Ubuntu 0051-1: Linux kernel vulnerability

    Date14 May 2019
    CategoryUbuntu
    14146
    Posted ByLinuxSecurity Advisories
    On May 14, fixes for CVE-2018-12126, CVE-2018-12127, CVE-2018-12130,and CVE-2019-11091 were released into the Ubuntu Xenial and Bionickernels. These CVEs are security vulnerabilities caused by flaws in thedesign of speculative execution hardware in the computer's CPU.Researchers discovered that memory contents previously stored in [More...]
    ==========================================================================
    Kernel Live Patch Security Notice 0051-1
    May 14, 2019
    
    linux vulnerability
    ==========================================================================
    
    A security issue affects these releases of Ubuntu:
    
    | Series           | Base kernel  | Arch     | flavors          |
    |------------------+--------------+----------+------------------|
    | Ubuntu 18.04 LTS | 4.15.0       | amd64    | generic          |
    | Ubuntu 18.04 LTS | 4.15.0       | amd64    | lowlatency       |
    | Ubuntu 16.04 LTS | 4.4.0        | amd64    | generic          |
    | Ubuntu 16.04 LTS | 4.4.0        | amd64    | lowlatency       |
    | Ubuntu 14.04 LTS | 4.4.0        | amd64    | generic          |
    | Ubuntu 14.04 LTS | 4.4.0        | amd64    | lowlatency       |
    
    Summary:
    
    On May 14, fixes for CVE-2018-12126, CVE-2018-12127, CVE-2018-12130,
    and CVE-2019-11091 were released into the Ubuntu Xenial and Bionic
    kernels. These CVEs are security vulnerabilities caused by flaws in the
    design of speculative execution hardware in the computer's CPU.
    Researchers discovered that memory contents previously stored in
    microarchitectural buffers of an Intel CPU core may be visible to other
    processes running on the same core.
    
    Details on the vulnerability and our response can be found here:
    https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS
    
    Due to the high complexity of the fixes and the need for a corresponding
    CPU microcode update for a complete fix, we are unable to livepatch these
    CVEs. Please plan to reboot into an updated kernel as soon as possible.
    
    Software Description:
    - linux: Linux kernel
    
    Update instructions:
    
    Users running Ubuntu 18.04 LTS should upgrade to kernel version 4.15.0-50.54
    or later.
    
    Users running Ubuntu 16.04 LTS or 14.04 LTS should upgrade to kernel version 
    4.4.0-148.174 or later.
    
    References:
      CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091
    
    
    
    -- 
    ubuntu-security-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    23
    radio
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"6","type":"x","order":"2","pct":60,"resources":[]},{"id":"86","title":"No","votes":"4","type":"x","order":"3","pct":40,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.