usn.ubuntu.com

Merge ~bromer/usn.ubuntu.com/+git/lsn:lsn into usn.ubuntu.com:master

  1. Git
  2. lp:~bromer/usn.ubuntu.com/+git/lsn
  3. lsn
  4. Merge into master
Proposed by Ben Romer
Status: Merged
Merged at revision: 4124a948e51749d3024fe32f69d595b10b584c9c
Proposed branch: ~bromer/usn.ubuntu.com/+git/lsn:lsn
Merge into: usn.ubuntu.com:master
Diff against target: 141 lines (+135/-0)
1 file modified
content/lsn/0072-1.md (+135/-0)
Reviewer Review Type Date Requested Status
USN Website Team Pending
Review via email: mp+392240@code.launchpad.net

Commit message

New livepatch, released yesterday.

To post a comment you must log in.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/content/lsn/0072-1.md b/content/lsn/0072-1.md
2new file mode 100644
3index 0000000..6371ffe
4--- /dev/null
5+++ b/content/lsn/0072-1.md
6@@ -0,0 +1,135 @@
7+---
8+title: "LSN-0072-1: Kernel Live Patch Security Notice"
9+permalink: /lsn/0072-1/index.html
10+releases: [ubuntu-14.04-esm,ubuntu-16.04-lts,ubuntu-20.04-lts,ubuntu-18.04-lts]
11+date: 2020-10-14 12:08:21
12+description: "Several security issues were fixed in the kernel."
13+---
14+
15+## Linux kernel vulnerabilities
16+
17+A security issue affects these releases of Ubuntu and its derivatives:
18+
19+* Ubuntu 18.04 LTS
20+* Ubuntu 20.04 LTS
21+* Ubuntu 16.04 LTS
22+* Ubuntu 14.04 ESM
23+
24+### Summary
25+
26+Several security issues were fixed in the kernel.
27+
28+### Software Description
29+
30+* linux - Linux kernel
31+* linux-aws - Linux kernel for Amazon Web Services (AWS) systems
32+* linux-azure - Linux kernel for Microsoft Azure Cloud systems
33+* linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
34+* linux-oem - Linux kernel for OEM systems
35+
36+### Details
37+
38+It was discovered that the F2FS file system implementation in the Linux
39+kernel did not properly perform bounds checking on xattrs in some
40+situations. A local attacker could possibly use this to expose sensitive
41+information (kernel memory). (CVE-2020-0067)
42+
43+It was discovered that the Serial CAN interface driver in the Linux kernel
44+did not properly initialize data. A local attacker could use this to expose
45+sensitive information (kernel memory). (CVE-2020-11494)
46+
47+Mauricio Faria de Oliveira discovered that the aufs implementation in the
48+Linux kernel improperly managed inode reference counts in the
49+vfsub_dentry_open() method. A local attacker could use this vulnerability
50+to cause a denial of service. (CVE-2020-11935)
51+
52+Piotr Krysiuk discovered that race conditions existed in the file system
53+implementation in the Linux kernel. A local attacker could use this to
54+cause a denial of service (system crash). (CVE-2020-12114)
55+
56+Or Cohen discovered that the AF_PACKET implementation in the Linux kernel
57+did not properly perform bounds checking in some situations. A local
58+attacker could use this to cause a denial of service (system crash) or
59+possibly execute arbitrary code. (CVE-2020-14386)
60+
61+Hador Manor discovered that the DCCP protocol implementation in the Linux
62+kernel improperly handled socket reuse, leading to a use-after-free
63+vulnerability. A local attacker could use this to cause a denial of service
64+(system crash) or possibly execute arbitrary code. (CVE-2020-16119)
65+
66+Giuseppe Scrivano discovered that the overlay file system in the Linux
67+kernel did not properly perform permission checks in some situations. A
68+local attacker could possibly use this to bypass intended restrictions and
69+gain read access to restricted files. (CVE-2020-16120)
70+
71+## Update instructions
72+
73+The problem can be corrected by updating your kernel livepatch to the following
74+versions:
75+
76+Ubuntu 18.04 LTS
77+: aws - 72.1
78+: generic - 72.1
79+: lowlatency - 72.1
80+: oem - 72.1
81+
82+Ubuntu 20.04 LTS
83+: aws - 72.1
84+: aws - 72.2
85+: azure - 72.1
86+: azure - 72.2
87+: gcp - 72.1
88+: gcp - 72.2
89+: generic - 72.1
90+: generic - 72.2
91+: lowlatency - 72.1
92+: lowlatency - 72.2
93+
94+Ubuntu 16.04 LTS
95+: aws - 72.1
96+: generic - 72.1
97+: lowlatency - 72.1
98+
99+Ubuntu 14.04 ESM
100+: generic - 72.1
101+: lowlatency - 72.1
102+
103+## Support Information
104+
105+Kernels older than the levels listed below do not receive livepatch
106+updates. If you are running a kernel version earlier than the one listed
107+below, please upgrade your kernel as soon as possible.
108+
109+Ubuntu 18.04 LTS
110+: linux-aws - 4.15.0-1054
111+: linux-azure - 5.0.0-1025
112+: linux-gcp - 5.0.0-1025
113+: linux-oem - 4.15.0-1063
114+: linux-oracle - 5.0.0-1000
115+: linux - 4.15.0-69
116+
117+Ubuntu 20.04 LTS
118+: linux-aws - 5.4.0-1009
119+: linux-azure - 5.4.0-1010
120+: linux-gcp - 5.4.0-1009
121+: linux-oem - 5.4.0-26
122+: linux - 5.4.0-26
123+
124+Ubuntu 16.04 LTS
125+: linux-aws - 4.4.0-1098
126+: linux-azure - 4.15.0-1063
127+: linux-hwe - 4.15.0-69
128+: linux - 4.4.0-168
129+
130+Ubuntu 14.04 ESM
131+: linux-lts-xenial - 4.4.0-168
132+
133+## References
134+
135+* [CVE-2020-0067](https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0067)
136+* [CVE-2020-11494](https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11494)
137+* [CVE-2020-11935](https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11935)
138+* [CVE-2020-12114](https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12114)
139+* [CVE-2020-14386](https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14386)
140+* [CVE-2020-16119](https://people.canonical.com/~ubuntu-security/cve/CVE-2020-16119)
141+* [CVE-2020-16120](https://people.canonical.com/~ubuntu-security/cve/CVE-2020-16120)

Subscribers

People subscribed via source and target branches