Ubuntu Security Advisories

librabbitmq vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

Summary

RabbitMQ could be made to execute arbitrary code if it received a specially crafted input.

Software Description

• librabbitmq - Command-line utilities for interacting with AMQP servers

Details

USN-4214-1 fixed a vulnerability in RabbitMQ. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS

amqp-tools - 0.8.0-1ubuntu0.18.04.2

librabbitmq4 - 0.8.0-1ubuntu0.18.04.2

Ubuntu 16.04 LTS

amqp-tools - 0.7.1-1ubuntu0.2

librabbitmq-dev - 0.7.1-1ubuntu0.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• USN-4214-1
• CVE-2019-18609

samba vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 14.04 ESM

Summary

Several security issues were fixed in Samba.

Software Description

• samba - SMB/CIFS file, print, and login server for Unix

Details

USN-4217-1 fixed several vulnerabilities in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. (CVE-2019-14861)

Isaac Boukris discovered that Samba did not enforce the Kerberos DelegationNotAllowed feature restriction, contrary to expectations. (CVE-2019-14870)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM

libsmbclient - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4

samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• USN-4217-1
• CVE-2019-14861
• CVE-2019-14870

libpcap vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.04
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 14.04 ESM

Summary

Applications using libpcap could be made to crash if given specially crafted data.

Software Description

• libpcap - Library for for user-level network packet capture

Details

It was discovered that libpcap did not properly validate PHB headers in some situations. An attacker could use this to cause a denial of service (memory exhaustion).

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04

libpcap0.8 - 1.8.1-6ubuntu1.19.04.1

Ubuntu 18.04 LTS

libpcap0.8 - 1.8.1-6ubuntu1.18.04.1

Ubuntu 16.04 LTS

libpcap0.8 - 1.7.4-2ubuntu0.1

Ubuntu 14.04 ESM

libpcap0.8 - 1.5.3-2ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• CVE-2019-15165

thunderbird regression

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.10
• Ubuntu 18.04 LTS

Summary

USN-4202-1 caused a regression in Thunderbird.

Software Description

• thunderbird - Mozilla Open Source mail and newsgroup client

Details

USN-4202-1 fixed vulnerabilities in Thunderbird. After upgrading, Thunderbird created a new profile for some users. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. (CVE-2019-11755)

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764)

A heap overflow was discovered in the expat library in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-15903)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.10

thunderbird - 1:68.2.2+build1-0ubuntu0.19.10.1

Ubuntu 18.04 LTS

thunderbird - 1:68.2.2+build1-0ubuntu0.18.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Thunderbird to make all the necessary changes.

References

• USN-4202-1
• LP: 1854150

git vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.10
• Ubuntu 19.04
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

Summary

Several security issues were fixed in Git.

Software Description

• git - fast, scalable, distributed revision control system

Details

Joern Schneeweisz and Nicolas Joly discovered that Git contained various security flaws. An attacker could possibly use these issues to overwrite arbitrary paths, execute arbitrary code, and overwrite files in the .git directory.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.10

git - 1:2.20.1-2ubuntu1.19.10.1

Ubuntu 19.04

git - 1:2.20.1-2ubuntu1.19.04.1

Ubuntu 18.04 LTS

git - 1:2.17.1-1ubuntu0.5

Ubuntu 16.04 LTS

git - 1:2.7.4-0ubuntu1.7

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• CVE-2019-1348
• CVE-2019-1349
• CVE-2019-1350
• CVE-2019-1351
• CVE-2019-1352
• CVE-2019-1353
• CVE-2019-1354
• CVE-2019-1387
• CVE-2019-19604

libssh vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.10
• Ubuntu 19.04
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

Summary

libssh could be made to run programs under certain conditions.

Software Description

• libssh - A tiny C SSH library

Details

It was discovered that libssh incorrectly handled certain scp commands. If a user or automated system were tricked into using a specially-crafted scp command, a remote attacker could execute arbitrary commands on the server.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.10

libssh-4 - 0.9.0-1ubuntu1.3

Ubuntu 19.04

libssh-4 - 0.8.6-3ubuntu0.3

Ubuntu 18.04 LTS

libssh-4 - 0.8.0~20170825.94fa1e38-1ubuntu0.5

Ubuntu 16.04 LTS

libssh-4 - 0.6.3-4.3ubuntu0.5

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• CVE-2019-14889

eglibc vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 14.04 ESM
• Ubuntu 12.04 ESM

Summary

GNU C Library could be made to execute arbitrary code or cause a crash if it received a specially crafted input.

