ubuntu-usn

USN-4392-1: Linux kernel vulnerabilities linux, linux-lts-trusty vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise ESM Details It was discovered that the Marvell WiFi-Ex Driver in the Linux kernel did not properly validate status lengths in messages received from an access point, leading to a buffer overflow. A physically proximate attacker controlling an access point could use this to construct messages that could possibly result in arbitrary code execution. (CVE-2020-12654) It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the [ more… ]

USN-4391-1: Linux kernel vulnerabilities linux, linux-aws, linux-kvm vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 ESM Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-kvm – Linux kernel for cloud environments linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle setxattr operations in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19319) It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be [ more… ]

USN-4390-1: Linux kernel vulnerabilities linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-azure-4.15 – Linux kernel for Microsoft Azure Cloud systems linux-gke-4.15 – Linux kernel for Google Container Engine (GKE) systems linux-kvm – Linux kernel for cloud environments linux-oem – Linux kernel for OEM systems linux-oracle – Linux kernel for Oracle Cloud systems linux-aws-hwe – Linux kernel for Amazon Web Services (AWS-HWE) systems linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-hwe – Linux hardware enablement (HWE) kernel Details [ more… ]

USN-4389-1: Linux kernel vulnerabilities linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-kvm – Linux kernel for cloud environments linux-oracle – Linux kernel for Oracle Cloud systems Details It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-0067) It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and [ more… ]

USN-4388-1: Linux kernel vulnerabilities linux-gke-5.0, linux-oem-osp1 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux-gke-5.0 – Linux kernel for Google Container Engine (GKE) systems linux-oem-osp1 – Linux kernel for OEM systems Details It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-0067) It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) [ more… ]