[월:] 2020년 01월

USN-4255-1: Linux kernel vulnerabilities linux, linux-aws, linux-oem vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-oem – Linux kernel for OEM processors Details It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that a race condition can lead to a use-after-free while destroying GEM contexts in the i915 driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-7053) Update instructions The problem can be corrected by [ more… ]

USN-4254-1: Linux kernel vulnerabilities linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors Details It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write access to /dev/video0 on a system with the vivid module loaded could possibly [ more… ]

USN-4253-1: Linux kernel vulnerability linux, linux-aws vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Summary The Linux kernel could be made to expose sensitive information. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems Details It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 linux-image-5.3.0-1010-aws – 5.3.0-1010.11 linux-image-5.3.0-29-generic – 5.3.0-29.31 linux-image-5.3.0-29-generic-lpae – 5.3.0-29.31 linux-image-5.3.0-29-lowlatency – 5.3.0-29.31 linux-image-5.3.0-29-snapdragon – 5.3.0-29.31 linux-image-aws – 5.3.0.1010.12 linux-image-generic – 5.3.0.29.33 linux-image-generic-lpae – 5.3.0.29.33 linux-image-lowlatency – 5.3.0.29.33 linux-image-virtual – 5.3.0.29.33 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system [ more… ]