Software Description

• eglibc - GNU C Library

Details

Jakub Wilk discovered that GNU C Library incorrectly handled certain memory alignments. An attacker could possibly use this issue to execute arbitrary code or cause a crash.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM

libc6 - 2.19-0ubuntu6.15+esm1

Ubuntu 12.04 ESM

libc6 - 2.15-0ubuntu10.22

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References

• CVE-2018-6485

samba vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.10
• Ubuntu 19.04
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

Summary

Several security issues were fixed in Samba.

Software Description

• samba - SMB/CIFS file, print, and login server for Unix

Details

Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. (CVE-2019-14861)

Isaac Boukris discovered that Samba did not enforce the Kerberos DelegationNotAllowed feature restriction, contrary to expectations. (CVE-2019-14870)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.10

libsmbclient - 2:4.10.7+dfsg-0ubuntu2.3

samba - 2:4.10.7+dfsg-0ubuntu2.3

Ubuntu 19.04

libsmbclient - 2:4.10.0+dfsg-0ubuntu2.7

samba - 2:4.10.0+dfsg-0ubuntu2.7

Ubuntu 18.04 LTS

libsmbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.14

samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.14

Ubuntu 16.04 LTS

libsmbclient - 2:4.3.11+dfsg-0ubuntu0.16.04.24

samba - 2:4.3.11+dfsg-0ubuntu0.16.04.24

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• CVE-2019-14861
• CVE-2019-14870

firefox vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.10
• Ubuntu 19.04
• Ubuntu 18.04 LTS

Summary

Firefox could be made to crash or run programs as your login if it opened a malicious website.

Software Description

• firefox - Mozilla Open Source web browser

Details

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.10

firefox - 71.0+build5-0ubuntu0.19.10.1

Ubuntu 19.04

firefox - 71.0+build5-0ubuntu0.19.04.1

Ubuntu 18.04 LTS

firefox - 71.0+build5-0ubuntu0.18.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make all the necessary changes.

References

• CVE-2019-11745
• CVE-2019-11756
• CVE-2019-17005
• CVE-2019-17008
• CVE-2019-17010
• CVE-2019-17011
• CVE-2019-17012
• CVE-2019-17013
• CVE-2019-17014

nss vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.04
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 14.04 ESM
• Ubuntu 12.04 ESM

Summary

NSS could be made to crash if it received a specially crafted certificate.

Software Description

• nss - Network Security Service library

Details

It was discovered that NSS incorrectly handled certain certificates. An attacker could possibly use this issue to cause a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04

libnss3 - 2:3.42-1ubuntu2.4

Ubuntu 18.04 LTS

libnss3 - 2:3.35-2ubuntu2.6

Ubuntu 16.04 LTS

libnss3 - 2:3.28.4-0ubuntu0.16.04.9

Ubuntu 14.04 ESM

libnss3 - 2:3.28.4-0ubuntu0.14.04.5+esm3

Ubuntu 12.04 ESM

libnss3 - 2:3.28.4-0ubuntu0.12.04.6

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References

• CVE-2019-17007

librabbitmq vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.10
• Ubuntu 19.04
• Ubuntu 14.04 ESM

Summary

RabbitMQ could be made to execute arbitrary code if it received a specially crafted input.

Software Description

• librabbitmq - Command-line utilities for interacting with AMQP servers

Details

It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.10

amqp-tools - 0.9.0-0.2ubuntu0.19.10.1

librabbitmq4 - 0.9.0-0.2ubuntu0.19.10.1

Ubuntu 19.04

amqp-tools - 0.9.0-0.2ubuntu0.19.04.1

librabbitmq4 - 0.9.0-0.2ubuntu0.19.04.1

Ubuntu 14.04 ESM

amqp-tools - 0.4.1-1ubuntu0.1~esm1

librabbitmq1 - 0.4.1-1ubuntu0.1~esm1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• CVE-2019-18609

squid, squid3 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.10
• Ubuntu 19.04
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

Summary

Several security issues were fixed in Squid.

