Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

Ubuntu 18.04 LTS: 0051-1 High: Kernel Speculative Execution Threat

ubuntu
Calendar Grey May 14, 2019
Dist Ubuntu Esm H88
Urgent security update issued for Ubuntu to address speculative execution flaws in processors. Take action immediately!
On May 14, fixes for CVE-2018-12126, CVE-2018-12127, CVE-2018-12130,and CVE-2019-11091 were released into the Ubuntu Xenial and Bionickernels

Summary

On May 14, fixes for CVE-2018-12126, CVE-2018-12127, CVE-2018-12130,

and CVE-2019-11091 were released into the Ubuntu Xenial and Bionic

kernels. These CVEs are security vulnerabilities caused by flaws in the

design of speculative execution hardware in the computer's CPU.

Researchers discovered that memory contents previously stored in

microarchitectural buffers of an Intel CPU core may be visible to other

processes running on the same core.

Details on the vulnerability and our response can be found here:

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS

Due to the high complexity of the fixes and the need for a corresponding

CPU microcode update for a complete fix, we are unable to livepatch these

CVEs. Please plan to reboot into an updated kernel as soon as possible.

Software Description:

- linux: Linux kernel

Update Instructions

Users running Ubuntu 18.04 LTS should upgrade to kernel version 4.15.0-50.54
or later.

Users running Ubuntu 16.04 LTS or 14.04 LTS should upgrade to kernel version 
4.4.0-148.174 or later.

References

CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091

--

ubuntu-security-announce mailing list

ubuntu-security-announce@lists.ubuntu.com

Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

May 14, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.