==========================================================================
Ubuntu Security Notice USN-3836-1
December 03, 2018

linux, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux: Linux kernel
– linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
– linux-kvm: Linux kernel for cloud environments
– linux-raspi2: Linux kernel for Raspberry Pi 2

Details:

Jann Horn discovered that the Linux kernel mishandles mapping UID or GID
ranges inside nested user namespaces in some situations. A local attacker
could use this to bypass access controls on resources outside the
namespace. (CVE-2018-18955)

Philipp Wendler discovered that the overlayfs implementation in the Linux
kernel did not properly verify the directory contents permissions from
within a unprivileged user namespace. A local attacker could use this to
expose sensitive information (protected file names). (CVE-2018-6559)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
linux-image-4.15.0-1025-gcp 4.15.0-1025.26
linux-image-4.15.0-1027-kvm 4.15.0-1027.27
linux-image-4.15.0-1029-raspi2 4.15.0-1029.31
linux-image-4.15.0-42-generic 4.15.0-42.45
linux-image-4.15.0-42-generic-lpae 4.15.0-42.45
linux-image-4.15.0-42-lowlatency 4.15.0-42.45
linux-image-4.15.0-42-snapdragon 4.15.0-42.45
linux-image-gcp 4.15.0.1025.27
linux-image-generic 4.15.0.42.44
linux-image-generic-lpae 4.15.0.42.44
linux-image-gke 4.15.0.1025.27
linux-image-kvm 4.15.0.1027.27
linux-image-lowlatency 4.15.0.42.44
linux-image-raspi2 4.15.0.1029.27
linux-image-snapdragon 4.15.0.42.44

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/usn/usn-3836-1
CVE-2018-18955, CVE-2018-6559

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.15.0-42.45
https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1025.26
https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1027.27
https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1029.31

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAlwFkAgACgkQLwmejQBe
gfTIEQ//Zx6Z8Cp7j6kDht8WifyyZdLUdXGcV3xnM2uNyXUiUD/QEcSK/EESqP+B
815mRc6VN0NjUaSOXwQM38tF+tuazMEO9xy6Ld7peg+8Q5GarxSJFURcJUx6dZFT
tjITwNPtgZbnN7qLlSWN+TUe+SzYksrXF6ojUcAU1huKHheM07Gpj3OoKaE/40s+
3UYVW96BWDyykUT5aHXrN3WxeGK+Hm0CBYecKw2ZBhp3P2S3s9UptigpcFtilu8w
xKfqkoksWFq38b3cmcSTEhsrX1acnZ4walPianM1B/BfmKfx5Dfp8A7Vd60hCCyE
H0zC4ccyRY+I29kXY92YFTkQrQsTem0amgVxSH4+7oaEqr6TmY2UFiUFz8vkzod/
uICz3cCgel+XKavtoyrVELmBAXts0bbf4vcwN+Am/GWn9K5YUFJAV9uwNVZ7G8a7
GhfiIckICIYCCGY3ilZkPSjdvHmwNwjhBMzt6CyRIuzG0aqHor2WJR1olf0exRDE
dibFxJAy5kETbkhaX68fYi5MruAIFzrimGJ3F0lu5xY5v7NLNTM/2texChUdsJXH
AVSm8zAhDSZxvdhUb+bkapzhT+RwvCMkoukwGE0Zvts8Bm2hagUg/rV3NYxw3nRD
2j/fqtSu1D2Rkt6U/1psRvuNnyUQ6tAL9Ktn8uqw8Zk9daKXoeM=
=GWZA
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3835-1
December 03, 2018

linux, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.10

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux: Linux kernel
– linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
– linux-kvm: Linux kernel for cloud environments
– linux-raspi2: Linux kernel for Raspberry Pi 2

Details:

Jann Horn discovered that the procfs file system implementation in the
Linux kernel did not properly restrict the ability to inspect the kernel
stack of an arbitrary task. A local attacker could use this to expose
sensitive information. (CVE-2018-17972)

