usn.ubuntu.com

Merge ~bromer/usn.ubuntu.com/+git/lsn:lsn into usn.ubuntu.com:master

  1. Git
  2. lp:~bromer/usn.ubuntu.com/+git/lsn
  3. lsn
  4. Merge into master
Proposed by Ben Romer
Status: Merged
Merged at revision: 791fb2983392fff746d82e5640ba5fc309e12ea9
Proposed branch: ~bromer/usn.ubuntu.com/+git/lsn:lsn
Merge into: usn.ubuntu.com:master
Diff against target: 102 lines (+96/-0)
1 file modified
content/lsn/0070-1.md (+96/-0)
Reviewer Review Type Date Requested Status
Steve Beattie Approve
Review via email: mp+389713@code.launchpad.net

Commit message

Update for Livepatch 70.1

To post a comment you must log in.
Revision history for this message
Steve Beattie (sbeattie) wrote :

Thanks, merged and published to https://usn.ubuntu.com/lsn/0070-1/

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/content/lsn/0070-1.md b/content/lsn/0070-1.md
2new file mode 100644
3index 0000000..4eaf32f
4--- /dev/null
5+++ b/content/lsn/0070-1.md
6@@ -0,0 +1,96 @@
7+---
8+title: "LSN-0070-1: Kernel Live Patch Security Notice"
9+permalink: /lsn/0070-1/index.html
10+releases: [ubuntu-14.04-esm,ubuntu-16.04-lts,ubuntu-20.04-lts,ubuntu-18.04-lts]
11+date: 2020-08-17 09:58:16
12+description: "Several security issues were fixed in the kernel."
13+---
14+
15+## Linux kernel vulnerabilities
16+
17+A security issue affects these releases of Ubuntu and its derivatives:
18+
19+* Ubuntu 18.04 LTS
20+* Ubuntu 20.04 LTS
21+* Ubuntu 16.04 LTS
22+* Ubuntu 14.04 ESM
23+
24+### Summary
25+
26+A security issue was fixed in the kernel.
27+
28+### Software Description
29+
30+* linux - Linux kernel
31+* linux-aws - Linux kernel for Amazon Web Services (AWS) systems
32+* linux-azure - Linux kernel for Microsoft Azure Cloud systems
33+* linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
34+* linux-oem - Linux kernel for OEM systems
35+
36+### Details
37+
38+Mauricio Faria de Oliveira discovered that the aufs implementation in the
39+Linux kernel improperly managed inode reference counts in the
40+vfsub_dentry_open() method. A local attacker could use this vulnerability
41+to cause a denial of service. (CVE-2020-11935)
42+
43+## Update instructions
44+
45+The problem can be corrected by updating your kernel livepatch to the following
46+versions:
47+
48+Ubuntu 18.04 LTS
49+: aws - 70.1
50+: generic - 70.1
51+: lowlatency - 70.1
52+: oem - 70.1
53+
54+Ubuntu 20.04 LTS
55+: aws - 70.1
56+: azure - 70.1
57+: gcp - 70.1
58+: generic - 70.1
59+: lowlatency - 70.1
60+
61+Ubuntu 16.04 LTS
62+: aws - 70.1
63+: azure - 70.1
64+: generic - 70.1
65+: lowlatency - 70.1
66+
67+Ubuntu 14.04 ESM
68+: generic - 70.1
69+: lowlatency - 70.1
70+
71+## Support Information
72+
73+Kernels older than the levels listed below do not receive livepatch
74+updates. If you are running a kernel version earlier than the one listed
75+below, please upgrade your kernel as soon as possible.
76+
77+Ubuntu 18.04 LTS
78+: linux-aws - 4.15.0-1054
79+: linux-azure - 5.0.0-1025
80+: linux-gcp - 5.0.0-1025
81+: linux-oem - 4.15.0-1063
82+: linux - 4.15.0-69
83+
84+Ubuntu 20.04 LTS
85+: linux-aws - 5.4.0-1009
86+: linux-azure - 5.4.0-1010
87+: linux-gcp - 5.4.0-1009
88+: linux-oem - 5.4.0-26
89+: linux - 5.4.0-26
90+
91+Ubuntu 16.04 LTS
92+: linux-aws - 4.4.0-1098
93+: linux-azure - 4.15.0-1063
94+: linux-hwe - 4.15.0-69
95+: linux - 4.4.0-168
96+
97+Ubuntu 14.04 ESM
98+: linux-lts-xenial - 4.4.0-168
99+
100+## References
101+
102+* [CVE-2020-11935](https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11935)

Subscribers

People subscribed via source and target branches