntu 16.04 LTS
libpcap0.8 - 1.7.4-2ubuntu0.1
Ubuntu 14.04 ESM
libpcap0.8 - 1.5.3-2ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4202-2: Thunderbird regression

23 hours 7 minutes ago
thunderbird regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.10
  • Ubuntu 18.04 LTS
Summary

USN-4202-1 caused a regression in Thunderbird.

Software Description
  • thunderbird - Mozilla Open Source mail and newsgroup client
Details

USN-4202-1 fixed vulnerabilities in Thunderbird. After upgrading, Thunderbird created a new profile for some users. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. (CVE-2019-11755)

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764)

A heap overflow was discovered in the expat library in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-15903)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.10
thunderbird - 1:68.2.2+build1-0ubuntu0.19.10.1
Ubuntu 18.04 LTS
thunderbird - 1:68.2.2+build1-0ubuntu0.18.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Thunderbird to make all the necessary changes.

References

USN-4220-1: Git vulnerabilities

1 day ago
git vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.10
  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in Git.

Software Description
  • git - fast, scalable, distributed revision control system
Details

Joern Schneeweisz and Nicolas Joly discovered that Git contained various security flaws. An attacker could possibly use these issues to overwrite arbitrary paths, execute arbitrary code, and overwrite files in the .git directory.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.10
git - 1:2.20.1-2ubuntu1.19.10.1
Ubuntu 19.04
git - 1:2.20.1-2ubuntu1.19.04.1
Ubuntu 18.04 LTS
git - 1:2.17.1-1ubuntu0.5
Ubuntu 16.04 LTS
git - 1:2.7.4-0ubuntu1.7

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4219-1: libssh vulnerability

1 day 1 hour ago
libssh vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.10
  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

libssh could be made to run programs under certain conditions.

Software Description
  • libssh - A tiny C SSH library
Details

It was discovered that libssh incorrectly handled certain scp commands. If a user or automated system were tricked into using a specially-crafted scp command, a remote attacker could execute arbitrary commands on the server.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.10
libssh-4 - 0.9.0-1ubuntu1.3
Ubuntu 19.04
libssh-4 - 0.8.6-3ubuntu0.3
Ubuntu 18.04 LTS
libssh-4 - 0.8.0~20170825.94fa1e38-1ubuntu0.5
Ubuntu 16.04 LTS
libssh-4 - 0.6.3-4.3ubuntu0.5

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4218-1: GNU C Library vulnerability

1 day 5 hours ago
eglibc vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 ESM
  • Ubuntu 12.04 ESM
Summary

GNU C Library could be made to execute arbitrary code or cause a crash if it received a specially crafted input.

Software Description
  • eglibc - GNU C Library
Details

Jakub Wilk discovered that GNU C Library incorrectly handled certain memory alignments. An attacker could possibly use this issue to execute arbitrary code or cause a crash.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM
libc6 - 2.19-0ubuntu6.15+esm1
Ubuntu 12.04 ESM
libc6 - 2.15-0ubuntu10.22

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References

USN-4217-1: Samba vulnerabilities

1 day 6 hours ago
samba vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.10
  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in Samba.

Software Description
  • samba - SMB/CIFS file, print, and login server for Unix
Details

Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. (CVE-2019-14861)

Isaac Boukris discovered that Samba did not enforce the Kerberos DelegationNotAllowed feature restriction, contrary to expectations. (CVE-2019-14870)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.10
libsmbclient - 2:4.10.7+dfsg-0ubuntu2.3
samba - 2:4.10.7+dfsg-0ubuntu2.3
Ubuntu 19.04
libsmbclient - 2:4.10.0+dfsg-0ubuntu2.7
samba - 2:4.10.0+dfsg-0ubuntu2.7
Ubuntu 18.04 LTS
libsmbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.14
samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.14
Ubuntu 16.04 LTS
libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.24
samba - 2:4.3.11+dfsg-0ubuntu0.16.04.24

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4216-1: Firefox vulnerabilities

1 day 20 hours ago
firefox vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.10
  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
Summary

Firefox could be made to crash or run programs as your login if it opened a malicious website.

Software Description
  • firefox - Mozilla Open Source web browser
Details

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.10
firefox - 71.0+build5-0ubuntu0.19.10.1
Ubuntu 19.04
firefox - 71.0+build5-0ubuntu0.19.04.1
Ubuntu 18.04 LTS
firefox - 71.0+build5-0ubuntu0.18.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make all the necessary changes.

References

USN-4215-1: NSS vulnerability

2 days 7 hours ago
nss vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 ESM
  • Ubuntu 12.04 ESM
Summary

NSS could be made to crash if it received a specially crafted certificate.

