[월:] 2020년 01월

USN-4254-2: Linux kernel (Xenial HWE) vulnerabilities linux-lts-xenial, linux-aws vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary Several security issues were fixed in the Linux kernel. Software Description linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-4254-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker [ more… ]

USN-4258-1: Linux kernel vulnerabilities linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-oracle-5.0 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux-aws-5.0 – Linux kernel for Amazon Web Services (AWS) systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-gke-5.0 – Linux kernel for Google Container Engine (GKE) systems linux-oracle-5.0 – Linux kernel for Oracle Cloud systems Details It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15099) It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write access to /dev/video0 on a system with [ more… ]

USN-4253-2: Linux kernel (HWE) vulnerability linux-hwe vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary he Linux kernel could be made to expose sensitive information. Software Description linux-hwe – Linux hardware enablement (HWE) kernel Details USN-4253-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 19.10 for Ubuntu 18.04 LTS. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS linux-image-5.3.0-28-generic – 5.3.0-28.30~18.04.1 linux-image-5.3.0-28-generic-lpae – 5.3.0-28.30~18.04.1 linux-image-5.3.0-28-lowlatency – 5.3.0-28.30~18.04.1 linux-image-generic-hwe-18.04 – 5.3.0.28.96 linux-image-generic-lpae-hwe-18.04 – 5.3.0.28.96 linux-image-lowlatency-hwe-18.04 – 5.3.0.28.96 [ more… ]