usn.ubuntu.com

Merge ~bromer/usn.ubuntu.com/+git/lsn:lsn into usn.ubuntu.com:master

  1. Git
  2. lp:~bromer/usn.ubuntu.com/+git/lsn
  3. lsn
  4. Merge into master
Proposed by Ben Romer
Status: Merged
Merged at revision: 82fa605613bbbe46eff60b0845ae7214e26b8cb3
Proposed branch: ~bromer/usn.ubuntu.com/+git/lsn:lsn
Merge into: usn.ubuntu.com:master
Diff against target: 103 lines (+97/-0)
1 file modified
content/lsn/0073-1.md (+97/-0)
Reviewer Review Type Date Requested Status
USN Website Team Pending
Review via email: mp+392706@code.launchpad.net
To post a comment you must log in.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/content/lsn/0073-1.md b/content/lsn/0073-1.md
2new file mode 100644
3index 0000000..0c43350
4--- /dev/null
5+++ b/content/lsn/0073-1.md
6@@ -0,0 +1,97 @@
7+---
8+title: "LSN-0073-1: Kernel Live Patch Security Notice"
9+permalink: /lsn/0073-1/index.html
10+releases: [ubuntu-20.04-lts,ubuntu-18.04-lts]
11+date: 2020-10-23 09:23:57
12+description: "Several security issues were fixed in the kernel."
13+---
14+
15+## Linux kernel vulnerabilities
16+
17+A security issue affects these releases of Ubuntu and its derivatives:
18+
19+* Ubuntu 18.04 LTS
20+* Ubuntu 20.04 LTS
21+
22+### Summary
23+
24+Several security issues were fixed in the kernel.
25+
26+### Software Description
27+
28+* linux - Linux kernel
29+* linux-aws - Linux kernel for Amazon Web Services (AWS) systems
30+* linux-azure - Linux kernel for Microsoft Azure Cloud systems
31+* linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
32+* linux-oem - Linux kernel for OEM systems
33+
34+### Details
35+
36+Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
37+kernel contained a type-confusion error. A physically proximate remote
38+attacker could use this to cause a denial of service (system crash) or
39+possibly execute arbitrary code. (CVE-2020-12351)
40+
41+Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
42+kernel did not properly initialize memory in some situations. A physically
43+proximate remote attacker could use this to expose sensitive information
44+(kernel memory). (CVE-2020-12352)
45+
46+Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
47+Linux kernel did not properly handle event advertisements of certain sizes,
48+leading to a heap-based buffer overflow. A physically proximate remote
49+attacker could use this to cause a denial of service (system crash) or
50+possibly execute arbitrary code. (CVE-2020-24490)
51+
52+## Update instructions
53+
54+The problem can be corrected by updating your kernel livepatch to the following
55+versions:
56+
57+Ubuntu 18.04 LTS
58+: aws - 73.1
59+: generic - 73.1
60+: lowlatency - 73.1
61+: oem - 73.1
62+
63+Ubuntu 20.04 LTS
64+: aws - 73.1
65+: azure - 73.1
66+: gcp - 73.1
67+: generic - 73.1
68+: lowlatency - 73.1
69+
70+## Support Information
71+
72+Kernels older than the levels listed below do not receive livepatch
73+updates. If you are running a kernel version earlier than the one listed
74+below, please upgrade your kernel as soon as possible.
75+
76+Ubuntu 18.04 LTS
77+: linux-aws - 4.15.0-1054
78+: linux-azure - 5.0.0-1025
79+: linux-gcp - 5.0.0-1025
80+: linux-oem - 4.15.0-1063
81+: linux - 4.15.0-69
82+
83+Ubuntu 20.04 LTS
84+: linux-aws - 5.4.0-1009
85+: linux-azure - 5.4.0-1010
86+: linux-gcp - 5.4.0-1009
87+: linux-oem - 5.4.0-26
88+: linux - 5.4.0-26
89+
90+Ubuntu 16.04 LTS
91+: linux-aws - 4.4.0-1098
92+: linux-azure - 4.15.0-1063
93+: linux-hwe - 4.15.0-69
94+: linux - 4.4.0-168
95+
96+Ubuntu 14.04 ESM
97+: linux-lts-xenial - 4.4.0-168
98+
99+## References
100+
101+* [CVE-2020-12351](https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12351)
102+* [CVE-2020-12352](https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12352)
103+* [CVE-2020-24490](https://people.canonical.com/~ubuntu-security/cve/CVE-2020-24490)

Subscribers

People subscribed via source and target branches