Jann Horn discovered that the mremap() system call in the Linux kernel did
not properly flush the TLB when completing, potentially leaving access to a
physical page after it has been released to the page allocator. A local
attacker could use this to cause a denial of service (system crash), expose
sensitive information, or possibly execute arbitrary code. (CVE-2018-18281)

It was discovered that the BPF verifier in the Linux kernel did not
correctly compute numeric bounds in some situations. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2018-18445)

Daniel Dadap discovered that the module loading implementation in the Linux
kernel did not properly enforce signed module loading when booted with UEFI
Secure Boot in some situations. A local privileged attacker could use this
to execute untrusted code in the kernel. (CVE-2018-18653)

Jann Horn discovered that the Linux kernel mishandles mapping UID or GID
ranges inside nested user namespaces in some situations. A local attacker
could use this to bypass access controls on resources outside the
namespace. (CVE-2018-18955)

Philipp Wendler discovered that the overlayfs implementation in the Linux
kernel did not properly verify the directory contents permissions from
within a unprivileged user namespace. A local attacker could use this to
expose sensitive information (protected file names). (CVE-2018-6559)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
linux-image-4.18.0-1004-gcp 4.18.0-1004.5
linux-image-4.18.0-1005-kvm 4.18.0-1005.5
linux-image-4.18.0-1007-raspi2 4.18.0-1007.9
linux-image-4.18.0-12-generic 4.18.0-12.13
linux-image-4.18.0-12-generic-lpae 4.18.0-12.13
linux-image-4.18.0-12-lowlatency 4.18.0-12.13
linux-image-4.18.0-12-snapdragon 4.18.0-12.13
linux-image-gcp 4.18.0.1004.4
linux-image-generic 4.18.0.12.13
linux-image-generic-lpae 4.18.0.12.13
linux-image-gke 4.18.0.1004.4
linux-image-kvm 4.18.0.1005.5
linux-image-lowlatency 4.18.0.12.13
linux-image-raspi2 4.18.0.1007.4
linux-image-snapdragon 4.18.0.12.13

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/usn/usn-3835-1
CVE-2018-17972, CVE-2018-18281, CVE-2018-18445, CVE-2018-18653,
CVE-2018-18955, CVE-2018-6559

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.18.0-12.13
https://launchpad.net/ubuntu/+source/linux-gcp/4.18.0-1004.5
https://launchpad.net/ubuntu/+source/linux-kvm/4.18.0-1005.5
https://launchpad.net/ubuntu/+source/linux-raspi2/4.18.0-1007.9

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAlwFj/gACgkQLwmejQBe
gfR/RBAAhmPczNivnNHCwJLptzpeOxe/7wBoSHNXN2RvwyEpe12Wd5pSG1VC8mOQ
NJ5fI8UAWDCmhizznEJGMqmeb4faTu9V+YENZHNX26G97xDp29HityGtaXCrKC6w
Sk1h3xVjMqaWVPaFOASJzTarPMpaXZNwXNytBqCcMnvq0efR55MHzh1yrSnAPiL7
i9he/Isx/OyYjiCDbVlggM1Ggu26TPc8VAXf1uZEfdnMOzJMjjHiT68ipyFU6axb
YRIaXpRxcMvZ7qmIX/yUFOBYS3l2euVuks2SyNxGCYMajnsiGdhMz1MRDQ2CepbI
oHxr/4UgcRiTNaKzVpJQRb6BkIgJF44TIk4cs2/HkZ6lyRXn8a6mhqKppB5hvf2n
A9auSrcloSWXdeeHbyHf1bqN5c/GhFmp6CbzqlqWAKe0BdxosTGXD9rk+BfkdjYJ
na62G1ZXWkCGAWKejLMsI00UzONxNf6SAHbnJFizMRdkNkIX8daHUyiQQ/lP46BU
n2CPV8nRPR7/tMtHMZjaO6dbw7q1Wk5w1IWfhrbmstfnkDqXfWDQg0DGvCDW1K0h
qgj9gBLWjaQQOeLiSfsDDAqbm34kmOcb+kAOVqrG8m0f2rJfwHU9crUUQdOYcfHy
HgSFacK4FIn9ft4JK0fHJMNMEeiHxy8p+16ylQ57tcBTDNm4J8U=
=yr5H
—–END PGP SIGNATURE——-

