Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in linux
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in linux
ID: USN-4465-1
Distribution: Ubuntu
Plattformen: Ubuntu 18.04 LTS
Datum: Mi, 19. August 2020, 06:34
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12771
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15393
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12655
Applikationen: Linux

Originalnachricht


--===============8021828222775891463==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="k4f25fnPtRuIRUb3"
Content-Disposition: inline


--k4f25fnPtRuIRUb3
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-4465-1
August 19, 2020

linux-hwe, linux-azure-5.3, linux-gke-5.3, vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure-5.3: Linux kernel for microsoft azure cloud systems
- linux-gke-5.3: Linux kernel for Google Container Engine (GKE) systems
- linux-hwe: Linux hardware enablement (HWE) kernel

Details:

It was discovered that the XFS file system implementation in the Linux
kernel did not properly validate meta data in some circumstances. An
attacker could use this to construct a malicious XFS image that, when
mounted, could cause a denial of service. (CVE-2020-12655)

It was discovered that the bcache subsystem in the Linux kernel did not
properly release a lock in some error conditions. A local attacker could
possibly use this to cause a denial of service. (CVE-2020-12771)

Kyungtae Kim discovered that the USB testing driver in the Linux kernel did
not properly deallocate memory on disconnect events. A physically proximate
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2020-15393)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
linux-image-5.3.0-1033-gke 5.3.0-1033.35
linux-image-5.3.0-1035-azure 5.3.0-1035.36
linux-image-5.3.0-65-generic 5.3.0-65.59
linux-image-5.3.0-65-lowlatency 5.3.0-65.59
linux-image-azure 5.3.0.1035.31
linux-image-gke-5.3 5.3.0.1033.18
linux-image-gkeop-5.3 5.3.0.65.121

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4465-1
CVE-2020-12655, CVE-2020-12771, CVE-2020-15393

Package Information:
https://launchpad.net/ubuntu/+source/linux-azure-5.3/5.3.0-1035.36
https://launchpad.net/ubuntu/+source/linux-gke-5.3/5.3.0-1033.35
https://launchpad.net/ubuntu/+source/linux-hwe/5.3.0-65.59


--k4f25fnPtRuIRUb3
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl88kUoACgkQLwmejQBe
gfT+Fw//RFNsAxwnVCgnKodbYoWwROjUtrn4Qwx1PG10w1qKDGlKor/yBkQGvKyj
GAhtpyH80+LfYtG3k2uwtokE8L6/WgcG9qQnYQIe94Y6twYRTxAg+X69HtIXeUNR
9TDco5cKoqObCkWyzcYg8i+fCpEv2Vbf93sqQ8ZHAdbXIbSEt3Q+14SPi/Og19+R
y1e0DKHS3IhauRAg2nw4Dgtn/l7jpVno2LNBPqOdTnk6YmkseM/q+4SjO18BmzNt
mLtq4MYnsF871JsQ4HcLkdqogdEzrck4w8a16YjXbfyJlckxCwmX4DcmjsIO5XTA
nZqWrVxAlxhHdDNpvN30ZU2xM20PI4T63gbW3xKfzMP6VhoQzLZEkes+hwRyQ38C
y1oStrqjLvxsbuIaceb49i6qWluRJiqRZd+6WvPHWgOtJ0fpymqY+Xu5Eec4VW6v
Yry7SPo+TQ0nLHBbIDnsotdI2uRXjoG8lI0AsFgrt4smcrUeKEBZYfoUwofkOLW8
6HyzrOmIn9hSwK8lK6Obxr6BsUBdMGeVdOv3c/DBzIPp4hBI97Sq4vZ0+TAJV8J4
3DzGqDOT7DvYiYsOG75nHyOEinFfWAzng5PyQuXMKnslepIk9hy23BWO5KHwOXmR
vA2TmaoHikC8pvVJ4mrxEVQ4hc9ueBqfo7b756Ia941N7yZuItI=
=d9PV
-----END PGP SIGNATURE-----

--k4f25fnPtRuIRUb3--


--===============8021828222775891463==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung