Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu: 4208-1 Moderate: Linux Kernel Denial Of Service Issues

ubuntu
Calendar Grey December 2, 2019
Dist Ubuntu Esm H88
=========================================================================Ubuntu Security Notice USN-
Several security issues were fixed in the Linux kernel.

Summary

Several security issues were fixed in the Linux kernel.

Software Description:

- linux: Linux kernel

- linux-aws: Linux kernel for Amazon Web Services (AWS) systems

- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems

- linux-kvm: Linux kernel for cloud environments

- linux-oracle: Linux kernel for Oracle Cloud systems

- linux-gcp-5.3: Linux kernel for Google Cloud Platform (GCP) systems

Details:

Jann Horn discovered that the OverlayFS and ShiftFS Drivers in the Linux

kernel did not properly handle reference counting during memory mapping

operations when used in conjunction with AUFS. A local attacker could use

this to cause a denial of service (system crash) or possibly execute

arbitrary code. (CVE-2019-15794)

Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel

did not properly validate SSID lengths. A physically proximate attacker

could use this to cause a denial of service (system crash).

(CVE-2019-17133)

It was discovered that the ARM Kome...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
  linux-image-5.3.0-1007-oracle   5.3.0-1007.8
  linux-image-5.3.0-1008-aws      5.3.0-1008.9
  linux-image-5.3.0-1008-kvm      5.3.0-1008.9
  linux-image-5.3.0-1009-gcp      5.3.0-1009.10
  linux-image-5.3.0-24-generic    5.3.0-24.26
  linux-image-5.3.0-24-generic-lpae  5.3.0-24.26
  linux-image-5.3.0-24-lowlatency  5.3.0-24.26
  linux-image-5.3.0-24-snapdragon  5.3.0-24.26
  linux-image-aws                 5.3.0.1008.10
  linux-image-gcp                 5.3.0.1009.10
  linux-image-generic             5.3.0.24.28
  linux-image-generic-lpae        5.3.0.24.28
  linux-image-gke                 5.3.0.1009.10
  linux-image-kvm                 5.3.0.1008.10
  linux-image-lowlatency          5.3.0.24.28
  linux-image-oracle              5.3.0.1007.8
  linux-image-snapdragon          5.3.0.24.28
  linux-image-virtual             5.3.0.24.28

Ubuntu 18.04 LTS:
  linux-image-5.3.0-1009-gcp      5.3.0-1009.10~18.04.1
  linux-image-gcp-edge            5.3.0.1009.9

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

https://ubuntu.com/security/notices/USN-4208-1

CVE-2019-15794, CVE-2019-17075, CVE-2019-17133, CVE-2019-18810,

CVE-2019-19048, CVE-2019-19060, CVE-2019-19061, CVE-2019-19065,

CVE-2019-19067, CVE-2019-19069, CVE-2019-19075, CVE-2019-19083

December 02, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here