==========================================================================
Ubuntu Security Notice USN-3836-2
December 04, 2018

linux-hwe, linux-gcp vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
– linux-hwe: Linux hardware enablement (HWE) kernel

Details:

USN-3836-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu
16.04 LTS.

Jann Horn discovered that the Linux kernel mishandles mapping UID or GID
ranges inside nested user namespaces in some situations. A local attacker
could use this to bypass access controls on resources outside the
namespace. (CVE-2018-18955)

Philipp Wendler discovered that the overlayfs implementation in the Linux
kernel did not properly verify the directory contents permissions from
within a unprivileged user namespace. A local attacker could use this to
expose sensitive information (protected file names). (CVE-2018-6559)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.15.0-1025-gcp 4.15.0-1025.26~16.04.1
linux-image-4.15.0-42-generic 4.15.0-42.45~16.04.1
linux-image-4.15.0-42-generic-lpae 4.15.0-42.45~16.04.1
linux-image-4.15.0-42-lowlatency 4.15.0-42.45~16.04.1
linux-image-gcp 4.15.0.1025.39
linux-image-generic-hwe-16.04 4.15.0.42.63
linux-image-generic-lpae-hwe-16.04 4.15.0.42.63
linux-image-gke 4.15.0.1025.39
linux-image-lowlatency-hwe-16.04 4.15.0.42.63
linux-image-oem 4.15.0.42.63

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/usn/usn-3836-2
https://usn.ubuntu.com/usn/usn-3836-1
CVE-2018-18955, CVE-2018-6559

Package Information:
https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1025.26~16.04.1
https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-42.45~16.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAlwGDYsACgkQLwmejQBe
gfR+DQ/9GU6i3ui4dF5qw9MMt/4a/PzsBU/Q+q4GVhKauYMKPplmSbPmRC4O/TzP
281EEdbWTG57bYvGc4gc6P/PuW2B8i0C8iVLwg6HoownIYw1wfB/cR0Y3oqajCep
XAMHwJrLGGE4EK1JS4dVb2L1648gf+ctbUC9u/DIjleMApzDqA2FxQwVbHsOZiIs
roPqLD4W+2wLkyDirKszkojOYLgblAq56d8UmZheQPpFnhjoaxqrAOZOL1u0+SA8
atcaoTNd7fChXVBaIt1+0y/pCnDzCPBtCd2IjE2R9tmk3tiEXCHZas4JwiL+eKMZ
/sDLv6VEfHd3QY10nyRbphOChPyK/NewvFLXOVex155Un/BbodE8wHyMRYBcj5GJ
akbOymHdb7S61vEhJdPIkIYMab2d2MK7DSOVr4WWdA5csxocouSyUWjUO6etEtsf
YcGs4kQaqJlUsOjwOq3r91r0OWqnj3tRTX6kvlz9rKRfZiDmwW30S39fVRy2eCgB
GQKPv/wna4P/942Id4R/8STh4sRDj2lg96t/TftVgkNsRoHXN0cbEWTVWMn62gm3
GW51uXC5r0MQv7yhE3mIxQBNH+VgXVGLASeNB/wFZ6J+YtQClAv51ZPrziEY4kY5
LcsLp9mZ6PkvuSQq4seJuCek1wQvOfNzm4GvjIr8+Br4yfchkSs=
=ao/1
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce