usn.ubuntu.com

Merge ~bromer/usn.ubuntu.com/+git/lsn:lsn into usn.ubuntu.com:master

  1. Git
  2. lp:~bromer/usn.ubuntu.com/+git/lsn
  3. lsn
  4. Merge into master
Proposed by Ben Romer
Status: Merged
Merged at revision: e27d8a07992ad97edf1df1afe6559c252c46f2b9
Proposed branch: ~bromer/usn.ubuntu.com/+git/lsn:lsn
Merge into: usn.ubuntu.com:master
Diff against target: 78 lines (+72/-0)
1 file modified
content/lsn/0071-1.md (+72/-0)
Reviewer Review Type Date Requested Status
Alex Murray Approve
Review via email: mp+390560@code.launchpad.net

Description of the change

The LSN has additional information in it this time as livepatching 5.4 has been difficult. I intend to do a second LSN when we have working patches or give up and decide that a reboot is really necessary for 5.4.

To post a comment you must log in.
Revision history for this message
Alex Murray (alexmurray) wrote :

LGTM - thanks!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/content/lsn/0071-1.md b/content/lsn/0071-1.md
2new file mode 100644
3index 0000000..e31a286
4--- /dev/null
5+++ b/content/lsn/0071-1.md
6@@ -0,0 +1,72 @@
7+---
8+title: "LSN-0071-1: Kernel Live Patch Security Notice"
9+permalink: /lsn/0071-1/index.html
10+releases: [ubuntu-18.04-lts]
11+date: 2020-09-10 09:49:49
12+description: "Several security issues were fixed in the kernel."
13+---
14+
15+## Linux kernel vulnerabilities
16+
17+A security issue affects these releases of Ubuntu and its derivatives:
18+
19+* Ubuntu 16.04 LTS
20+* Ubuntu 18.04 LTS
21+* Ubuntu 20.04 LTS
22+
23+### Summary
24+
25+A security issue was fixed in the 4.15 kernel. This issue affects the 5.4 kernel
26+as well, but a livepatch is not yet available. While work is continuing to
27+develop livepatches for all affected kernels, due to the severity of the issue,
28+we are releasing patches as they become ready.
29+
30+### Software Description
31+
32+* linux - Linux kernel
33+* linux-aws - Linux kernel for Amazon Web Services (AWS) systems
34+* linux-oem - Linux kernel for OEM systems
35+
36+### Details
37+
38+Or Cohen discovered that the AF_PACKET implementation in the Linux kernel
39+did not properly perform bounds checking in some situations. A local
40+attacker could use this to cause a denial of service (system crash) or
41+possibly execute arbitrary code. (CVE-2020-14386)
42+
43+## Update instructions
44+
45+The problem can be corrected by updating your kernel livepatch to the following
46+versions:
47+
48+Ubuntu 18.04 LTS
49+: aws - 71.1
50+: generic - 71.1
51+: lowlatency - 71.1
52+: oem - 71.1
53+
54+A mitigation is available if your kernel is affected, did not yet receive a
55+livepatch, and rebooting into the most recently released kernel is not
56+practical. If your system does not require the use of unprivileged user
57+namespaces, you may disable them and mitigate the problem using the following
58+command:
59+
60+ sudo sysctl kernel.unprivileged_userns_clone=0
61+
62+## Support Information
63+
64+Kernels older than the levels listed below do not receive livepatch
65+updates. If you are running a kernel version earlier than the one listed
66+below, please upgrade your kernel as soon as possible.
67+
68+Ubuntu 18.04 LTS
69+: linux-aws - 4.15.0-1054
70+: linux-oem - 4.15.0-1063
71+: linux - 4.15.0-69
72+
73+Ubuntu 16.04 LTS
74+: linux-azure - 4.15.0-1063
75+
76+## References
77+
78+* [CVE-2020-14386](https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14386)

Subscribers

People subscribed via source and target branches