Sat. Dec 14th, 2019

Canonical Releases Linux Kernel Security Update for Ubuntu for Mitigating a Series of CPU Vulnerabilities

2 min read

Canonical has released a new set of Linux kernel security updates for all of its supported Ubuntu releases to address the latest Intel CPU vulnerabilities and other important flaws.

As announced a few days ago, Canonical quickly responded to the latest security vulnerabilities affecting Intel’s CPU microarchitecture, so they have now released Linux kernel updates to mitigate these vulnerabilities. Including  CVE-2019-11135CVE-2018-12207CVE-2019-0154,  and  CVE-2019-0155, these vulnerabilities could allow a local attacker to disclose sensitive information or may escalate privileges or cause a denial of service.

Linux kernel updates

In addition to addressing these security issues affecting Intel CPUs, the new Linux kernel security update also addresses what is found in shiftfs, which may allow a local attacker to execute arbitrary code, causing service to be rejected (system crash) or bypassing DAC permissions. Three vulnerabilities (CVE-2019-15791, CVE-2019-15792, and CVE-2019-15793).

At the same time, this update also fixes the buffer overflow ( CVE-2019-16746 ) found in the 802.11 Wi-Fi configuration interface of the Linux kernel and another buffer overflow (CVE ) found in the Realtek Wi-Fi driver. -2019-17666 ).

In addition, the security update also found in the Linux kernel Appletalk, AX25, NFC, ISDN, and IEEE 802.15.4 low-rate wireless network protocol implementation, only affects Ubuntu  19.04, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS system Vulnerabilities, namely CVE-2019-17052CVE-2019-17053CVE-2019-17054CVE-2019-17055, and CVE-2019 -17056, all of which could allow a local attacker to create raw sockets. And fixed bugs found in the Linux kernel Atheros AR6004 USB Wi-Fi device driver ( CVE-2019-15098 ), and CVE-2019-2215 found in the Binder IPC driver implementation.

Canonical urges users to update their systems to the new Linux kernel version above to resolve these issues.

Via: Softpedia