Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in the kernel.
Note that due to a client issue, this livepatch may report that it failed to
load. You can verify that the patch has successfully loaded by looking in
/sys/kernel/livepatch for a directory starting with the name "lkp_Ubuntu,"
followed by your kernel version, and ending with the version number, "44."
The next client update should correct this problem.
Software Description:
- linux: Linux kernel
Details:
It was discovered that memory present in the L1 data cache of an Intel CPU
core may be exposed to a malicious process that is executing on the CPU
core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local
attacker could use this to expose sensitive information (memory from the
kernel or other processes). (CVE-2018-3620)
It was discovered that the paravirtualization implementation in the Linux
kernel did not properly handle some indirect calls, reducing the
effectiveness of Spectre v2 mitigations for paravirtual...
The problem can be corrected by updating your livepatches to the following versions: | Kernel | Version | flavors | |--------------------------+----------+--------------------------| | 4.4.0-133.159 | 44.1 | generic, lowlatency | | 4.4.0-133.159~14.04.1 | 44.1 | lowlatency, generic | | 4.4.0-134.160 | 44.1 | generic, lowlatency | | 4.4.0-134.160~14.04.1 | 44.1 | lowlatency, generic | | 4.4.0-135.161~14.04.1 | 44.1 | lowlatency, generic | | 4.15.0-32.35 | 44.1 | lowlatency, generic | | 4.15.0-32.35~16.04.1 | 44.1 | generic, lowlatency | | 4.15.0-33.36 | 44.1 | lowlatency, generic | | 4.15.0-33.36~16.04.1 | 44.1 | lowlatency, generic | | 4.15.0-34.37 | 44.1 | generic, lowlatency | | 4.15.0-34.37~16.04.1 | 44.2 | lowlatency, generic |
CVE-2018-3620, CVE-2018-15594, CVE-2018-3646, CVE-2018-6555,
CVE-2018-14633, CVE-2018-15572, CVE-2018-17182
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Get the latest Linux and open source security news straight to your inbox.