Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Linux
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Linux
ID: USN-4258-1
Distribution: Ubuntu
Plattformen: Ubuntu 18.04 LTS
Datum: Mi, 29. Januar 2020, 07:33
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19082
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15291
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19062
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19767
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19332
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19077
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18683
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18885
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19079
Applikationen: Linux

Originalnachricht


--===============5429019196174805871==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="qoTlaiD+Y2fIM3Ll"
Content-Disposition: inline


--qoTlaiD+Y2fIM3Ll
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-4258-1
January 29, 2020

linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-oracle-5.0 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-aws-5.0: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gke-5.0: Linux kernel for Google Container Engine (GKE) systems
- linux-oracle-5.0: Linux kernel for Oracle Cloud systems

Details:

It was discovered that the Atheros 802.11ac wireless USB device driver in
the Linux kernel did not properly validate device metadata. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2019-15099)

It was discovered that a race condition existed in the Virtual Video Test
Driver in the Linux kernel. An attacker with write access to /dev/video0 on
a system with the vivid module loaded could possibly use this to gain
administrative privileges. (CVE-2019-18683)

It was discovered that the btrfs file system in the Linux kernel did not
properly validate metadata, leading to a NULL pointer dereference. An
attacker could use this to specially craft a file system image that, when
mounted, could cause a denial of service (system crash). (CVE-2019-18885)

It was discovered that the crypto subsystem in the Linux kernel did not
properly deallocate memory in certain error conditions. A local attacker
could use this to cause a denial of service (kernel memory exhaustion).
(CVE-2019-19050, CVE-2019-19062)

It was discovered that the RSI 91x WLAN device driver in the Linux kernel
did not properly deallocate memory in certain error conditions. A local
attacker could use this to cause a denial of service (kernel memory
exhaustion). (CVE-2019-19071)

It was discovered that the Broadcom Netxtreme HCA device driver in the
Linux kernel did not properly deallocate memory in certain error
conditions. A local attacker could possibly use this to cause a denial of
service (kernel memory exhaustion). (CVE-2019-19077)

It was discovered that the Atheros 802.11ac wireless USB device driver in
the Linux kernel did not properly deallocate memory in certain error
conditions. A local attacker could possibly use this to cause a denial of
service (kernel memory exhaustion). (CVE-2019-19078)

It was discovered that the Qualcomm IPC Router TUN device driver in the
Linux kernel did not properly deallocate memory in certain situations. A
local attacker could possibly use this to cause a denial of service (kernel
memory exhaustion). (CVE-2019-19079)

It was discovered that the AMD GPU device drivers in the Linux kernel did
not properly deallocate memory in certain error conditions. A local
attacker could use this to possibly cause a denial of service (kernel
memory exhaustion). (CVE-2019-19082)

Dan Carpenter discovered that the AppleTalk networking subsystem of the
Linux kernel did not properly handle certain error conditions, leading to a
NULL pointer dereference. A local attacker could use this to cause a denial
of service (system crash). (CVE-2019-19227)

Or Cohen discovered that the virtual console subsystem in the Linux kernel
did not properly restrict writes to unimplemented vcsu (unicode) devices. A
local attacker could possibly use this to cause a denial of service (system
crash) or have other unspecified impacts. (CVE-2019-19252)

It was discovered that the KVM hypervisor implementation in the Linux
kernel did not properly handle ioctl requests to get emulated CPUID
features. An attacker with access to /dev/kvm could use this to cause a
denial of service (system crash). (CVE-2019-19332)

It was discovered that the ext4 file system implementation in the Linux
kernel did not properly handle certain conditions. An attacker could use
this to specially craft an ext4 file system that, when mounted, could cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2019-19767)

It was discovered that the B2C2 FlexCop USB device driver in the Linux
kernel did not properly validate device metadata. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2019-15291)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
linux-image-5.0.0-1010-oracle 5.0.0-1010.15~18.04.1
linux-image-5.0.0-1024-aws 5.0.0-1024.27~18.04.1
linux-image-5.0.0-1029-gcp 5.0.0-1029.30~18.04.1
linux-image-5.0.0-1029-gke 5.0.0-1029.30~18.04.1
linux-image-aws-edge 5.0.0.1024.38
linux-image-gcp 5.0.0.1029.33
linux-image-gke-5.0 5.0.0.1029.17
linux-image-oracle-edge 5.0.0.1010.9

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4258-1
CVE-2019-15099, CVE-2019-15291, CVE-2019-18683, CVE-2019-18885,
CVE-2019-19050, CVE-2019-19062, CVE-2019-19071, CVE-2019-19077,
CVE-2019-19078, CVE-2019-19079, CVE-2019-19082, CVE-2019-19227,
CVE-2019-19252, CVE-2019-19332, CVE-2019-19767

Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-5.0/5.0.0-1024.27~18.04.1
https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1029.30~18.04.1
https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1029.30~18.04.1
https://launchpad.net/ubuntu/+source/linux-oracle-5.0/5.0.0-1010.15~18.04.1


--qoTlaiD+Y2fIM3Ll
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl4w2Q4ACgkQLwmejQBe
gfQMQQ/8D+TF25ljSriUGnmhclzYjwHxwAFpHJQXzD9TqW5pFrEbKGiUFEudSr2y
IjFAk1ngpkQHqEJ27TKU5sPHUEYd3ZZ8pZUPss2XgdVaHJGSiQZe0dqqOi4eWg5C
o7rrIiV2P62xajQWhZaLK3X/DDdQ9GmBmHWRUASsubuvm2mabDwjBP4S9qNtsfSj
kjow6rhxEfToeNFnssvUKpyf7HNs20RUkNWfHg3favntXho7QYZ+yC1bkqHSVFCb
keIiPr16kY2CdGkIj25hEq8AsKNy8or1/QUpEQ2BGR93cOQ5Q7B1vBcQuFdN+BMQ
Nub3FB3GE+WdJ7CEtXsXow7kyItBDPZkx8Yz+nSXilT9hcnnc5LGHAl2/vAwCXSd
EcjcFsufx8wT0CCurNsAkUaO0TQfXWhfIT8rfLBJ3zUlLYS4y/rUWYFY90yY64By
Dx5UNrQBX4494CtxWG2DmYeS/LrBuYzenkmv39XUVCs9I81AMSGRGuASs5n84wz4
YwMSpdmk1oyw5bCemepRlxn6NH0YjM6YTNWTi9/uTRVhIVbHM9JcFY6oBabuKOFT
oYdCt9kaXmCbVyi6kapdyQ430PCPOe7GI0IscMwtv69m3JA1yVy1FVR61VxG3rQh
dCeziTDXiOTgWXnNzB4SoN6xOGdmOPeMzQ5N0Z1hd3iHHxjVp/U=
=okwn
-----END PGP SIGNATURE-----

--qoTlaiD+Y2fIM3Ll--


--===============5429019196174805871==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung