Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 502
Alerts This Week
Warning Icon 1 502

Ubuntu 18.04: USN-5136-1 Moderate: Kernel Denial Of Service Issues

ubuntu
Calendar Grey November 8, 2021
Dist Ubuntu Esm H88
Several kernel vulnerabilities were addressed in Ubuntu versions 20.04, 18.10, and 16.04, impacting a range of Linux systems.
Several security issues were fixed in the Linux kernel.

Summary

Several security issues were fixed in the Linux kernel.

Software Description:

- linux: Linux kernel

- linux-aws: Linux kernel for Amazon Web Services (AWS) systems

- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems

- linux-dell300x: Linux kernel for Dell 300x platforms

- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems

- linux-kvm: Linux kernel for cloud environments

- linux-oracle: Linux kernel for Oracle Cloud systems

- linux-raspi2: Linux kernel for Raspberry Pi systems

- linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems

- linux-azure: Linux kernel for Microsoft Azure Cloud systems

- linux-hwe: Linux hardware enablement (HWE) kernel

Details:

It was discovered that the f2fs file system in the Linux kernel did not

properly validate metadata in some situations. An attacker could use this

to construct a malicious f2fs image that, when mounted and operated on,

...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  linux-image-4.15.0-1030-dell300x  4.15.0-1030.35
  linux-image-4.15.0-1083-oracle  4.15.0-1083.91
  linux-image-4.15.0-1098-raspi2  4.15.0-1098.104
  linux-image-4.15.0-1102-kvm     4.15.0-1102.104
  linux-image-4.15.0-1111-gcp     4.15.0-1111.125
  linux-image-4.15.0-1115-aws     4.15.0-1115.122
  linux-image-4.15.0-1115-snapdragon  4.15.0-1115.124
  linux-image-4.15.0-1126-azure   4.15.0-1126.139
  linux-image-4.15.0-162-generic  4.15.0-162.170
  linux-image-4.15.0-162-generic-lpae  4.15.0-162.170
  linux-image-4.15.0-162-lowlatency  4.15.0-162.170
  linux-image-aws-lts-18.04       4.15.0.1115.118
  linux-image-azure-lts-18.04     4.15.0.1126.99
  linux-image-dell300x            4.15.0.1030.32
  linux-image-gcp-lts-18.04       4.15.0.1111.130
  linux-image-generic             4.15.0.162.151
  linux-image-generic-lpae        4.15.0.162.151
  linux-image-kvm                 4.15.0.1102.98
  linux-image-lowlatency          4.15.0.162.151
  linux-image-oracle-lts-18.04    4.15.0.1083.93
  linux-image-raspi2              4.15.0.1098.96
  linux-image-snapdragon          4.15.0.1115.118
  linux-image-virtual             4.15.0.162.151

Ubuntu 16.04 ESM:
  linux-image-4.15.0-1083-oracle  4.15.0-1083.91~16.04.1
  linux-image-4.15.0-1115-aws     4.15.0-1115.122~16.04.1
  linux-image-4.15.0-1126-azure   4.15.0-1126.139~16.04.1
  linux-image-4.15.0-162-generic  4.15.0-162.170~16.04.1
  linux-image-4.15.0-162-lowlatency  4.15.0-162.170~16.04.1
  linux-image-aws-hwe             4.15.0.1115.105
  linux-image-azure               4.15.0.1126.117
  linux-image-generic-hwe-16.04   4.15.0.162.155
  linux-image-lowlatency-hwe-16.04  4.15.0.162.155
  linux-image-oem                 4.15.0.162.155
  linux-image-oracle              4.15.0.1083.71
  linux-image-virtual-hwe-16.04   4.15.0.162.155

Ubuntu 14.04 ESM:
  linux-image-4.15.0-1126-azure   4.15.0-1126.139~14.04.1
  linux-image-azure               4.15.0.1126.99

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

https://ubuntu.com/security/notices/USN-5136-1

CVE-2019-19449, CVE-2020-36322, CVE-2020-36385, CVE-2021-3655,

CVE-2021-3743, CVE-2021-3753, CVE-2021-3759, CVE-2021-38199,

CVE-2021-42252

November 09, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.