-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2020.2009.3
                       Linux kernel vulnerabilities
                               12 June 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           kernel
Publisher:         Ubuntu
Operating System:  Ubuntu
Impact/Access:     Access Privileged Data          -- Remote/Unauthenticated
                   Execute Arbitrary Code/Commands -- Existing Account      
                   Denial of Service               -- Existing Account      
                   Reduced Security                -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-12826 CVE-2020-12769 CVE-2020-12659
                   CVE-2020-12654 CVE-2020-12464 CVE-2020-12114
                   CVE-2020-10751 CVE-2020-1749 CVE-2020-0543
                   CVE-2020-0067 CVE-2019-19319 

Reference:         ESB-2020.1994
                   ESB-2020.1379
                   ESB-2020.0141

Original Bulletin: 
   https://usn.ubuntu.com/4387-1/
   https://usn.ubuntu.com/4388-1/
   https://usn.ubuntu.com/4389-1/
   https://usn.ubuntu.com/4390-1/
   https://usn.ubuntu.com/4391-1/
   https://usn.ubuntu.com/4392-1/
   https://usn.ubuntu.com/4393-1/

Comment: This bulletin contains seven (7) Ubuntu security advisories.

Revision History:  June 12 2020: Vendor updated 4390-1 and 4391-1 advisories
                   June 11 2020: Vendor updated 4387-1 and 4389-1 advisories
                   June 10 2020: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

USN-4387-1: Linux kernel vulnerabilities
10 June 2020

linux, linux-aws, linux-aws-5.3, linux-azure, linux-azure-5.3, linux-gcp, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux-raspi2, linux-raspi2-5.3 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:

  o Ubuntu 19.10
  o Ubuntu 18.04 LTS

Summary

Several security issues were fixed in the Linux kernel.

Software Description

  o linux - Linux kernel
  o linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  o linux-azure - Linux kernel for Microsoft Azure Cloud systems
  o linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
  o linux-kvm - Linux kernel for cloud environments
  o linux-oracle - Linux kernel for Oracle Cloud systems
  o linux-raspi2 - Linux kernel for Raspberry Pi (V7) systems
  o linux-aws-5.3 - Linux kernel for Amazon Web Services (AWS) systems
  o linux-azure-5.3 - Linux kernel for Microsoft Azure Cloud systems
  o linux-gcp-5.3 - Linux kernel for Google Cloud Platform (GCP) systems
  o linux-gke-5.3 - Linux kernel for Google Container Engine (GKE) systems
  o linux-hwe - Linux hardware enablement (HWE) kernel
  o linux-oracle-5.3 - Linux kernel for Oracle Cloud systems
  o linux-raspi2-5.3 - Linux kernel for Raspberry Pi (V7) systems

Details

It was discovered that the F2FS file system implementation in the Linux kernel
did not properly perform bounds checking on xattrs in some situations. A local
attacker could possibly use this to expose sensitive information (kernel
memory). (CVE-2020-0067)

It was discovered that memory contents previously stored in microarchitectural
special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on
Intel client and Xeon E3 processors may be briefly exposed to processes on the
same or different processor cores. A local attacker could use this to expose
sensitive information. (CVE-2020-0543)

Piotr Krysiuk discovered that race conditions existed in the file system
implementation in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash). (CVE-2020-12114)

It was discovered that the USB susbsystem's scatter-gather implementation in
the Linux kernel did not properly take data references in some situations,
leading to a use-after-free. A physically proximate attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2020-12464)

Bui Quang Minh discovered that the XDP socket implementation in the Linux
kernel did not properly validate meta-data passed from user space, leading to
an out-of-bounds write vulnerability. A local attacker with the CAP_NET_ADMIN
capability could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12659)