Software Description

• squid - Web proxy cache server
• squid3 - Web proxy cache server

Details

Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks and access restricted servers. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-12523)

Jeriko One discovered that Squid incorrectly handed URN responses. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-12526)

Alex Rousskov discovered that Squid incorrectly handled certain strings. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 19.04. (CVE-2019-12854)

Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain input. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-18676)

Kristoffer Danielsson discovered that Squid incorrectly handled certain messages. This issue could result in traffic being redirected to origins it should not be delivered to. (CVE-2019-18677)

Régis Leroy discovered that Squid incorrectly handled certain HTTP request headers. A remote attacker could use this to smuggle HTTP requests and corrupt caches with arbitrary content. (CVE-2019-18678)

David Fifield discovered that Squid incorrectly handled HTTP Digest Authentication. A remote attacker could possibly use this issue to obtain pointer contents and bypass ASLR protections. (CVE-2019-18679)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.10

squid - 4.8-1ubuntu2.1

Ubuntu 19.04

squid - 4.4-1ubuntu2.3

Ubuntu 18.04 LTS

squid3 - 3.5.27-1ubuntu1.4

Ubuntu 16.04 LTS

squid3 - 3.5.12-1ubuntu7.9

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• CVE-2019-12523
• CVE-2019-12526
• CVE-2019-12854
• CVE-2019-18676
• CVE-2019-18677
• CVE-2019-18678
• CVE-2019-18679

haproxy vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.10
• Ubuntu 19.04
• Ubuntu 18.04 LTS

Summary

HAProxy could be made to execute arbitrary code if it received a specially crafted HTTP/2 header.

Software Description

• haproxy - fast and reliable load balancing reverse proxy

Details

Tim Düsterhus discovered that HAProxy incorrectly handled certain HTTP/2 headers. An attacker could possibly use this issue to execute arbitrary code through CRLF injection.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.10

haproxy - 2.0.5-1ubuntu0.3

Ubuntu 19.04

haproxy - 1.8.19-1ubuntu1.3

Ubuntu 18.04 LTS

haproxy - 1.8.8-1ubuntu0.9

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• CVE-2019-19330

intel-microcode regression

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 14.04 ESM

Summary

USN-4182-2 introduced a regression in the Intel Microcode for some Skylake processors.

Software Description

• intel-microcode - Processor microcode for Intel CPUs

Details

USN-4182-2 provided updated Intel Processor Microcode. A regression was discovered that caused some Skylake processors to hang after a warm reboot. This update reverts the microcode for that specific processor family.

We apologize for the inconvenience.

Original advisory details:

Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135)

It was discovered that certain Intel Xeon processors did not properly restrict access to a voltage modulation interface. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2019-11139)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM

intel-microcode - 3.20191115.1ubuntu0.14.04.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer.

References

• USN-4182-1
• LP: 1854764

intel-microcode regression

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.10
• Ubuntu 19.04
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

Summary

USN-4182-1 introduced a regression in the Intel Microcode for some Skylake processors.

Software Description

• intel-microcode - Processor microcode for Intel CPUs

Details

USN-4182-1 provided updated Intel Processor Microcode. A regression was discovered that caused some Skylake processors to hang after a warm reboot. This update reverts the microcode for that specific processor family.

We apologize for the inconvenience.

Original advisory details:

Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135)

It was discovered that certain Intel Xeon processors did not properly restrict access to a voltage modulation interface. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2019-11139)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.10

intel-microcode - 3.20191115.1ubuntu0.19.10.2

Ubuntu 19.04

intel-microcode - 3.20191115.1ubuntu0.19.04.2

Ubuntu 18.04 LTS

intel-microcode - 3.20191115.1ubuntu0.18.04.2

Ubuntu 16.04 LTS

intel-microcode - 3.20191115.1ubuntu0.16.04.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer.

References

• USN-4182-1
• LP: 1854764

postgresql-common vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 14.04 ESM

Summary

postgresql-common could be made to create arbitrary directories.

Software Description

• postgresql-common - PostgreSQL database-cluster manager

Details

USN-4194-1 fixed a vulnerability in postgresql-common. This update provides the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Rich Mirch discovered that the postgresql-common pg_ctlcluster script incorrectly handled directory creation. A local attacker could possibly use this issue to escalate privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM

postgresql-common - 154ubuntu1.1+esm1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• USN-4194-1
• CVE-2019-3466

graphicsmagick vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 18.04 LTS

Summary

Several security issues were fixed in GraphicsMagick.

