- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LUB
==========================================================================
Ubuntu Security Notice USN-4465-1
August 19, 2020
linux-hwe, linux-azure-5.3, linux-gke-5.3, vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
– linux-azure-5.3: Linux kernel for microsoft azure cloud systems
– linux-gke-5.3: Linux kernel for Google Container Engine (GKE) systems
– linux-hwe: Linux hardware enablement (HWE) kernel
Details:
It was discovered that the XFS file system implementation in the Linux
kernel did not properly validate meta data in some circumstances. An
attacker could use this to construct a malicious XFS image that, when
mounted, could cause a denial of service. (CVE-2020-12655)
It was discovered that the bcache subsystem in the Linux kernel did not
properly release a lock in some error conditions. A local attacker could
possibly use this to cause a denial of service. (CVE-2020-12771)
Kyungtae Kim discovered that the USB testing driver in the Linux kernel did
not properly deallocate memory on disconnect events. A physically proximate
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2020-15393)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
linux-image-5.3.0-1033-gke 5.3.0-1033.35
linux-image-5.3.0-1035-azure 5.3.0-1035.36
linux-image-5.3.0-65-generic 5.3.0-65.59
linux-image-5.3.0-65-lowlatency 5.3.0-65.59
linux-image-azure 5.3.0.1035.31
linux-image-gke-5.3 5.3.0.1033.18
linux-image-gkeop-5.3 5.3.0.65.121
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4465-1
CVE-2020-12655, CVE-2020-12771, CVE-2020-15393
Package Information:
https://launchpad.net/ubuntu/+source/linux-azure-5.3/5.3.0-1035.36
https://launchpad.net/ubuntu/+source/linux-gke-5.3/5.3.0-1033.35
https://launchpad.net/ubuntu/+source/linux-hwe/5.3.0-65.59
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl88kUoACgkQLwmejQBe
gfT+Fw//RFNsAxwnVCgnKodbYoWwROjUtrn4Qwx1PG10w1qKDGlKor/yBkQGvKyj
GAhtpyH80+LfYtG3k2uwtokE8L6/WgcG9qQnYQIe94Y6twYRTxAg+X69HtIXeUNR
9TDco5cKoqObCkWyzcYg8i+fCpEv2Vbf93sqQ8ZHAdbXIbSEt3Q+14SPi/Og19+R
y1e0DKHS3IhauRAg2nw4Dgtn/l7jpVno2LNBPqOdTnk6YmkseM/q+4SjO18BmzNt
mLtq4MYnsF871JsQ4HcLkdqogdEzrck4w8a16YjXbfyJlckxCwmX4DcmjsIO5XTA
nZqWrVxAlxhHdDNpvN30ZU2xM20PI4T63gbW3xKfzMP6VhoQzLZEkes+hwRyQ38C
y1oStrqjLvxsbuIaceb49i6qWluRJiqRZd+6WvPHWgOtJ0fpymqY+Xu5Eec4VW6v
Yry7SPo+TQ0nLHBbIDnsotdI2uRXjoG8lI0AsFgrt4smcrUeKEBZYfoUwofkOLW8
6HyzrOmIn9hSwK8lK6Obxr6BsUBdMGeVdOv3c/DBzIPp4hBI97Sq4vZ0+TAJV8J4
3DzGqDOT7DvYiYsOG75nHyOEinFfWAzng5PyQuXMKnslepIk9hy23BWO5KHwOXmR
vA2TmaoHikC8pvVJ4mrxEVQ4hc9ueBqfo7b756Ia941N7yZuItI=
=d9PV
—–END PGP SIGNATURE—–
—
| Autor | Goran Culibrk |
| Cert id | NCERT-REF-2020-08-0001-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | Adobe |