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 19.10
    linux-image-5.3.0-1023-aws - 5.3.0-1023.25
    linux-image-5.3.0-1023-kvm - 5.3.0-1023.25
    linux-image-5.3.0-1024-oracle - 5.3.0-1024.26
    linux-image-5.3.0-1026-gcp - 5.3.0-1026.28
    linux-image-5.3.0-1026-raspi2 - 5.3.0-1027.29
    linux-image-5.3.0-1028-azure - 5.3.0-1028.29
    linux-image-5.3.0-59-generic - 5.3.0-59.53
    linux-image-5.3.0-59-generic-lpae - 5.3.0-59.53
    linux-image-5.3.0-59-lowlatency - 5.3.0-59.53
    linux-image-5.3.0-59-snapdragon - 5.3.0-59.53
    linux-image-aws - 5.3.0.1023.34
    linux-image-azure - 5.3.0.1028.47
    linux-image-gcp - 5.3.0.1026.37
    linux-image-generic - 5.3.0.59.49
    linux-image-generic-lpae - 5.3.0.59.49
    linux-image-gke - 5.3.0.1026.37
    linux-image-kvm - 5.3.0.1023.21
    linux-image-lowlatency - 5.3.0.59.49
    linux-image-oracle - 5.3.0.1024.40
    linux-image-raspi2 - 5.3.0.1027.25
    linux-image-snapdragon - 5.3.0.59.49
    linux-image-virtual - 5.3.0.59.49
Ubuntu 18.04 LTS
    linux-image-5.3.0-1023-aws - 5.3.0-1023.25~18.04.1
    linux-image-5.3.0-1024-oracle - 5.3.0-1024.26~18.04.1
    linux-image-5.3.0-1026-gcp - 5.3.0-1026.28~18.04.1
    linux-image-5.3.0-1026-gke - 5.3.0-1026.28~18.04.1
    linux-image-5.3.0-1026-raspi2 - 5.3.0-1027.29~18.04.1
    linux-image-5.3.0-1028-azure - 5.3.0-1028.29~18.04.1
    linux-image-5.3.0-59-generic - 5.3.0-59.53~18.04.1
    linux-image-5.3.0-59-generic-lpae - 5.3.0-59.53~18.04.1
    linux-image-5.3.0-59-lowlatency - 5.3.0-59.53~18.04.1
    linux-image-aws - 5.3.0.1023.23
    linux-image-azure - 5.3.0.1028.25
    linux-image-gcp - 5.3.0.1026.21
    linux-image-generic-hwe-18.04 - 5.3.0.59.113
    linux-image-generic-lpae-hwe-18.04 - 5.3.0.59.113
    linux-image-gke-5.3 - 5.3.0.1026.13
    linux-image-gkeop-5.3 - 5.3.0.59.113
    linux-image-lowlatency-hwe-18.04 - 5.3.0.59.113
    linux-image-oracle - 5.3.0.1024.22
    linux-image-raspi2-hwe-18.04 - 5.3.0.1027.16
    linux-image-snapdragon-hwe-18.04 - 5.3.0.59.113
    linux-image-virtual-hwe-18.04 - 5.3.0.59.113

To update your system, please follow these instructions: https://
wiki.ubuntu.com/Security/Upgrades .

Please note that the mitigation for CVE-2020-0543 requires a processor
microcode update to be applied, either from your system manufacturer or via the
intel-microcode package. The kernel update for this issue provides the ability
to disable the mitigation and to report vulnerability status.

After a standard system update you need to reboot your computer to make all the
necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given
a new version number, which requires you to recompile and reinstall all third
party kernel modules you might have installed. Unless you manually uninstalled
the standard kernel metapackages (e.g. linux-generic,
linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system
upgrade will automatically perform this as well.

References

  o CVE-2020-0067
  o CVE-2020-0543
  o CVE-2020-12114
  o CVE-2020-12464
  o CVE-2020-12659
  o https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS

- --------------------------------------------------------------------------------

USN-4388-1: Linux kernel vulnerabilities
9 June 2020

linux-gke-5.0, linux-oem-osp1 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:

  o Ubuntu 18.04 LTS

Summary

Several security issues were fixed in the Linux kernel.

Software Description

  o linux-gke-5.0 - Linux kernel for Google Container Engine (GKE) systems
  o linux-oem-osp1 - Linux kernel for OEM systems

Details

It was discovered that the F2FS file system implementation in the Linux kernel
did not properly perform bounds checking on xattrs in some situations. A local
attacker could possibly use this to expose sensitive information (kernel
memory). (CVE-2020-0067)

It was discovered that memory contents previously stored in microarchitectural
special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on
Intel client and Xeon E3 processors may be briefly exposed to processes on the
same or different processor cores. A local attacker could use this to expose
sensitive information. (CVE-2020-0543)

Piotr Krysiuk discovered that race conditions existed in the file system
implementation in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash). (CVE-2020-12114)

It was discovered that the USB susbsystem's scatter-gather implementation in
the Linux kernel did not properly take data references in some situations,
leading to a use-after-free. A physically proximate attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2020-12464)