Software Description

• graphicsmagick - collection of image processing tools

Details

It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS

graphicsmagick - 1.3.28-2ubuntu0.1

libgraphicsmagick++-q16-12 - 1.3.28-2ubuntu0.1

libgraphicsmagick-q16-3 - 1.3.28-2ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• CVE-2018-20184
• CVE-2018-20185
• CVE-2018-20189
• CVE-2019-11005
• CVE-2019-11006
• CVE-2019-11007
• CVE-2019-11008
• CVE-2019-11009
• CVE-2019-11010
• CVE-2019-11473
• CVE-2019-11474
• CVE-2019-11505
• CVE-2019-11506

linux-lts-xenial, linux-aws vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 14.04 ESM

Summary

Several security issues were fixed in the Linux kernel.

Software Description

• linux-aws - Linux kernel for Amazon Web Services (AWS) systems
• linux-lts-xenial - Linux hardware enablement kernel from Xenial for Trusty

Details

USN-4211-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM.

Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784)

Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-17133)

Nicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-17075)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM

linux-image-4.4.0-1059-aws - 4.4.0-1059.63

linux-image-4.4.0-170-generic - 4.4.0-170.199~14.04.1

linux-image-4.4.0-170-generic-lpae - 4.4.0-170.199~14.04.1

linux-image-4.4.0-170-lowlatency - 4.4.0-170.199~14.04.1

linux-image-4.4.0-170-powerpc-e500mc - 4.4.0-170.199~14.04.1

linux-image-4.4.0-170-powerpc-smp - 4.4.0-170.199~14.04.1

linux-image-4.4.0-170-powerpc64-emb - 4.4.0-170.199~14.04.1

linux-image-4.4.0-170-powerpc64-smp - 4.4.0-170.199~14.04.1

linux-image-aws - 4.4.0.1059.60

linux-image-generic-lpae-lts-xenial - 4.4.0.170.149

linux-image-generic-lts-xenial - 4.4.0.170.149

linux-image-lowlatency-lts-xenial - 4.4.0.170.149

linux-image-powerpc-e500mc-lts-xenial - 4.4.0.170.149

linux-image-powerpc-smp-lts-xenial - 4.4.0.170.149

linux-image-powerpc64-emb-lts-xenial - 4.4.0.170.149

linux-image-powerpc64-smp-lts-xenial - 4.4.0.170.149

linux-image-virtual-lts-xenial - 4.4.0.170.149

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References

• USN-4211-1
• CVE-2018-20784
• CVE-2019-17075
• CVE-2019-17133

linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 16.04 LTS

Summary

Several security issues were fixed in the Linux kernel.

Software Description

• linux - Linux kernel
• linux-aws - Linux kernel for Amazon Web Services (AWS) systems
• linux-kvm - Linux kernel for cloud environments
• linux-raspi2 - Linux kernel for Raspberry Pi 2
• linux-snapdragon - Linux kernel for Snapdragon processors

Details

Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784)

Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-17133)

Nicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-17075)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS

linux-image-4.4.0-1063-kvm - 4.4.0-1063.70

linux-image-4.4.0-1099-aws - 4.4.0-1099.110

linux-image-4.4.0-1126-raspi2 - 4.4.0-1126.135

linux-image-4.4.0-1130-snapdragon - 4.4.0-1130.138

linux-image-4.4.0-170-generic - 4.4.0-170.199

linux-image-4.4.0-170-generic-lpae - 4.4.0-170.199

linux-image-4.4.0-170-lowlatency - 4.4.0-170.199

linux-image-4.4.0-170-powerpc-e500mc - 4.4.0-170.199

linux-image-4.4.0-170-powerpc-smp - 4.4.0-170.199

linux-image-4.4.0-170-powerpc64-emb - 4.4.0-170.199

linux-image-4.4.0-170-powerpc64-smp - 4.4.0-170.199

linux-image-aws - 4.4.0.1099.103

linux-image-generic - 4.4.0.170.178

linux-image-generic-lpae - 4.4.0.170.178

linux-image-kvm - 4.4.0.1063.63

linux-image-lowlatency - 4.4.0.170.178

linux-image-powerpc-e500mc - 4.4.0.170.178

linux-image-powerpc-smp - 4.4.0.170.178

linux-image-powerpc64-emb - 4.4.0.170.178

linux-image-powerpc64-smp - 4.4.0.170.178

linux-image-raspi2 - 4.4.0.1126.126

linux-image-snapdragon - 4.4.0.1130.122

linux-image-virtual - 4.4.0.170.178

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References

• CVE-2018-20784
• CVE-2019-17075
• CVE-2019-17133

linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

Summary

Several security issues were fixed in the Linux kernel.

