usn.ubuntu.com

Merge ~bromer/usn.ubuntu.com/+git/lsn:lsn into usn.ubuntu.com:master

  1. Git
  2. lp:~bromer/usn.ubuntu.com/+git/lsn
  3. lsn
  4. Merge into master
Proposed by Ben Romer
Status: Merged
Merged at revision: e27d8a07992ad97edf1df1afe6559c252c46f2b9
Proposed branch: ~bromer/usn.ubuntu.com/+git/lsn:lsn
Merge into: usn.ubuntu.com:master
Diff against target: 78 lines (+72/-0)
1 file modified
content/lsn/0071-1.md (+72/-0)
Reviewer Review Type Date Requested Status
Alex Murray Approve
Review via email: mp+390560@code.launchpad.net

Description of the change

The LSN has additional information in it this time as livepatching 5.4 has been difficult. I intend to do a second LSN when we have working patches or give up and decide that a reboot is really necessary for 5.4.

To post a comment you must log in.
Revision history for this message
Alex Murray (alexmurray) wrote :

LGTM - thanks!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/content/lsn/0071-1.md b/content/lsn/0071-1.md
0new file mode 1006440new file mode 100644
index 0000000..e31a286
--- /dev/null
+++ b/content/lsn/0071-1.md
@@ -0,0 +1,72 @@
1---
2title: "LSN-0071-1: Kernel Live Patch Security Notice"
3permalink: /lsn/0071-1/index.html
4releases: [ubuntu-18.04-lts]
5date: 2020-09-10 09:49:49
6description: "Several security issues were fixed in the kernel."
7---
8
9## Linux kernel vulnerabilities
10
11A security issue affects these releases of Ubuntu and its derivatives:
12
13* Ubuntu 16.04 LTS
14* Ubuntu 18.04 LTS
15* Ubuntu 20.04 LTS
16
17### Summary
18
19A security issue was fixed in the 4.15 kernel. This issue affects the 5.4 kernel
20as well, but a livepatch is not yet available. While work is continuing to
21develop livepatches for all affected kernels, due to the severity of the issue,
22we are releasing patches as they become ready.
23
24### Software Description
25
26* linux - Linux kernel
27* linux-aws - Linux kernel for Amazon Web Services (AWS) systems
28* linux-oem - Linux kernel for OEM systems
29
30### Details
31
32Or Cohen discovered that the AF_PACKET implementation in the Linux kernel
33did not properly perform bounds checking in some situations. A local
34attacker could use this to cause a denial of service (system crash) or
35possibly execute arbitrary code. (CVE-2020-14386)
36
37## Update instructions
38
39The problem can be corrected by updating your kernel livepatch to the following
40versions:
41
42Ubuntu 18.04 LTS
43: aws - 71.1
44: generic - 71.1
45: lowlatency - 71.1
46: oem - 71.1
47
48A mitigation is available if your kernel is affected, did not yet receive a
49livepatch, and rebooting into the most recently released kernel is not
50practical. If your system does not require the use of unprivileged user
51namespaces, you may disable them and mitigate the problem using the following
52command:
53
54 sudo sysctl kernel.unprivileged_userns_clone=0
55
56## Support Information
57
58Kernels older than the levels listed below do not receive livepatch
59updates. If you are running a kernel version earlier than the one listed
60below, please upgrade your kernel as soon as possible.
61
62Ubuntu 18.04 LTS
63: linux-aws - 4.15.0-1054
64: linux-oem - 4.15.0-1063
65: linux - 4.15.0-69
66
67Ubuntu 16.04 LTS
68: linux-azure - 4.15.0-1063
69
70## References
71
72* [CVE-2020-14386](https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14386)

Subscribers

People subscribed via source and target branches