SECURITY

USN-4368-1: Linux kernel vulnerabilities linux-gke-5.0, linux-oem-osp1 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux-gke-5.0 – Linux kernel for Google Container Engine (GKE) systems linux-oem-osp1 – Linux kernel for OEM systems Details Tristan Madani discovered that the file locking implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service or expose sensitive information. (CVE-2019-19769) It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-11494) It was discovered that the linux kernel did not properly validate certain mount options to the tmpfs virtual memory file system. A local attacker [ more… ]

USN-4367-1: Linux kernel vulnerabilities linux, linux-aws, linux-gcp, linux-kvm, linux-oracle, linux-riscv vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-kvm – Linux kernel for cloud environments linux-oracle – Linux kernel for Oracle Cloud systems linux-riscv – Linux kernel for RISC-V systems Details It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service (system crash). (CVE-2019-19377) It was discovered that the linux kernel did [ more… ]

USN-4366-1: Exim vulnerability exim4 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Summary Exim could be made to access sensitive information or bypass authentication if it received a specially crafted input. Software Description exim4 – Exim is a mail transport agent Details It was discovered that Exim incorrectly handled certain inputs. An remote attacker could possibly use this issue to access sensitive information or authentication bypass. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS exim4-base – 4.93-13ubuntu1.1 exim4-daemon-heavy – 4.93-13ubuntu1.1 exim4-daemon-light – 4.93-13ubuntu1.1 Ubuntu 19.10 exim4-base – 4.92.1-1ubuntu3.1 exim4-daemon-heavy – 4.92.1-1ubuntu3.1 exim4-daemon-light – 4.92.1-1ubuntu3.1 Ubuntu 18.04 LTS exim4-base – 4.90.1-1ubuntu1.5 exim4-daemon-heavy – 4.90.1-1ubuntu1.5 exim4-daemon-light – 4.90.1-1ubuntu1.5 Ubuntu 16.04 LTS exim4-base – [ more… ]

USN-4365-1: Bind vulnerabilities bind9 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Bind. Software Description bind9 – Internet Domain Name Server Details Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Bind incorrectly limited certain fetches. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service, or possibly use Bind to perform a reflection attack. (CVE-2020-8616) Tobias Klein discovered that Bind incorrectly handled checking TSIG validity. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly perform other attacks. (CVE-2020-8617) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 [ more… ]

USN-4364-1: Linux kernel vulnerabilities linux, linux-aws, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 ESM Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-raspi2 – Linux kernel for Raspberry Pi (V7) systems linux-snapdragon – Linux kernel for Qualcomm Snapdragon processors linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19060) It was discovered that the vhost net driver in the Linux kernel contained a stack buffer overflow. A local attacker with the [ more… ]