Software Description

• linux - Linux kernel
• linux-aws - Linux kernel for Amazon Web Services (AWS) systems
• linux-gke-4.15 - Linux kernel for Google Container Engine (GKE) systems
• linux-kvm - Linux kernel for cloud environments
• linux-oem - Linux kernel for OEM processors
• linux-oracle - Linux kernel for Oracle Cloud systems
• linux-raspi2 - Linux kernel for Raspberry Pi 2
• linux-snapdragon - Linux kernel for Snapdragon processors
• linux-aws-hwe - Linux kernel for Amazon Web Services (AWS-HWE) systems
• linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
• linux-hwe - Linux hardware enablement (HWE) kernel

Details

It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746)

Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-17133)

It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19060)

It was discovered that the Intel OPA Gen1 Infiniband Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19065)

It was discovered that the Cascoda CA8210 SPI 802.15.4 wireless controller driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19075)

Nicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-17075)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS

linux-image-4.15.0-1030-oracle - 4.15.0-1030.33

linux-image-4.15.0-1049-gke - 4.15.0-1049.52

linux-image-4.15.0-1051-kvm - 4.15.0-1051.51

linux-image-4.15.0-1052-raspi2 - 4.15.0-1052.56

linux-image-4.15.0-1056-aws - 4.15.0-1056.58

linux-image-4.15.0-1065-oem - 4.15.0-1065.75

linux-image-4.15.0-1069-snapdragon - 4.15.0-1069.76

linux-image-4.15.0-72-generic - 4.15.0-72.81

linux-image-4.15.0-72-generic-lpae - 4.15.0-72.81

linux-image-4.15.0-72-lowlatency - 4.15.0-72.81

linux-image-aws - 4.15.0.1056.57

linux-image-aws-lts-18.04 - 4.15.0.1056.57

linux-image-generic - 4.15.0.72.74

linux-image-generic-lpae - 4.15.0.72.74

linux-image-gke - 4.15.0.1049.52

linux-image-gke-4.15 - 4.15.0.1049.52

linux-image-kvm - 4.15.0.1051.51

linux-image-lowlatency - 4.15.0.72.74

linux-image-oem - 4.15.0.1065.69

linux-image-oracle - 4.15.0.1030.35

linux-image-oracle-lts-18.04 - 4.15.0.1030.35

linux-image-powerpc-e500mc - 4.15.0.72.74

linux-image-powerpc-smp - 4.15.0.72.74

linux-image-powerpc64-emb - 4.15.0.72.74

linux-image-powerpc64-smp - 4.15.0.72.74

linux-image-raspi2 - 4.15.0.1052.50

linux-image-snapdragon - 4.15.0.1069.72

linux-image-virtual - 4.15.0.72.74

Ubuntu 16.04 LTS

linux-image-4.15.0-1030-oracle - 4.15.0-1030.33~16.04.1

linux-image-4.15.0-1050-gcp - 4.15.0-1050.53

linux-image-4.15.0-1056-aws - 4.15.0-1056.58~16.04.1

linux-image-4.15.0-72-generic - 4.15.0-72.81~16.04.1

linux-image-4.15.0-72-generic-lpae - 4.15.0-72.81~16.04.1

linux-image-4.15.0-72-lowlatency - 4.15.0-72.81~16.04.1

linux-image-aws-hwe - 4.15.0.1056.56

linux-image-gcp - 4.15.0.1050.64

linux-image-generic-hwe-16.04 - 4.15.0.72.92

linux-image-generic-lpae-hwe-16.04 - 4.15.0.72.92

linux-image-gke - 4.15.0.1050.64

linux-image-lowlatency-hwe-16.04 - 4.15.0.72.92

linux-image-oem - 4.15.0.72.92

linux-image-oracle - 4.15.0.1030.23

linux-image-virtual-hwe-16.04 - 4.15.0.72.92

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References

• CVE-2019-16746
• CVE-2019-17075
• CVE-2019-17133
• CVE-2019-19060
• CVE-2019-19065
• CVE-2019-19075