usn.ubuntu.com

Merge ~bromer/usn.ubuntu.com/+git/lsn:lsn into usn.ubuntu.com:master

  1. Git
  2. lp:~bromer/usn.ubuntu.com/+git/lsn
  3. lsn
  4. Merge into master
Proposed by Ben Romer
Status: Merged
Merged at revision: 362a550d8f62db3ba5d8972284e867638ee69cb1
Proposed branch: ~bromer/usn.ubuntu.com/+git/lsn:lsn
Merge into: usn.ubuntu.com:master
Diff against target: 89 lines (+83/-0)
1 file modified
content/lsn/0067-1.md (+83/-0)
Reviewer Review Type Date Requested Status
Steve Beattie Approve
Review via email: mp+384262@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Steve Beattie (sbeattie) wrote :

This is merged and live at https://usn.ubuntu.com/lsn/0067-1/. Thanks!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/content/lsn/0067-1.md b/content/lsn/0067-1.md
2new file mode 100644
3index 0000000..b8c8d48
4--- /dev/null
5+++ b/content/lsn/0067-1.md
6@@ -0,0 +1,83 @@
7+---
8+title: "LSN-0067-1: Kernel Live Patch Security Notice"
9+permalink: /lsn/0067-1/index.html
10+releases: [ubuntu-16.04-lts,ubuntu-18.04-lts]
11+date: 2020-05-20 08:16:48
12+description: "Several security issues were fixed in the kernel."
13+---
14+
15+## Linux kernel vulnerabilities
16+
17+A security issue affects these releases of Ubuntu and its derivatives:
18+
19+* Ubuntu 18.04 LTS
20+* Ubuntu 16.04 LTS
21+
22+### Summary
23+
24+Several security issues were fixed in the kernel.
25+
26+### Software Description
27+
28+* linux - Linux kernel
29+* linux-aws - Linux kernel for Amazon Web Services (AWS) systems
30+* linux-azure - Linux kernel for Microsoft Azure Cloud systems
31+* linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
32+* linux-oem - Linux kernel for OEM systems
33+
34+### Details
35+
36+It was discovered that the Serial CAN interface driver in the Linux kernel
37+did not properly initialize data. A local attacker could use this to expose
38+sensitive information (kernel memory). (CVE-2020-11494)
39+
40+## Update instructions
41+
42+The problem can be corrected by updating your kernel livepatch to the following
43+versions:
44+
45+Ubuntu 18.04 LTS
46+: aws - 67.1
47+: azure - 67.1
48+: gcp - 67.1
49+: generic - 67.1
50+: lowlatency - 67.1
51+: oem - 67.1
52+
53+Ubuntu 16.04 LTS
54+: aws - 67.1
55+: generic - 67.1
56+: lowlatency - 67.1
57+
58+## Support Information
59+
60+Kernels older than the levels listed below do not receive livepatch
61+updates. If you are running a kernel version earlier than the one listed
62+below, please upgrade your kernel as soon as possible.
63+
64+Ubuntu 18.04 LTS
65+: linux - 4.15.0-69
66+: linux-aws - 4.15.0-1054
67+: linux-azure - 5.0.0-1025
68+: linux-gcp - 5.0.0-1025
69+: linux-oem - 4.15.0-1063
70+
71+Ubuntu 20.04 LTS
72+: linux - 5.4.0-26
73+: linux-aws - 5.4.0-1009
74+: linux-azure - 5.4.0-1010
75+: linux-gcp - 5.4.0-1009
76+: linux-oem - 5.4.0-26
77+
78+Ubuntu 16.04 LTS
79+: linux - 4.4.0-168
80+: linux-aws - 4.4.0-1098
81+: linux-azure - 4.15.0-1063
82+: linux-hwe - 4.15.0-69
83+
84+Ubuntu 14.04 ESM
85+: linux-lts-xenial - 4.4.0-168
86+
87+## References
88+
89+* [CVE-2020-11494](https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11494)

Subscribers

People subscribed via source and target branches