Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 517
Alerts This Week
Warning Icon 1 517

Ubuntu 18.04 & 16.04: 0056-1 Critical Host Crash Security Advisory

ubuntu
Calendar Grey September 20, 2019
Dist Ubuntu Esm H88
Ubuntu has identified critical kernel vulnerabilities, including buffer overflows and privilege escalations, requiring users to update systems without delay
Several security issues were fixed in the kernel.

Summary

Several security issues were fixed in the kernel.

Software Description:

- linux: Linux kernel

Details:

Peter Pi discovered a buffer overflow in the virtio network backend

(vhost_net) implementation in the Linux kernel. An attacker in a guest may

be able to use this to cause a denial of service (host OS crash) or

possibly execute arbitrary code in the host OS. (CVE-2019-14835)

Update Instructions

The problem can be corrected by updating your livepatches to the following
versions:

| Kernel                   | Version  | flavors                  |
|--------------------------+----------+--------------------------|
| 4.4.0-148.174            | 56.1     | lowlatency, generic      |
| 4.4.0-150.176            | 56.1     | generic, lowlatency      |
| 4.4.0-151.178            | 56.1     | lowlatency, generic      |
| 4.4.0-154.181            | 56.1     | lowlatency, generic      |
| 4.4.0-157.185            | 56.1     | lowlatency, generic      |
| 4.4.0-159.187            | 56.1     | lowlatency, generic      |
| 4.4.0-161.189            | 56.1     | lowlatency, generic      |
| 4.15.0-50.54             | 56.1     | generic, lowlatency      |
| 4.15.0-50.54~16.04.1     | 56.1     | generic, lowlatency      |
| 4.15.0-51.55             | 56.1     | generic, lowlatency      |
| 4.15.0-51.55~16.04.1     | 56.1     | generic, lowlatency      |
| 4.15.0-52.56             | 56.1     | lowlatency, generic      |
| 4.15.0-52.56~16.04.1     | 56.1     | generic, lowlatency      |
| 4.15.0-54.58             | 56.1     | generic, lowlatency      |
| 4.15.0-54.58~16.04.1     | 56.1     | generic, lowlatency      |
| 4.15.0-55.60             | 56.1     | generic, lowlatency      |
| 4.15.0-58.64             | 56.1     | generic, lowlatency      |
| 4.15.0-58.64~16.04.1     | 56.1     | lowlatency, generic      |
| 4.15.0-60.67             | 56.1     | lowlatency, generic      |
| 4.15.0-60.67~16.04.1     | 56.1     | generic, lowlatency      |
| 4.15.0-62.69             | 56.1     | generic, lowlatency      |
| 4.15.0-62.69~16.04.1     | 56.1     | lowlatency, generic      |

Support Information:

Kernels older than the levels listed below do not receive livepatch
updates. Please upgrade your kernel as soon as possible.

| Series           | Version          | Flavors                  |
|------------------+------------------+--------------------------|
| Ubuntu 18.04 LTS | 4.15.0-50        | generic lowlatency       |
| Ubuntu 16.04 LTS | 4.15.0-50        | generic lowlatency       |
| Ubuntu 14.04 LTS | 4.4.0-148        | generic lowlatency       |
| Ubuntu 16.04 LTS | 4.4.0-148        | generic lowlatency       |

References

CVE-2019-14835

--

ubuntu-security-announce mailing list

ubuntu-security-announce@lists.ubuntu.com

Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Severity
critical
Lowest
Low
Medium
High
Critical

September 20, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.