Software Description
  • nss - Network Security Service library
Details

It was discovered that NSS incorrectly handled certain certificates. An attacker could possibly use this issue to cause a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
libnss3 - 2:3.42-1ubuntu2.4
Ubuntu 18.04 LTS
libnss3 - 2:3.35-2ubuntu2.6
Ubuntu 16.04 LTS
libnss3 - 2:3.28.4-0ubuntu0.16.04.9
Ubuntu 14.04 ESM
libnss3 - 2:3.28.4-0ubuntu0.14.04.5+esm3
Ubuntu 12.04 ESM
libnss3 - 2:3.28.4-0ubuntu0.12.04.6

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References

USN-4214-1: RabbitMQ vulnerability

6 days 5 hours ago
librabbitmq vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.10
  • Ubuntu 19.04
  • Ubuntu 14.04 ESM
Summary

RabbitMQ could be made to execute arbitrary code if it received a specially crafted input.

Software Description
  • librabbitmq - Command-line utilities for interacting with AMQP servers
Details

It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.10
amqp-tools - 0.9.0-0.2ubuntu0.19.10.1
librabbitmq4 - 0.9.0-0.2ubuntu0.19.10.1
Ubuntu 19.04
amqp-tools - 0.9.0-0.2ubuntu0.19.04.1
librabbitmq4 - 0.9.0-0.2ubuntu0.19.04.1
Ubuntu 14.04 ESM
amqp-tools - 0.4.1-1ubuntu0.1~esm1
librabbitmq1 - 0.4.1-1ubuntu0.1~esm1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4213-1: Squid vulnerabilities

1 week ago
squid, squid3 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.10
  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in Squid.

Software Description
  • squid - Web proxy cache server
  • squid3 - Web proxy cache server
Details

Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks and access restricted servers. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-12523)

Jeriko One discovered that Squid incorrectly handed URN responses. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-12526)

Alex Rousskov discovered that Squid incorrectly handled certain strings. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 19.04. (CVE-2019-12854)

Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain input. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-18676)

Kristoffer Danielsson discovered that Squid incorrectly handled certain messages. This issue could result in traffic being redirected to origins it should not be delivered to. (CVE-2019-18677)

Régis Leroy discovered that Squid incorrectly handled certain HTTP request headers. A remote attacker could use this to smuggle HTTP requests and corrupt caches with arbitrary content. (CVE-2019-18678)

David Fifield discovered that Squid incorrectly handled HTTP Digest Authentication. A remote attacker could possibly use this issue to obtain pointer contents and bypass ASLR protections. (CVE-2019-18679)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.10
squid - 4.8-1ubuntu2.1
Ubuntu 19.04
squid - 4.4-1ubuntu2.3
Ubuntu 18.04 LTS
squid3 - 3.5.27-1ubuntu1.4
Ubuntu 16.04 LTS
squid3 - 3.5.12-1ubuntu7.9

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4212-1: HAProxy vulnerability

1 week ago
haproxy vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.10
  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
Summary

HAProxy could be made to execute arbitrary code if it received a specially crafted HTTP/2 header.

Software Description
  • haproxy - fast and reliable load balancing reverse proxy
Details

Tim Düsterhus discovered that HAProxy incorrectly handled certain HTTP/2 headers. An attacker could possibly use this issue to execute arbitrary code through CRLF injection.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.10
haproxy - 2.0.5-1ubuntu0.3
Ubuntu 19.04
haproxy - 1.8.19-1ubuntu1.3
Ubuntu 18.04 LTS
haproxy - 1.8.8-1ubuntu0.9

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4182-4: Intel Microcode regression

1 week ago
intel-microcode regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 ESM
Summary

USN-4182-2 introduced a regression in the Intel Microcode for some Skylake processors.

Software Description
  • intel-microcode - Processor microcode for Intel CPUs
Details

USN-4182-2 provided updated Intel Processor Microcode. A regression was discovered that caused some Skylake processors to hang after a warm reboot. This update reverts the microcode for that specific processor family.

We apologize for the inconvenience.

Original advisory details:

Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135)

It was discovered that certain Intel Xeon processors did not properly restrict access to a voltage modulation interface. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2019-11139)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM
intel-microcode - 3.20191115.1ubuntu0.14.04.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer.

References

USN-4182-3: Intel Microcode regression

1 week ago
intel-microcode regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.10
  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

USN-4182-1 introduced a regression in the Intel Microcode for some Skylake processors.

Software Description
  • intel-microcode - Processor microcode for Intel CPUs
Details

USN-4182-1 provided updated Intel Processor Microcode. A regression was discovered that caused some Skylake processors to hang after a warm reboot. This update reverts the microcode for that specific processor family.

We apologize for the inconvenience.

Original advisory details:

Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135)

It was discovered that certain Intel Xeon processors did not properly restrict access to a voltage modulation interface. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2019-11139)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.10
intel-microcode - 3.20191115.1ubuntu0.19.10.2
Ubuntu 19.04
intel-microcode - 3.20191115.1ubuntu0.19.04.2
Ubuntu 18.04 LTS
intel-microcode - 3.20191115.1ubuntu0.18.04.2
Ubuntu 16.04 LTS
intel-microcode - 3.20191115.1ubuntu0.16.04.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer.

References

USN-4194-2: postgresql-common vulnerability

1 week 1 day ago
postgresql-common vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 ESM
Summary

postgresql-common could be made to create arbitrary directories.

Software Description
  • postgresql-common - PostgreSQL database-cluster manager
Details

USN-4194-1 fixed a vulnerability in postgresql-common. This update provides the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Rich Mirch discovered that the postgresql-common pg_ctlcluster script incorrectly handled directory creation. A local attacker could possibly use this issue to escalate privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM
postgresql-common - 154ubuntu1.1+esm1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4207-1: GraphicsMagick vulnerabilities

1 week 1 day ago
graphicsmagick vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
Summary

Several security issues were fixed in GraphicsMagick.

Software Description
  • graphicsmagick - collection of image processing tools
Details

It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
graphicsmagick - 1.3.28-2ubuntu0.1
libgraphicsmagick++-q16-12 - 1.3.28-2ubuntu0.1
libgraphicsmagick-q16-3 - 1.3.28-2ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

USN-4211-2: Linux kernel (Xenial HWE) vulnerabilities

1 week 1 day ago
linux-lts-xenial, linux-aws vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 ESM
Summary

Several security issues were fixed in the Linux kernel.

Software Description
  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-lts-xenial - Linux hardware enablement kernel from Xenial for Trusty
Details

USN-4211-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM.

Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784)

Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-17133)

Nicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-17075)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM
linux-image-4.4.0-1059-aws - 4.4.0-1059.63
linux-image-4.4.0-170-generic - 4.4.0-170.199~14.04.1
linux-image-4.4.0-170-generic-lpae - 4.4.0-170.199~14.04.1
linux-image-4.4.0-170-lowlatency - 4.4.0-170.199~14.04.1
linux-image-4.4.0-170-powerpc-e500mc - 4.4.0-170.199~14.04.1
linux-image-4.4.0-170-powerpc-smp - 4.4.0-170.199~14.04.1
linux-image-4.4.0-170-powerpc64-emb - 4.4.0-170.199~14.04.1
linux-image-4.4.0-170-powerpc64-smp - 4.4.0-170.199~14.04.1
linux-image-aws - 4.4.0.1059.60
linux-image-generic-lpae-lts-xenial - 4.4.0.170.149
linux-image-generic-lts-xenial - 4.4.0.170.149
linux-image-lowlatency-lts-xenial - 4.4.0.170.149
linux-image-powerpc-e500mc-lts-xenial - 4.4.0.170.149
linux-image-powerpc-smp-lts-xenial - 4.4.0.170.149
linux-image-powerpc64-emb-lts-xenial - 4.4.0.170.149
linux-image-powerpc64-smp-lts-xenial - 4.4.0.170.149
linux-image-virtual-lts-xenial - 4.4.0.170.149

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References

USN-4211-1: Linux kernel vulnerabilities

1 week 1 day ago
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in the Linux kernel.

Software Description
  • linux - Linux kernel
  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-kvm - Linux kernel for cloud environments
  • linux-raspi2 - Linux kernel for Raspberry Pi 2
  • linux-snapdragon - Linux kernel for Snapdragon processors
Details

Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784)

Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-17133)

Nicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-17075)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
linux-image-4.4.0-1063-kvm - 4.4.0-1063.70
linux-image-4.4.0-1099-aws - 4.4.0-1099.110
linux-image-4.4.0-1126-raspi2 - 4.4.0-1126.135
linux-image-4.4.0-1130-snapdragon - 4.4.0-1130.138
linux-image-4.4.0-170-generic - 4.4.0-170.199
linux-image-4.4.0-170-generic-lpae - 4.4.0-170.199
linux-image-4.4.0-170-lowlatency - 4.4.0-170.199
linux-image-4.4.0-170-powerpc-e500mc - 4.4.0-170.199
linux-image-4.4.0-170-powerpc-smp - 4.4.0-170.199
linux-image-4.4.0-170-powerpc64-emb - 4.4.0-170.199
linux-image-4.4.0-170-powerpc64-smp - 4.4.0-170.199
linux-image-aws - 4.4.0.1099.103
linux-image-generic - 4.4.0.170.178
linux-image-generic-lpae - 4.4.0.170.178
linux-image-kvm - 4.4.0.1063.63
linux-image-lowlatency - 4.4.0.170.178
linux-image-powerpc-e500mc - 4.4.0.170.178
linux-image-powerpc-smp - 4.4.0.170.178
linux-image-powerpc64-emb - 4.4.0.170.178
linux-image-powerpc64-smp - 4.4.0.170.178
linux-image-raspi2 - 4.4.0.1126.126
linux-image-snapdragon - 4.4.0.1130.122
linux-image-virtual - 4.4.0.170.178

