• Linux kernel (HWE) vulnerability

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Wed Jan 29 05:10:04 2020
    linux-hwe vulnerability

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 18.04 LTS

    Summary

    he Linux kernel could be made to expose sensitive information.

    Software Description

    * linux-hwe - Linux hardware enablement (HWE) kernel

    Details

    USN-4253-1 fixed vulnerabilities in the Linux kernel for Ubuntu
    19.10. This update provides the corresponding updates for the
    Linux Hardware Enablement (HWE) kernel from Ubuntu 19.10 for
    Ubuntu 18.04 LTS.

    It was discovered that the Linux kernel did not properly clear
    data structures on context switches for certain Intel graphics
    processors. A local attacker could use this to expose sensitive
    information.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 18.04 LTS
    linux-image-5.3.0-28-generic - 5.3.0-28.30~18.04.1
    linux-image-5.3.0-28-generic-lpae - 5.3.0-28.30~18.04.1
    linux-image-5.3.0-28-lowlatency - 5.3.0-28.30~18.04.1
    linux-image-generic-hwe-18.04 - 5.3.0.28.96
    linux-image-generic-lpae-hwe-18.04 - 5.3.0.28.96
    linux-image-lowlatency-hwe-18.04 - 5.3.0.28.96
    linux-image-snapdragon-hwe-18.04 - 5.3.0.28.96
    linux-image-virtual-hwe-18.04 - 5.3.0.28.96

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    After a standard system update you need to reboot your computer to
    make all the necessary changes.

    ATTENTION: Due to an unavoidable ABI change the kernel updates
    have been given a new version number, which requires you to
    recompile and reinstall all third party kernel modules you might
    have installed. Unless you manually uninstalled the standard
    kernel metapackages (e.g. linux-generic,
    linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a
    standard system upgrade will automatically perform this as well.

    References

    * USN-4253-1
    * CVE-2019-14615

    --- Mystic BBS v1.12 A43 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Tue Mar 17 04:10:05 2020
    linux-lts-xenial, linux-aws vulnerability

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 14.04 ESM

    Summary

    The system could be made to expose sensitive information.

    Software Description

    * linux-aws - Linux kernel for Amazon Web Services (AWS) systems
    * linux-lts-xenial - Linux hardware enablement kernel from
    Xenial for Trusty

    Details

    USN-4303-1 fixed vulnerabilities in the Linux kernel for Ubuntu
    16.04 LTS. This update provides the corresponding updates for the
    Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for
    Ubuntu 14.04 ESM.

    Paulo Bonzini discovered that the KVM hypervisor implementation in
    the Linux kernel could improperly let a nested (level 2) guest
    access the resources of a parent (level 1) guest in certain
    situations. An attacker could use this to expose sensitive
    information.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 14.04 ESM
    linux-image-4.4.0-1064-aws - 4.4.0-1064.68
    linux-image-4.4.0-176-generic - 4.4.0-176.206~14.04.1
    linux-image-4.4.0-176-generic-lpae - 4.4.0-176.206~14.04.1
    linux-image-4.4.0-176-lowlatency - 4.4.0-176.206~14.04.1
    linux-image-4.4.0-176-powerpc-e500mc -
    4.4.0-176.206~14.04.1
    linux-image-4.4.0-176-powerpc-smp - 4.4.0-176.206~14.04.1
    linux-image-4.4.0-176-powerpc64-emb -
    4.4.0-176.206~14.04.1
    linux-image-4.4.0-176-powerpc64-smp -
    4.4.0-176.206~14.04.1
    linux-image-aws - 4.4.0.1064.65
    linux-image-generic-lpae-lts-xenial - 4.4.0.176.155
    linux-image-generic-lts-xenial - 4.4.0.176.155
    linux-image-lowlatency-lts-xenial - 4.4.0.176.155
    linux-image-powerpc-e500mc-lts-xenial - 4.4.0.176.155
    linux-image-powerpc-smp-lts-xenial - 4.4.0.176.155
    linux-image-powerpc64-emb-lts-xenial - 4.4.0.176.155
    linux-image-powerpc64-smp-lts-xenial - 4.4.0.176.155
    linux-image-virtual-lts-xenial - 4.4.0.176.155

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    After a standard system update you need to reboot your computer to
    make all the necessary changes.

    ATTENTION: Due to an unavoidable ABI change the kernel updates
    have been given a new version number, which requires you to
    recompile and reinstall all third party kernel modules you might
    have installed. Unless you manually uninstalled the standard
    kernel metapackages (e.g. linux-generic,
    linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a
    standard system upgrade will automatically perform this as well.

    References

    * USN-4303-1
    * CVE-2020-2732

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)