Bui Quang Minh discovered that the XDP socket implementation in the Linux
kernel did not properly validate meta-data passed from user space, leading to
an out-of-bounds write vulnerability. A local attacker with the CAP_NET_ADMIN
capability could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12659)

Xiumei Mu discovered that the IPSec implementation in the Linux kernel did not
properly encrypt IPv6 traffic in some situations. An attacker could use this to
expose sensitive information. (CVE-2020-1749)

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 18.04 LTS
    linux-image-5.0.0-1042-gke - 5.0.0-1042.43
    linux-image-5.0.0-1059-oem-osp1 - 5.0.0-1059.64
    linux-image-gke-5.0 - 5.0.0.1042.27
    linux-image-oem-osp1 - 5.0.0.1059.58

To update your system, please follow these instructions: https://
wiki.ubuntu.com/Security/Upgrades .

Please note that the mitigation for CVE-2020-0543 requires a processor
microcode update to be applied, either from your system manufacturer or via the
intel-microcode package. The kernel update for this issue provides the ability
to disable the mitigation and to report vulnerability status.

After a standard system update you need to reboot your computer to make all the
necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given
a new version number, which requires you to recompile and reinstall all third
party kernel modules you might have installed. Unless you manually uninstalled
the standard kernel metapackages (e.g. linux-generic,
linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system
upgrade will automatically perform this as well.

References

  o CVE-2020-0067
  o CVE-2020-0543
  o CVE-2020-12114
  o CVE-2020-12464
  o CVE-2020-12659
  o CVE-2020-1749
  o https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS

- --------------------------------------------------------------------------------

USN-4389-1: Linux kernel vulnerabilities
10 June 2020

linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle, linux-raspi, linux-riscv vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:

  o Ubuntu 20.04 LTS

Summary

Several security issues were fixed in the Linux kernel.

Software Description

  o linux - Linux kernel
  o linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  o linux-azure - Linux kernel for Microsoft Azure Cloud systems
  o linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
  o linux-kvm - Linux kernel for cloud environments
  o linux-oracle - Linux kernel for Oracle Cloud systems
  o linux-raspi - Linux kernel for Raspberry Pi (V8) systems
  o linux-riscv - Linux kernel for RISC-V systems

Details

It was discovered that the F2FS file system implementation in the Linux kernel
did not properly perform bounds checking on xattrs in some situations. A local
attacker could possibly use this to expose sensitive information (kernel
memory). (CVE-2020-0067)

It was discovered that memory contents previously stored in microarchitectural
special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on
Intel client and Xeon E3 processors may be briefly exposed to processes on the
same or different processor cores. A local attacker could use this to expose
sensitive information. (CVE-2020-0543)

Piotr Krysiuk discovered that race conditions existed in the file system
implementation in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash). (CVE-2020-12114)

It was discovered that the USB susbsystem's scatter-gather implementation in
the Linux kernel did not properly take data references in some situations,
leading to a use-after-free. A physically proximate attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2020-12464)

Bui Quang Minh discovered that the XDP socket implementation in the Linux
kernel did not properly validate meta-data passed from user space, leading to
an out-of-bounds write vulnerability. A local attacker with the CAP_NET_ADMIN
capability could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12659)

Dmitry Vyukov discovered that the SELinux netlink security hook in the Linux
kernel did not validate messages in some situations. A privileged attacker
could use this to bypass SELinux netlink restrictions. (CVE-2020-10751)

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 20.04 LTS
    linux-image-5.4.0-1012-raspi - 5.4.0-1012.12
    linux-image-5.4.0-1015-aws - 5.4.0-1015.15
    linux-image-5.4.0-1015-gcp - 5.4.0-1015.15
    linux-image-5.4.0-1015-kvm - 5.4.0-1015.15
    linux-image-5.4.0-1015-oracle - 5.4.0-1015.15
    linux-image-5.4.0-1016-azure - 5.4.0-1016.16
    linux-image-5.4.0-27-generic - 5.4.0-27.31
    linux-image-5.4.0-37-generic - 5.4.0-37.41
    linux-image-5.4.0-37-generic-lpae - 5.4.0-37.41
    linux-image-5.4.0-37-lowlatency - 5.4.0-37.41
    linux-image-aws - 5.4.0.1015.16
    linux-image-azure - 5.4.0.1016.16
    linux-image-gcp - 5.4.0.1015.14
    linux-image-generic - 5.4.0.27.34
    linux-image-generic-hwe-20.04 - 5.4.0.27.34
    linux-image-generic-lpae - 5.4.0.37.40
    linux-image-generic-lpae-hwe-20.04 - 5.4.0.37.40
    linux-image-gke - 5.4.0.1015.14
    linux-image-kvm - 5.4.0.1015.14
    linux-image-lowlatency - 5.4.0.37.40
    linux-image-lowlatency-hwe-20.04 - 5.4.0.37.40
    linux-image-oem - 5.4.0.37.40
    linux-image-oem-osp1 - 5.4.0.37.40
    linux-image-oracle - 5.4.0.1015.14
    linux-image-raspi - 5.4.0.1012.12
    linux-image-raspi2 - 5.4.0.1012.12
    linux-image-virtual - 5.4.0.27.34
    linux-image-virtual-hwe-20.04 - 5.4.0.27.34

To update your system, please follow these instructions: https://
wiki.ubuntu.com/Security/Upgrades .

Please note that the mitigation for CVE-2020-0543 requires a processor
microcode update to be applied, either from your system manufacturer or via the
intel-microcode package. The kernel update for this issue provides the ability
to disable the mitigation and to report vulnerability status.

After a standard system update you need to reboot your computer to make all the
necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given
a new version number, which requires you to recompile and reinstall all third
party kernel modules you might have installed. Unless you manually uninstalled
the standard kernel metapackages (e.g. linux-generic,
linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system
upgrade will automatically perform this as well.

References

  o CVE-2020-0067
  o CVE-2020-0543
  o CVE-2020-10751
  o CVE-2020-12114
  o CVE-2020-12464
  o CVE-2020-12659
  o https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS

- --------------------------------------------------------------------------------

USN-4390-1: Linux kernel vulnerabilities
11 June 2020

linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gke-4.15, 
linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:

  o Ubuntu 18.04 LTS
  o Ubuntu 16.04 LTS
  o Ubuntu 14.04 ESM

Summary

Several security issues were fixed in the Linux kernel.

Software Description

  o linux - Linux kernel
  o linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  o linux-azure-4.15 - Linux kernel for Microsoft Azure Cloud systems
  o linux-gke-4.15 - Linux kernel for Google Container Engine (GKE) systems
  o linux-kvm - Linux kernel for cloud environments
  o linux-oem - Linux kernel for OEM systems
  o linux-oracle - Linux kernel for Oracle Cloud systems
  o linux-raspi2 - Linux kernel for Raspberry Pi (V7) systems
  o linux-snapdragon - Linux kernel for Qualcomm Snapdragon processors
  o linux-aws-hwe - Linux kernel for Amazon Web Services (AWS-HWE) systems
  o linux-azure - Linux kernel for Microsoft Azure Cloud systems
  o linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
  o linux-hwe - Linux hardware enablement (HWE) kernel

Details

It was discovered that the F2FS file system implementation in the Linux kernel
did not properly perform bounds checking on xattrs in some situations. A local
attacker could possibly use this to expose sensitive information (kernel
memory). (CVE-2020-0067)

It was discovered that memory contents previously stored in microarchitectural
special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on
Intel client and Xeon E3 processors may be briefly exposed to processes on the
same or different processor cores. A local attacker could use this to expose
sensitive information. (CVE-2020-0543)

Piotr Krysiuk discovered that race conditions existed in the file system
implementation in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash). (CVE-2020-12114)

It was discovered that the USB susbsystem's scatter-gather implementation in
the Linux kernel did not properly take data references in some situations,
leading to a use-after-free. A physically proximate attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2020-12464)

Xiumei Mu discovered that the IPSec implementation in the Linux kernel did not
properly encrypt IPv6 traffic in some situations. An attacker could use this to
expose sensitive information. (CVE-2020-1749)

Dmitry Vyukov discovered that the SELinux netlink security hook in the Linux
kernel did not validate messages in some situations. A privileged attacker
could use this to bypass SELinux netlink restrictions. (CVE-2020-10751)

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 18.04 LTS
    linux-image-4.15.0-1045-oracle - 4.15.0-1045.49
    linux-image-4.15.0-106-generic - 4.15.0-106.107
    linux-image-4.15.0-106-generic-lpae - 4.15.0-106.107
    linux-image-4.15.0-106-lowlatency - 4.15.0-106.107
    linux-image-4.15.0-1063-gke - 4.15.0-1063.66
    linux-image-4.15.0-1063-raspi2 - 4.15.0-1063.67
    linux-image-4.15.0-1067-kvm - 4.15.0-1067.68
    linux-image-4.15.0-1073-aws - 4.15.0-1073.77
    linux-image-4.15.0-1080-snapdragon - 4.15.0-1080.87
    linux-image-4.15.0-1087-oem - 4.15.0-1087.97
    linux-image-4.15.0-1089-azure - 4.15.0-1089.99
    linux-image-aws-lts-18.04 - 4.15.0.1073.76
    linux-image-azure-lts-18.04 - 4.15.0.1089.60
    linux-image-generic - 4.15.0.106.94
    linux-image-generic-lpae - 4.15.0.106.94
    linux-image-gke - 4.15.0.1063.65
    linux-image-gke-4.15 - 4.15.0.1063.65
    linux-image-kvm - 4.15.0.1067.63
    linux-image-lowlatency - 4.15.0.106.94
    linux-image-oem - 4.15.0.1087.91
    linux-image-oracle-lts-18.04 - 4.15.0.1045.54
    linux-image-powerpc-e500mc - 4.15.0.106.94
    linux-image-powerpc-smp - 4.15.0.106.94
    linux-image-powerpc64-emb - 4.15.0.106.94
    linux-image-powerpc64-smp - 4.15.0.106.94
    linux-image-raspi2 - 4.15.0.1063.61
    linux-image-snapdragon - 4.15.0.1080.83
    linux-image-virtual - 4.15.0.106.94
Ubuntu 16.04 LTS
    linux-image-4.15.0-1045-oracle - 4.15.0-1045.49~16.04.1
    linux-image-4.15.0-106-generic - 4.15.0-106.107~16.04.1
    linux-image-4.15.0-106-generic-lpae - 4.15.0-106.107~16.04.1
    linux-image-4.15.0-106-lowlatency - 4.15.0-106.107~16.04.1
    linux-image-4.15.0-1073-aws - 4.15.0-1073.77~16.04.1
    linux-image-4.15.0-1077-gcp - 4.15.0-1077.87~16.04.1
    linux-image-4.15.0-1089-azure - 4.15.0-1089.99~16.04.1
    linux-image-aws-hwe - 4.15.0.1073.73
    linux-image-azure - 4.15.0.1089.84
    linux-image-azure-edge - 4.15.0.1089.84
    linux-image-gcp - 4.15.0.1077.79
    linux-image-generic-hwe-16.04 - 4.15.0.106.111
    linux-image-generic-lpae-hwe-16.04 - 4.15.0.106.111
    linux-image-gke - 4.15.0.1077.79
    linux-image-lowlatency-hwe-16.04 - 4.15.0.106.111
    linux-image-oem - 4.15.0.106.111
    linux-image-oracle - 4.15.0.1045.38
    linux-image-virtual-hwe-16.04 - 4.15.0.106.111
Ubuntu 14.04 ESM
    linux-image-4.15.0-1089-azure - 4.15.0-1089.99~14.04.1
    linux-image-azure - 4.15.0.1089.66

To update your system, please follow these instructions: https://
wiki.ubuntu.com/Security/Upgrades .

Please note that the mitigation for CVE-2020-0543 requires a processor
microcode update to be applied, either from your system manufacturer or via the
intel-microcode package. The kernel update for this issue provides the ability
to disable the mitigation and to report vulnerability status.

After a standard system update you need to reboot your computer to make all the
necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given
a new version number, which requires you to recompile and reinstall all third
party kernel modules you might have installed. Unless you manually uninstalled
the standard kernel metapackages (e.g. linux-generic,
linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system
upgrade will automatically perform this as well.

References

  o CVE-2020-0067
  o CVE-2020-0543
  o CVE-2020-10751
  o CVE-2020-12114
  o CVE-2020-12464
  o CVE-2020-1749
  o https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS

- --------------------------------------------------------------------------------

USN-4391-1: Linux kernel vulnerabilities
11 June 2020

linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:

  o Ubuntu 16.04 LTS
  o Ubuntu 14.04 ESM

Summary

Several security issues were fixed in the Linux kernel.

Software Description

  o linux - Linux kernel
  o linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  o linux-kvm - Linux kernel for cloud environments
  o linux-raspi2 - Linux kernel for Raspberry Pi (V7) systems
  o linux-snapdragon - Linux kernel for Qualcomm Snapdragon processors
  o linux-lts-xenial - Linux hardware enablement kernel from Xenial for Trusty

Details

It was discovered that the ext4 file system implementation in the Linux kernel
did not properly handle setxattr operations in some situations. A local
attacker could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2019-19319)

It was discovered that memory contents previously stored in microarchitectural
special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on
Intel client and Xeon E3 processors may be briefly exposed to processes on the
same or different processor cores. A local attacker could use this to expose
sensitive information. (CVE-2020-0543)

Piotr Krysiuk discovered that race conditions existed in the file system
implementation in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash). (CVE-2020-12114)

It was discovered that the USB susbsystem's scatter-gather implementation in
the Linux kernel did not properly take data references in some situations,
leading to a use-after-free. A physically proximate attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2020-12464)

It was discovered that the DesignWare SPI controller driver in the Linux kernel
contained a race condition. A local attacker could possibly use this to cause a
denial of service (system crash). (CVE-2020-12769)

It was discovered that the exit signaling implementation in the Linux kernel
contained an integer overflow. A local attacker could use this to cause a
denial of service (arbitrary application crash). (CVE-2020-12826)

Xiumei Mu discovered that the IPSec implementation in the Linux kernel did not
properly encrypt IPv6 traffic in some situations. An attacker could use this to
expose sensitive information. (CVE-2020-1749)

Dmitry Vyukov discovered that the SELinux netlink security hook in the Linux
kernel did not validate messages in some situations. A privileged attacker
could use this to bypass SELinux netlink restrictions. (CVE-2020-10751)

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 16.04 LTS
    linux-image-4.4.0-1075-kvm - 4.4.0-1075.82
    linux-image-4.4.0-1109-aws - 4.4.0-1109.120
    linux-image-4.4.0-1134-raspi2 - 4.4.0-1134.143
    linux-image-4.4.0-1138-snapdragon - 4.4.0-1138.146
    linux-image-4.4.0-184-generic - 4.4.0-184.214
    linux-image-4.4.0-184-generic-lpae - 4.4.0-184.214
    linux-image-4.4.0-184-lowlatency - 4.4.0-184.214
    linux-image-4.4.0-184-powerpc-e500mc - 4.4.0-184.214
    linux-image-4.4.0-184-powerpc-smp - 4.4.0-184.214
    linux-image-4.4.0-184-powerpc64-emb - 4.4.0-184.214
    linux-image-4.4.0-184-powerpc64-smp - 4.4.0-184.214
    linux-image-aws - 4.4.0.1109.113
    linux-image-generic - 4.4.0.184.190
    linux-image-generic-lpae - 4.4.0.184.190
    linux-image-kvm - 4.4.0.1075.73
    linux-image-lowlatency - 4.4.0.184.190
    linux-image-powerpc-e500mc - 4.4.0.184.190
    linux-image-powerpc-smp - 4.4.0.184.190
    linux-image-powerpc64-emb - 4.4.0.184.190
    linux-image-powerpc64-smp - 4.4.0.184.190
    linux-image-raspi2 - 4.4.0.1134.134
    linux-image-snapdragon - 4.4.0.1138.130
    linux-image-virtual - 4.4.0.184.190
Ubuntu 14.04 ESM
    linux-image-4.4.0-1073-aws - 4.4.0-1073.77
    linux-image-4.4.0-184-generic - 4.4.0-184.214~14.04.1
    linux-image-4.4.0-184-generic-lpae - 4.4.0-184.214~14.04.1
    linux-image-4.4.0-184-lowlatency - 4.4.0-184.214~14.04.1
    linux-image-4.4.0-184-powerpc-e500mc - 4.4.0-184.214~14.04.1
    linux-image-4.4.0-184-powerpc-smp - 4.4.0-184.214~14.04.1
    linux-image-4.4.0-184-powerpc64-emb - 4.4.0-184.214~14.04.1
    linux-image-4.4.0-184-powerpc64-smp - 4.4.0-184.214~14.04.1
    linux-image-aws - 4.4.0.1073.70
    linux-image-generic-lpae-lts-xenial - 4.4.0.184.161
    linux-image-generic-lts-xenial - 4.4.0.184.161
    linux-image-lowlatency-lts-xenial - 4.4.0.184.161
    linux-image-powerpc-e500mc-lts-xenial - 4.4.0.184.161
    linux-image-powerpc-smp-lts-xenial - 4.4.0.184.161
    linux-image-powerpc64-emb-lts-xenial - 4.4.0.184.161
    linux-image-powerpc64-smp-lts-xenial - 4.4.0.184.161
    linux-image-virtual-lts-xenial - 4.4.0.184.161

To update your system, please follow these instructions: https://
wiki.ubuntu.com/Security/Upgrades .

Please note that the mitigation for CVE-2020-0543 requires a processor
microcode update to be applied, either from your system manufacturer or via the
intel-microcode package. The kernel update for this issue provides the ability
to disable the mitigation and to report vulnerability status.

After a standard system update you need to reboot your computer to make all the
necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given
a new version number, which requires you to recompile and reinstall all third
party kernel modules you might have installed. Unless you manually uninstalled
the standard kernel metapackages (e.g. linux-generic,
linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system
upgrade will automatically perform this as well.

References

  o CVE-2019-19319
  o CVE-2020-0543
  o CVE-2020-10751
  o CVE-2020-12114
  o CVE-2020-12464
  o CVE-2020-12769
  o CVE-2020-12826
  o CVE-2020-1749
  o https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS

- --------------------------------------------------------------------------------

USN-4392-1: Linux kernel vulnerabilities
10 June 2020

linux, linux-lts-trusty vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:

  o Ubuntu 14.04 ESM
  o Ubuntu 12.04 ESM

Summary

Several security issues were fixed in the Linux kernel.

Software Description

  o linux - Linux kernel
  o linux-lts-trusty - Linux hardware enablement kernel from Trusty for Precise
    ESM

Details

It was discovered that the Marvell WiFi-Ex Driver in the Linux kernel did not
properly validate status lengths in messages received from an access point,
leading to a buffer overflow. A physically proximate attacker controlling an
access point could use this to construct messages that could possibly result in
arbitrary code execution. (CVE-2020-12654)

It was discovered that memory contents previously stored in microarchitectural
special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on
Intel client and Xeon E3 processors may be briefly exposed to processes on the
same or different processor cores. A local attacker could use this to expose
sensitive information. (CVE-2020-0543)

Piotr Krysiuk discovered that race conditions existed in the file system
implementation in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash). (CVE-2020-12114)

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 14.04 ESM
    linux-image-3.13.0-180-generic - 3.13.0-180.231
    linux-image-3.13.0-180-generic-lpae - 3.13.0-180.231
    linux-image-3.13.0-180-lowlatency - 3.13.0-180.231
    linux-image-3.13.0-180-powerpc-e500 - 3.13.0-180.231
    linux-image-3.13.0-180-powerpc-e500mc - 3.13.0-180.231
    linux-image-3.13.0-180-powerpc-smp - 3.13.0-180.231
    linux-image-3.13.0-180-powerpc64-emb - 3.13.0-180.231
    linux-image-3.13.0-180-powerpc64-smp - 3.13.0-180.231
    linux-image-generic - 3.13.0.180.189
    linux-image-generic-lpae - 3.13.0.180.189
    linux-image-highbank - 3.13.0.180.189
    linux-image-lowlatency - 3.13.0.180.189
    linux-image-omap - 3.13.0.180.189
    linux-image-powerpc-e500 - 3.13.0.180.189
    linux-image-powerpc-e500mc - 3.13.0.180.189
    linux-image-powerpc-smp - 3.13.0.180.189
    linux-image-powerpc64-emb - 3.13.0.180.189
    linux-image-powerpc64-smp - 3.13.0.180.189
    linux-image-server - 3.13.0.180.189
    linux-image-virtual - 3.13.0.180.189
Ubuntu 12.04 ESM
    linux-image-3.13.0-180-generic - 3.13.0-180.231~12.04.1
    linux-image-3.13.0-180-generic-lpae - 3.13.0-180.231~12.04.1
    linux-image-3.13.0-180-lowlatency - 3.13.0-180.231~12.04.1
    linux-image-generic-lpae-lts-trusty - 3.13.0.180.166
    linux-image-generic-lts-trusty - 3.13.0.180.166

To update your system, please follow these instructions: https://
wiki.ubuntu.com/Security/Upgrades .

Please note that the mitigation for CVE-2020-0543 requires a processor
microcode update to be applied, either from your system manufacturer or via the
intel-microcode package. The kernel update for this issue provides the ability
to disable the mitigation and to report vulnerability status.

After a standard system update you need to reboot your computer to make all the
necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given
a new version number, which requires you to recompile and reinstall all third
party kernel modules you might have installed. Unless you manually uninstalled
the standard kernel metapackages (e.g. linux-generic,
linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system
upgrade will automatically perform this as well.

References

  o CVE-2020-0543
  o CVE-2020-12114
  o CVE-2020-12654
  o https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS

- --------------------------------------------------------------------------------

USN-4393-1: Linux kernel vulnerabilities
10 June 2020

linux vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:

  o Ubuntu 12.04 ESM

Summary

Several security issues were fixed in the Linux kernel.

Software Description

  o linux - Linux kernel

Details

It was discovered that the Marvell WiFi-Ex Driver in the Linux kernel did not
properly validate status lengths in messages received from an access point,
leading to a buffer overflow. A physically proximate attacker controlling an
access point could use this to construct messages that could possibly result in
arbitrary code execution. (CVE-2020-12654)

It was discovered that memory contents previously stored in microarchitectural
special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on
Intel client and Xeon E3 processors may be briefly exposed to processes on the
same or different processor cores. A local attacker could use this to expose
sensitive information. (CVE-2020-0543)

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 12.04 ESM
    linux-image-3.2.0-147-generic - 3.2.0-147.194
    linux-image-3.2.0-147-generic-pae - 3.2.0-147.194
    linux-image-3.2.0-147-highbank - 3.2.0-147.194
    linux-image-3.2.0-147-powerpc-smp - 3.2.0-147.194
    linux-image-3.2.0-147-powerpc64-smp - 3.2.0-147.194
    linux-image-3.2.0-147-virtual - 3.2.0-147.194
    linux-image-generic - 3.2.0.147.161
    linux-image-generic-pae - 3.2.0.147.161
    linux-image-highbank - 3.2.0.147.161
    linux-image-powerpc - 3.2.0.147.161
    linux-image-powerpc-smp - 3.2.0.147.161
    linux-image-powerpc64-smp - 3.2.0.147.161
    linux-image-server - 3.2.0.147.161
    linux-image-virtual - 3.2.0.147.161

To update your system, please follow these instructions: https://
wiki.ubuntu.com/Security/Upgrades .

Please note that the mitigation for CVE-2020-0543 requires a processor
microcode update to be applied, either from your system manufacturer or via the
intel-microcode package. The kernel update for this issue provides the ability
to disable the mitigation and to report vulnerability status.

After a standard system update you need to reboot your computer to make all the
necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given
a new version number, which requires you to recompile and reinstall all third
party kernel modules you might have installed. Unless you manually uninstalled
the standard kernel metapackages (e.g. linux-generic,
linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system
upgrade will automatically perform this as well.

References

  o CVE-2020-0543
  o CVE-2020-12654
  o https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXuLZX+NLKJtyKPYoAQgb1g/9FsEgTYLu1BHnJtmgMN0Az8XXk9HCrkHl
A7gW0H0lGshGoCfzlvZurT8MkWJTqLGI0+NgB6MIg5z28O6BmZiMyaZyGBwPt3uH
vYN9gvbvfYc+18WEnpuzeqQlQ0uYf0MKSAs9Dvd5OuSiW2wujQKERlRTISFkkFTC
LHfZ8cKfL23UFugkyrQKeBiokKvNYa7a9QnvrGBufuysml6dIxX5lrv6uCOIi4CX
0BCluP2LA/ytDD0nR5f+E3hfosXk/C/ANkeCAoWzDKhhYy8YvwG3NdmoMrh79Vum
C1ddTsSIsV1YjWjwW0nSsXmoEQCylyINMffEGqUwHJI8TlEInIO4fRV1l35giYj/
3s1I6bgCnX/KtH4G+0ctLPQybubFVvSLGHCpe6VqlQ/Qy8CXwzFSFRVMh4QlaFp3
0rFrkree8rR/xAVZCZo2wSoxC21tZfhN6Psnm8YqjHkF0fKWrr8P1lnNF1oX7C7G
ymWph224bIRdJpiafI61yP5Bznhgr7rPnU/wNX6lzNdFhzUWLhRO/Is+J6F8xvXn
aREhRLasPCeAJmDue6b74Dve4cBD7WDkRxeGZj0DWCruiMyVZG0EOWJF9+a9yx2j
ugq8OVsmIPDySo2MTU4vVjUyjIDTmNKLgGj/ReHVwAbuRxZLPZ3C1AN0P7ulu7Yi
Cq6C8eWciGU=
=Er6b
-----END PGP SIGNATURE-----