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References

USN-4210-1: Linux kernel vulnerabilities

1 week 1 day ago
linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Summary

Several security issues were fixed in the Linux kernel.

Software Description
  • linux - Linux kernel
  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-gke-4.15 - Linux kernel for Google Container Engine (GKE) systems
  • linux-kvm - Linux kernel for cloud environments
  • linux-oem - Linux kernel for OEM processors
  • linux-oracle - Linux kernel for Oracle Cloud systems
  • linux-raspi2 - Linux kernel for Raspberry Pi 2
  • linux-snapdragon - Linux kernel for Snapdragon processors
  • linux-aws-hwe - Linux kernel for Amazon Web Services (AWS-HWE) systems
  • linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
  • linux-hwe - Linux hardware enablement (HWE) kernel
Details

It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746)

Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-17133)

It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19060)

It was discovered that the Intel OPA Gen1 Infiniband Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19065)

It was discovered that the Cascoda CA8210 SPI 802.15.4 wireless controller driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19075)

Nicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-17075)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
linux-image-4.15.0-1030-oracle - 4.15.0-1030.33
linux-image-4.15.0-1049-gke - 4.15.0-1049.52
linux-image-4.15.0-1051-kvm - 4.15.0-1051.51
linux-image-4.15.0-1052-raspi2 - 4.15.0-1052.56
linux-image-4.15.0-1056-aws - 4.15.0-1056.58
linux-image-4.15.0-1065-oem - 4.15.0-1065.75
linux-image-4.15.0-1069-snapdragon - 4.15.0-1069.76
linux-image-4.15.0-72-generic - 4.15.0-72.81
linux-image-4.15.0-72-generic-lpae - 4.15.0-72.81
linux-image-4.15.0-72-lowlatency - 4.15.0-72.81
linux-image-aws - 4.15.0.1056.57
linux-image-aws-lts-18.04 - 4.15.0.1056.57
linux-image-generic - 4.15.0.72.74
linux-image-generic-lpae - 4.15.0.72.74
linux-image-gke - 4.15.0.1049.52
linux-image-gke-4.15 - 4.15.0.1049.52
linux-image-kvm - 4.15.0.1051.51
linux-image-lowlatency - 4.15.0.72.74
linux-image-oem - 4.15.0.1065.69
linux-image-oracle - 4.15.0.1030.35
linux-image-oracle-lts-18.04 - 4.15.0.1030.35
linux-image-powerpc-e500mc - 4.15.0.72.74
linux-image-powerpc-smp - 4.15.0.72.74
linux-image-powerpc64-emb - 4.15.0.72.74
linux-image-powerpc64-smp - 4.15.0.72.74
linux-image-raspi2 - 4.15.0.1052.50
linux-image-snapdragon - 4.15.0.1069.72
linux-image-virtual - 4.15.0.72.74
Ubuntu 16.04 LTS
linux-image-4.15.0-1030-oracle - 4.15.0-1030.33~16.04.1
linux-image-4.15.0-1050-gcp - 4.15.0-1050.53
linux-image-4.15.0-1056-aws - 4.15.0-1056.58~16.04.1
linux-image-4.15.0-72-generic - 4.15.0-72.81~16.04.1
linux-image-4.15.0-72-generic-lpae - 4.15.0-72.81~16.04.1
linux-image-4.15.0-72-lowlatency - 4.15.0-72.81~16.04.1
linux-image-aws-hwe - 4.15.0.1056.56
linux-image-gcp - 4.15.0.1050.64
linux-image-generic-hwe-16.04 - 4.15.0.72.92
linux-image-generic-lpae-hwe-16.04 - 4.15.0.72.92
linux-image-gke - 4.15.0.1050.64
linux-image-lowlatency-hwe-16.04 - 4.15.0.72.92
linux-image-oem - 4.15.0.72.92
linux-image-oracle - 4.15.0.1030.23
linux-image-virtual-hwe-16.04 - 4.15.0.72.92

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References
Checked
11 minutes 54 seconds ago