Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 502
Alerts This Week
Warning Icon 1 502

Ubuntu 18.04 LTS: 0054-1 Critical: Kernel Denial Of Service Risks

ubuntu
Calendar Grey August 28, 2019
Dist Ubuntu Esm H88
Several kernel vulnerabilities resolved in Ubuntu impacting a range of editions. It is advisable to perform an update to preserve security integrity.
Several security issues were fixed in the kernel.

Summary

Several security issues were fixed in the kernel.

Software Description:

- linux: Linux kernel

Details:

It was discovered that the USB video device class implementation in the

Linux kernel did not properly validate control bits, resulting in an out of

bounds buffer read. A local attacker could use this to possibly expose

sensitive information (kernel memory). (CVE-2019-2101)

It was discovered that the Marvell Wireless LAN device driver in the Linux

kernel did not properly validate the BSS descriptor. A local attacker could

possibly use this to cause a denial of service (system crash) or possibly

execute arbitrary code. (CVE-2019-3846)

It was discovered that a heap buffer overflow existed in the Marvell

Wireless LAN device driver for the Linux kernel. An attacker could use this

to cause a denial of service (system crash) or possibly execute arbitrary

code. (CVE-2019-10126)

It was discovered that the PowerPC dlpar implementation in the Linux kernel

did not properly check for all...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your livepatches to the following
versions:

| Kernel                   | Version  | flavors                  |
|--------------------------+----------+--------------------------|
| 4.4.0-148.174            | 54.1     | lowlatency, generic      |
| 4.4.0-150.176            | 54.1     | generic, lowlatency      |
| 4.4.0-151.178            | 54.1     | lowlatency, generic      |
| 4.4.0-154.181            | 54.1     | lowlatency, generic      |
| 4.4.0-157.185            | 54.1     | lowlatency, generic      |
| 4.15.0-50.54             | 54.2     | generic, lowlatency      |
| 4.15.0-50.54~16.04.1     | 54.2     | generic, lowlatency      |
| 4.15.0-51.55             | 54.2     | generic, lowlatency      |
| 4.15.0-51.55~16.04.1     | 54.2     | generic, lowlatency      |
| 4.15.0-52.56             | 54.2     | lowlatency, generic      |
| 4.15.0-52.56~16.04.1     | 54.2     | generic, lowlatency      |
| 4.15.0-54.58             | 54.2     | generic, lowlatency      |
| 4.15.0-54.58~16.04.1     | 54.2     | generic, lowlatency      |
| 4.15.0-55.60             | 54.2     | generic, lowlatency      |

References

CVE-2018-1129, CVE-2019-2101, CVE-2019-3846, CVE-2019-10126,

CVE-2019-12614, CVE-2019-12818, CVE-2019-12819, CVE-2019-12984,

CVE-2019-13272

--

ubuntu-security-announce mailing list

ubuntu-security-announce@lists.ubuntu.com

Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Severity
critical
Lowest
Low
Medium
High
Critical

August 28, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.